Learning Resource

Vulnerability

A vulnerability is a weakness or group of weaknesses that can be exploited, causing a security breach and/or damages to the organization.

Software vulnerabilities are communicated in various ways:

  • by the vendor in security bulletins (online publications)
  • through email alerts from the vendor to company points of contact
  • in hacker forums
  • by the United States Computer Emergency Readiness Team (US-CERT) and other government organizations

Information Systems: Vulnerability to Cyberattack

As technology continues to grow, information systems also change and evolve. Information systems help organizations in different ways—from increasing productivity to reaching out to customers. There are different information systems to address different requirements. The different types of information systems are listed in the table below. Can you distinguish the ones that are more likely to be attacked from the ones that are less likely to be attacked?

Information Systems
Information SystemDefinition

E-commerce system

System for buying and selling products or providing services over the Internet

Knowledge management system

Collection of systems that support the creation, storage, and dissemination of information; the knowledge management system has a repository of well-structured information and a collection of tools that may be used to quickly find answers to posed questions

Enterprise resource planning (ERP) system

System that supports and integrates the various functions within the organization including planning, manufacturing, sales, marketing, and accounting

Intelligent system

System that exhibits intelligence in the sense that it is able to learn behaviors based on past experiences, to adapt to changing environments, and to be consistent in its responses

Transaction processing system

System for managing data transactions of an organization

Office automation system

System that helps optimize and automate office procedures

Customer-relationship management (CRM) system

System that manages the company's client interactions, such as in sales, marketing, and customer service

Collaboration system

System that supports and coordinates collaborative activities such as e-mailing, texting, chatting, and bookmarking

Supply chain management (SCM) system

System that automatically updates inventory values for each item and sends reorder information to the suppliers

Functional-area information system

System for managing different functional areas within an organization

Data mining and visualization system

System that helps derive patterns from data

Management information system (MIS)

System that provides information needed to effectively manage an organization

Geographical information system (GIS)

System that captures, stores, analyzes, and presents data related to a location

Executive information system

System that provides external and internal information relevant to meeting the strategic goals of an organization

Decision support system (DSS)

System that constitutes a set of IS to support the decision-making process

The following systems are more likely to be attacked:

  • e-commerce system
  • ERP
  • transaction processing system
  • CRM
  • SCM
  • data mining and visualization system
  • GIS
  • DSS

The following systems are less likely to be attacked:

  • knowledge management system
  • intelligent system
  • office automation system
  • collaboration system
  • functional-area information system
  • MIS
  • executive information system

Remember, if a company's network is attacked and penetrated (even via a website), then all internal information systems may be accessible to the hacker or other type of attacker.

Modern Information Systems

The Challenges of Securing Modern Information Systems

Today's hybrid networks comprise a combination of wired and wireless networks that connect tens to thousands of computers running several different operating systems. Each kind of computer, operating system, device, and network has its share of security vulnerabilities, and securing the network poses several challenges for the IT security team. You will learn more about these challenges and how to overcome them as you progress through this program. However, here's a brief overview of potential security issues.

  • Diverse Systems: As discussed, hybrid networks are flexible in terms of connectivity and the types of devices they support. For example, many organizational networks support a variety of computer systems, such as PCs, laptops, and mobile devices. These systems run different types of operating systems, such as Windows, Linux, UNIX, MacOS, and mobile operating systems. Some organizations have a virtual private network (VPN), which enables employees to securely access their intranet from outside the network.
    Organizations are also working on improving the efficiency and availability of IT resources and a variety of applications through the use of virtual machines. Multiple virtual machines may run on one physical machine. A virtual Linux machine, for example, may run on a Windows machine. VMware and Xen are some examples of virtualization software that can be used to create virtual machines. All computer systems and operating systems have inherent vulnerabilities that need to be managed.
  • Email and Text Messaging: Email and text messaging are popular communication tools for business and social purposes. You share documents, presentations, and other types of files with your colleagues, vendors, customers, and friends. This makes email an attractive tool for cybercriminals, who use it to infect computers with viruses and Trojans and to run phishing scams.
  • Wireless Networks and Mobile Phones: Many organizational networks today support wireless connectivity and remote log-ons. Hackers may piggyback on available unsecured network connections in a densely populated area and send spam, download files from the internet, and even hack into databases and steal confidential data. Using mobile phones or smartphones to access information via wireless technology might pose similar security challenges.
  • Social Networks: Organizations often use social networks for recruitment and publicity campaigns. Consequently, many organizations allow employees to access social networking sites. However, it might not be such a good idea from the perspective of network security. There have been cases of Facebook and Twitter accounts being hijacked and usernames and passwords being sold to "underground" networks. Hackers then use the compromised accounts to run phishing scams. Safeguarding the network from the vulnerabilities prevalent in social networks is a new and growing challenge in the field of cybersecurity.

Vulnerabilities of TCP/IP

The TCP/IP suite protocols have inherent vulnerabilities. Hackers exploit these vulnerabilities to attack networks. Some common types of attacks on TCP/IP include sniffing, session hijacking, IP address spoofing, and denial of service (DoS).

Each type of attack is explained below.

  • Sniffing: In this type of attack, the attacker uses a packet sniffer such as Wireshark or Kismet to intercept and analyze the data packets sent between the sender and receiver. This action occurs without the knowledge of either the sender or the receiver. Many network applications transmit data packets as clear text; therefore, attackers may be able to collect sensitive information such as user account names and passwords using this technique. Sniffing is a data-link layer attack because the attacker operates at the data-link layer of the network.
  • Session Hijacking: Session hijacking is an active version of sniffing. In this type of attack, the attacker intercepts network traffic and obtains the initial sequence number (ISN) of the communication. The ISN is the sequence number of the first packet of data being communicated and tells the attacker how many packets are being transmitted. The attacker also obtains the IP address of the sender from the packet. The attacker then impersonates the sender and communicates with the receiver. The attacker may tamper with the data received from the sender before passing it on to the receiver. For example, an attacker may collect a confidential document, falsify it, and retransmit it to the receiver, who accepts it at face value. Session hijacking is a transport layer attack.
  • IP Address Spoofing: In this type of attack, the attacker sniffs network traffic to identify the pattern of legitimate IP addresses for that particular network. The attacker then forges the IP address in the packet headers. If the network uses the IP address to authenticate the user, the attacker is able to gain access to the network through the packet with the forged IP address. The attacker can then send malicious packets to the network. For example, an attacker may introduce a Trojan or keylogging application to the network after gaining access to it. IP address spoofing is a network layer attack.
  • Denial of Service: Using DoS, the attacker can make a critical service or resource unavailable to legitimate users on the network. For example, an email server can be rendered useless by the sending of hundreds of email messages with large attachments. The email server will eventually crash under the load and become unavailable to legitimate users. Similarly, an attacker can flood a server with TCP requests and cause it to stop functioning normally. Attackers may also distribute the attack—by deploying several hundreds or thousands of clients. In this situation, the attack is referred to as a distributed DoS (DDoS) attack. DoS is a transport layer attack.

Network Security - Vulnerabilities of LANs, WANs, and MANs

Consider a typical office setup and its information system needs. You might find common security vulnerabilities such as unattended computers, a centrally located printer, access to gaming websites, discarded CDs, and data sharing. Read about these common vulnerabilities below.

  • Unattended Computers: Leaving computers unattended is the biggest risk to network security. Easy access to computers and other devices means that the LAN (local area network) can be compromised. All desktops should be locked when not in use.
  • Centrally Located Printer: A centrally located printer is not a major vulnerability as long as data is not compromised. Do not leave important documents lying around the printer, and print documents only when needed.
  • Access to Gaming Websites: This could pose a serious threat to the LAN, as any material downloaded from the internet can contain viruses or worms. Access to online games, movies, and songs should be restricted. All files that are downloaded from the internet should be scanned for malware prior to being downloaded.
  • Discarded CDs: Employees must ensure that confidential data is deleted before disposing of data and physically destroying computer media. Controls must be implemented for safeguarding confidential data.
  • Data Sharing: Remote log-ons allow access to applications and data on the other computers in the network. Remote access to computers on the network must be restricted and password-protected. The LAN connects networks, servers, workstations, printers, and storage devices and allows users to share functionalities and resources. Therefore, it is important that the confidentiality and integrity of the information is maintained. This can be achieved with the implementation of policies and procedures and the creation of awareness among employees. WANs (wide area networks) and MANs (metropolitan area networks), which are combinations of LANs, are exposed to the same vulnerabilities as LANs.

Network Security - Vulnerabilities of WLANs

Like their wired LAN counterparts, WLANs (wireless LANs) are prone to security vulnerabilities. In fact, a WLAN is more susceptible to attacks because it includes both the organization's internal network and the general public network segments. An open WLAN, which does not require users to authenticate themselves with a user name and password, is a security issue and a breach waiting to happen. WLANs are also susceptible to attacks such as:

  • Traffic Analysis: Traffic analysis helps determine the load on a wireless network. This type of analysis gathers information about the frequency and timing of network packets in transit. The attacker can identify the websites being visited and read messages that are sent on the network. The attacker can then alter the message in transit or send the message to multiple users.
  • Eavesdropping: Sometimes referred to as sniffing, eavesdropping involves capturing packets and reading the data content to find sensitive information. There are two types of eavesdropping: passive and active. In passive eavesdropping, the attacker can use the information gathered to attack the network. In active eavesdropping, the attacker not only monitors the wireless sessions but also tries to determine the contents of the message. For example, if a user is trying to contact a bank, the attacker can trick the user into believing that user is communicating with the bank.
  • Brute-Force Attacks Against Access Point SSIDs: An access point uses a single password for all wireless clients. In a brute-force attack, the attacker methodically tests combinations of passwords to gain entry to the access points.
  • Renegade Access Points: Sometimes, employers may be unaware that their employees have deployed wireless capabilities on the company's network. This may lead to unauthorized attacks. In addition, attackers may also set up rogue access points to gain access to the network via the WLAN.
  • Masquerading Attacks: In a masquerading attack, an illegitimate user poses as a legitimate user to gain access to confidential information.

Threats Originating From Cyberspace

Corporate websites and portals, extranets for vendors, and e-commerce sites are just a few tools with which organizations harness the benefits of the internet.

With the rise in cybercrime, it is critical for organizations with an internet presence to build a robust security infrastructure to safeguard their IT resources from threats. Contrary to popular belief, not all threats originate from the outside. Threats can and do originate from within the organization itself—in such cases, the internet is a useful tool for the attack.

Below, read about an external and an internal threat to Cypher X, a fictional company.

Cypher X: Security Lapses?

Andy Parker is a systems administrator at Cypher X, a computer hardware manufacturing company. The company’s headquarters and research and development center are located in Austin, Texas. Cypher X has several manufacturing plants, sales offices, and suppliers located in the United States, Brazil, Germany, South Korea, and Malaysia.

Today, Andy Parker is visiting a sales office in Dallas. During his visit, he observes some lapses that could lead to IT security incidents.

Incident A

Andy Parker notices an unlocked workstation with a yellow sticky note on the monitor. The note says,

Out for lunch, Back by 1:30 p.m. Call me @ 555-455-8865 in case of emergency Sonya

Andy: Oh, Sonya’s out for lunch. I’ll come back after I’ve met with the others. Hmm, Sonya’s forgotten to lock her desktop. She’s also left some files open. Anyone could access this information. Actually, anyone could access the company’s network using her computer, leaving her ID as the only trail. I must remember to warn her about this.

Incident B

Andy Parker then notices an employee playing games on a website.

Andy: Ah, there’s John, the new hardware engineer. Is he playing soccer on a website? I don’t believe this! I wonder if everyone has unrestricted access to the internet and gaming sites. Andy decides to talk to John.

Andy: Hi John, how are you?

John: Hey! Okay so far, but I will be better as soon as I win this game!

Andy: Ah, soccer! So, does everyone have access to gaming websites?

John: Well, I know everyone in the IT department has unrestricted internet access. Don’t know about other departments, though. Oh yes, I’ve seen Sam from the finance department playing games online a couple of times. So, maybe a select few users do have unrestricted access.

Andy: Hmm, I see. Unrestricted access to the internet can result in computers being infected by viruses or malware, you know—especially from gaming websites.

Incident C

Next, Andy Parker sees another employee working with shared folders on a network.

Andy: There’s Alan. He seems to be busy looking at some data over the network. Let me chat with him for a bit.

Andy: Hey Alan, how are you today?

Alan: Great, Andy. Good to see you again.

Andy: Thanks. So, looks like you’re having a busy day.

Alan: No, not really. I’m just updating the project tracker on my boss’s laptop. I was working late last night from home to meet a deadline.

Andy: He’s shared his files?

Alan: Yeah.

Andy: And how do you transfer files to your home computer?

Alan: I mostly use the office email system. Access to thumb drives is restricted.

Andy: I see. Must be difficult to transfer big files, huh?

Alan: Oh, we have a secure FTP site in place to exchange large-size files.

Andy: That’s good. Ah, there’s Sonya. Let me catch her before she gets busy. I’ll see you later, Alan.

External Threat

Last year, there was an increase in targeted attacks on large companies. CypherX was the target of one such attack.

  • The attackers gathered information about CypherX from its corporate website. They also visited social networking websites to gather information about specific employees.
  • Those employees later received carefully worded phishing email messages containing the Hydraq Trojan, which installed itself on the employees' machines by exploiting vulnerabilities in a commonly used web browser.
  • The Trojan—like all Trojans, a malicious program that appears to be legitimate—installed a keystroke logger on each machine, which enabled the attackers to gain remote access to the infected computers.
  • Eventually, the attackers were able to gain access to CypherX's LAN. Fortunately, Cypher X's intrusion detection system (IDS) alerted the IT team in time.

Internal Threat

Cypher X also faced a couple of internal threats, one of which is described below.

  • Sam Moore, a CypherX accountant, was transferred to Torrington, Connecticut. Although small, the Torrington office handles sensitive and confidential data related to CypherX's research and development efforts. Upset at being "banished" to a small town, Sam decided to get back at CypherX by selling some of this data.
  • Sam got in touch with a friend who works for CypherX's competitor. They made a deal.
  • Sam uploaded design documents for the new range of laptops CypherX was developing to an online storage site on the internet. In return, the payment for the designs was transferred electronically to Sam's bank account.
  • A few weeks later, CypherX's competitor released a series of advertisements about its new range of laptops that looked suspiciously similar to CypherX's own!

Internal Threats

Most network intrusion detection systems, firewalls, and proxy servers are configured to keep intruders out of an organization's IT systems. What happens if the intruder is already inside the network, for example, working as an employee or a contractor?

The 2010 CyberSecurity Watch survey found that 51 percent of respondents who experienced a cybersecurity incident were victims of an insider attack. Insider attacks very often involve confidential data, intellectual property, or trade secrets. Consequently, they are more damaging and costly than external attacks (CSO et al., 2010).

Cypher X's Andy Parker and his team recently conducted a security vulnerability test and have broken down the vulnerabilities into categories.

Types of Vulnerabilities
VulnerabilitySummary and Recommendation

Weak/Missing Passwords

Summary of finding: Despite the detailed password policy, 11 percent of the security vulnerabilities across the various offices stem from weak passwords among the employees and contractors.

Why the finding matters: Passwords that contain only letters or numbers are easy to uncover via password-cracking tools that use brute force; these tools try every possible combination of keystrokes until the right combination is found.

Recommendation: Enforce the password policy electronically.

Operating System or Application

Summary of finding: Overall, 22 percent of the security vulnerabilities come from the use of software with open vulnerabilities that can be exploited. Special alert: none of the computers located in the Buenos Aires, Argentina, office had the latest Windows security patches installed.

Why the finding matters: When operating systems and software applications such as browsers have known vulnerabilities that hackers can exploit, hackers use these holes to breach networks and individual computers.

Recommendation: Install the latest security updates on all machines. Automate this process if possible.

Human Factors

Summary of finding: The latest employee satisfaction survey found that:

  • 5 percent of security vulnerabilities stem from a lack of awareness among employees of the confidentiality clause in their contract
  • 12 percent stem from a lack of awareness of information security policies among employees
  • 15 percent stem from employee unhappiness with the working conditions at Cypher X
  • 12 percent stem from the receipt of warnings for unacceptable behavior

Why the finding matters: Employees who are unfamiliar with security policies or confidentiality clauses are soft targets for phishing and social engineering scams and may unknowingly reveal sensitive information to outsiders. Disgruntled employees are more likely to misuse or sell information for personal gain.

Recommendation: Conduct regular training and awareness programs about IT security. Conduct a thorough background check of prospective candidates. Conduct regular audits of computer and network activity to identify potential issues.

Other

Summary of finding: Finally, the survey found that 23 percent of the vulnerabilities exist because of the susceptibility of computers to attack due to miscellaneous factors such as unlocked workstations, shared local folders with full access granted to all users, and copies of pirated games, music, and movie clips.

Why the finding matters: Unlocked workstations and shared folders on the network are easy targets for attackers who want to gain access to the network. Pirated content can contain malware that can infect the entire network. In addition, downloading and storing pirated content is a crime in many countries.

Recommendation: Update the IT security policy and the acceptable use policy for shared folders. Mandate password-protected screensavers on all computers. Configure the firewall to block websites that allow users to download pirated content and peer-to-peer file-sharing sites. Educate employees on piracy.

Sources of External Intrusions

Internet-based intrusions are not limited to hackers alone. Nor are attacks restricted to individuals and organizations. The internet allows malicious groups such as terrorist organizations, enemy nation-states, and organized crime groups to carry out attacks. The main sources of internet-based intrusions include:

  • Hackers: Hackers are the original cybercriminals. Hackers gain unauthorized access to individual computers or networks to steal information such as passwords, credit card and bank account numbers, and anything else they can get. Hackers may use the stolen information themselves—to empty a bank account, for example—or barter it on an underground network.
  • Industrial Espionage: Cybercriminals have found innovative ways to elicit trade secrets from unsuspecting employees. A virus might masquerade as an email attachment from your colleagues or as a link on your organization's internal website about a new HR policy. Clicking the attachment or link installs a virus on the computer, which then spreads across the network, grabs whatever information it can, and sends it back to the attacker's computer.
  • Organized Crime Groups: Criminals and organized crime groups use the internet to launder money. In some cases, they hire candidates who respond to ads for work-from-home opportunities and then use them as "money mules"—people who, knowingly or unknowingly, transfer stolen funds from one country to another.
  • Employees: Employees, both current and former, might use the internet to smuggle information in and out of the organization. In general, insider attacks are more damaging and take longer to detect than intrusions by external hackers.
  • Terrorist Organizations: Terrorist organizations have already been using the internet to organize real-world attacks, recruit followers, and raise money. However, governments also fear that terrorist organizations might launch online attacks against critical infrastructures.
  • Enemy Nation-States: Some countries are suspected to have launched cyberattacks on enemy nations. Recent examples of attacks include an attack on Estonian government computers by Russian government hackers, and cyberattacks on the US Department of Defense and the White House originating from Russia and China.

Database Security Vulnerabilities 

Database Security Pillars

A comprehensive database security strategy is based on three pillars.

  • Pillar 1: A strong foundation with authentication, authorization, and access control, discovery and classification, and patch management
  • Pillar 2: Preventive measures with encryption, data masking, and change management
  • Pillar 3: Intrusion detection with auditing, monitoring, and vulnerability assessment

Database Access Control

Security settings can provide restricted access to data as needed based on a database schema. A database schema can be designed to allow or deny users access to tables and views or to execute system privileges. A three-level database schema incorporating a security approach has proven effective by establishing permissions based on user roles (Oracle, n.d.).

Database Schema Administration

When users do not need to access the database or only need to access specific applications, a shared three-level schema can limit the damage that can be done. A three-level schema includes the description of data at the physical, conceptual, and external layer.

Ownership-Based Administration

The owner of the table can apply security settings to grant or deny access to data by implementing a three-level schema security mode, one that establishes permissions at a granular level.

Access Control Administration

The owner of the database is provided the capability of granting and revoking privileges by applying access rules.

Database access control has proven to be an effective security strategy. Any of the traditional access control methods can be further improved by placing more granular controls in place. Limiting access by role, schema, table—or by column, row or field within a table—can minimize the likelihood that data will be compromised.

Inference

An inference attack involves gaining unauthorized access to restricted data through the combination of database manipulation, logic application, and statistical analysis (Goodrich & Tamassia, 2011; Hylkema, 2009).

Inference Basics

Step 1
Administrator and subordinate query a classified database.

Image shows three databases, two unclassified and one classified. The administrator and subordinate each run a query on the classified database. The subordinate 's access is unauthorized.

Step 2
Administrator receives the information, but the subordinate is denied.

Image shows three databases, two unclassified and one classified. The administrator and subordinate each run a query on the classified database. The administrator receives results from the query, the subordinate does not.

Step 3
Subordinate queries two unclassified databases.

Image shows three databases, two unclassified and one classified. The subordinate runs a query on each of the two unclassified databases.

Step 4
Subordinate receives the information from the unclassified databases.

Image shows three databases, two unclassified and one classified. The subordinate runs a query on each of the two classified databases and receives results from the queries.

Example of Inference

Step 1
In this example, a corporate database with personnel records is accessible in a sanitized form to employees. Employee details contained in the database are restricted to administrators. Names and salary information are strictly confidential, and subordinates are denied access to this information (Shieh & Juang, n.d.)

Image shows a database housing the following data: Employee name, gender, position, department, years of employment and salary, which the user is not authorized to access.

Step 2
The company, attempting to improve retention among its employees, publicized their years of service and publicly posts congratulatory messages to its internal website when an employee completes the first year of employment and every five years thereafter. An internal report shows the average salary for each department based on service time. Company reports also show only one person was hired in any department in a given year. Even though subordinates cannot access another employee's salary, aggregate values are accessible. The average salary of employees based on years with the company can be accessed from the database.

Image shows the user query to a database housing department, years of employment, and salary with the query result being the average salary.

Step 3
Jesse wants to access information about Roy's salary. He knows Roy is the only HR assistant manager with five years of service.

Image shows a table with name, gender, position, department, city, and salary.

Step 4
If Jesse creates a query requesting the average salary of HR managers with five years of service, he can derive Roy's salary. This technique is an example of inference.

Image shows the user query to a database housing position. department, city, and salary with the query result being the average salary.

Inference Countermeasures

Step 1
Inference deterrence, as part of standard database design best practice, can prevent security breaches. When determining how to prevent inference attacks, it is essential to consider what method is best suited for a particular situation.

Image shows 3 data tables with varying data entities. One table has name, gender, and position. Another table has name, position, and department. The final table has position, city, and salary.

Step 2
There are multiple approaches to protect against an inference attack, including suppression, generalization, and random data perturbation (RDP).

Suppression

Suppression aims to remove or suppress information that could be used in an inference attack and would not be suitable for the current example. Alternatively, the company could either refrain from commemorating employment milestones or not publish the salary information.

Generalization

Generalization makes values less specific or general, thus making it more difficult to reliably make inferences. Generalization would be a more acceptable method to mitigate inference attacks for the present situation. It could be used to provide less specific details, such as the fact that an assistant HR administrator with the company for zero to five years makes an average of $50,000 to $58,000.

RDP

Random data perturbation, or noise addition, alters values subtly, while ensuring that the overall average of values remains accurate. RDP would not be suitable for the current example because it would not instill trust or confidence in employees if celebrating employment milestones at the wrong time or listing inaccurate salaries for years of service (Goodrich & Tamassia, 2011; Hylkema, 2009).

Step 3
Consider a database containing personnel information, including the names, years of service, and salaries of employees. In this example, the employee's name, years of service, and salary information data is available to a subordinate role, but the association of names and salaries is restricted to a supervisor role, such as administrator.

Image shows a secure database for personnel information containing name, gender, city, and salary.

Step 4
In this example, the employee’s name, years of service, and salary information data is available to a subordinate role, but the association of names and salaries is restricted to a supervisor role, such as administrator.

Image shows a clerk with access to four sets of independent data entities, name, gender, city, and salary and an administrator with access to the relational data of the same four data entities.

Step 5
By incorporating separation of duties as an integral aspect of database design, multiple tables can be created to restrict the level of access based on a user's assigned role.

Here, the subordinate is restricted to the Employee table and Salary table, but the Employee-Salary table is only available to the administrator role.

Image shows clerks with access to two separate databases, one with name and gender, another with gender and salary. It also shows administrators with access to a database with name and salary.

Step 6
If a new attribute, such as employee join date, is added to the Salaries table, the database is susceptible to inference attack. An employee's join date is an easily observable or discoverable attribute.

Image shows a clerk with access to a database with name, salary, and join date.

Step 7
A user assigned a subordinate role could infer another employee's salary by the inclusion of start date data. Recall that the company posts congratulatory messages to its internal website when an employee completes the first year of employment and every five years thereafter. This will compromise the relationship between employee and salary. Therefore, the employee join date should be restricted and instead included in the Employees table.

Image shows a clerk with access to a database with name, gender, and join date.

Database Encryption

Encryption is critically important to maintain the integrity of the database content, as well as confidentiality. Encryption ensures data security in transit and data security at rest, and end-to-end encryption can prevent data breaches from internal attacks. With data encryption, controls at the source of the data are maintained at a central point (Baccam, 2009).

What Is Database Encryption?

There are multiple levels of encryption that can be applied within the database hierarchy. This extends from encrypting the entire database down to the attribute level, record level, or even more granular down to an individual field (Lane, 2009b).

  • database-level encryption
  • record-level encryption
  • attribute-level encryption
  • individual field-level encryption

How Are Databases Encrypted?

The various ways in which databases can be encrypted are listed below.

  • Encrypt the entire database.
  • Encrypt each individual item in the database.
  • Encrypt each record in the database as a block.

Encryption of the entire database, known as transparent or external data encryption (TDE), is provided by native encryption functions within the database engine. TDE is invisible to applications and users that use that data and, therefore, is known as a "transparent" database encryption. Also, changes to application logic of TDE are not needed.

Encryption of specific columns, tables, or even data elements within the database is known as user or data encryption. It is referred to as a "user" encryption as objects being encrypted are owned and managed on a per-user basis (Lane, 2009a).

Table-Level Encryption

Table-level encryption is where the contents of a table or group of tables are encrypted as one element. This protects the data within the table, and is an option when more than one column in the table contains sensitive information. While it does not offer fine-grained access control to specific elements, it is a more efficient option than column encryption when multiple columns contain sensitive data, and requires fewer application and query modification (Lane, 2009b).

Row-Level Encryption

Row-level encryption is where a single row in a table is encrypted, and field- or cell-level encryption is where individual data elements within a database table are encrypted. They offer fine-grained control over data access, but can result in management and performance challenges. There might be one key used for all elements or a key for each row. The performance challenges can be a limitation when selecting or modifying multiple rows (Lane, 2009b).

Column-Level Encryption

Column-level encryption applies to all data in a single column in a table. This column is encrypted using a single key that supports one or more users. New queries to examine or modify encrypted columns must have the correct database privileges but also must provide credentials to access the encryption/decryption key. That can be as simple as passing a different user ID and password to the key manager, or as complicated as a full cryptographic certificate exchange. By asking the database to encrypt all data in a column, you focus on specific data to protect.

Column-level encryption is popular with PCI-DSS compliance because it restricts access to a small group, but the downside is that the column is encrypted as a whole, so every modification requires the whole column to be reencrypted and certified. This option is common in relational database platforms but has the poorest performance (Lane, 2009b).

References

Baccam, T. (2009). Making database security an IT security priority. http://www.sans.org/reading_room/analysts_program/Oracle_Nov09.pdf

CSO, US Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Deloitte. (2010). CyberSecurity watch survey. CSO website. 

Goodrich, M. T., & Tamassia, R. (2011). Introduction to computer security. Pearson Education.

Hylkema, M. (2009). A survey of database inference attack prevention methods. http://met-research.bu.edu/met-ert/Internal%20Documentation/Inference%20Research/Michael_Hylkema_Research_Paper.pd

Lane, A. (2009a, June 4). Introduction to database encryption – the reboot! [Blog post]. Available under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States license. https://securosis.com/tag/database+encryption

Lane, A. (2009b, May 14). Database encryption: Option 2, enforcing separation of duties [Blog post]. Available under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States license.  https://securosis.com/blog/database-encryption-option-2-enforcing-separation-of-duties

Oracle. (n.d.). Introducing database security for application developers.  http://docs.oracle.com/cd/B12037_01/network.101/b10773/apdvntro.htm

Oracle. (n.d.). Security, roles, and privileges. http://ss64.com/ora/syntax-secure.html

Shieh, S-P., Lin, C-T., & Juang, Y-S. (n.d.). Controlling inference and information flows in secure databases. http://dsns.csie.nctu.edu.tw/ssp/Meeting/37.Controlling%20Inference%20and%20Information%20Flows%20in%20Secure%20Databases.pdf