Database Security Policies and Procedures for DMCS 1
Table of Contents
Abstract/Executive Summary
Introduction
Statement of Problem
Significance of Problem
Statement of Purpose
Definitions
Limitations
Delimitations
Literature Review
Introduction
Database security challenges and requirements
Conclusion
Procedures
Time Action Plan
Conclusion
References
Appendix A
Introduction
Part I Security Architecture
Part II Operating System Security Fundamentals
Part III Administration of Users
Part IV Profiles, Passwords, Privileges, and Roles
Part V Database Application Security Models
Part VI Virtual Private Database
Part VII Database Auditing Models
Part VIII Application and Database Activities Auditing
Appendix B
Abstract/Executive Summary
Databases have become a major component of many modern organizations. They store sensitive information, which often is the target of malicious attacks. Attacks have become more targeted toward certain information or organizations, which has made information security a problem that needs to be addressed by every organization. The securing of information needs to be done in accordance with government regulations. With laws that need to be obeyed and new security threats being introduced along with technology advancement, information security becomes a challenge. The Disaster Management Communication System handles confidential and personal information and therefore becomes a target to information security attacks. If not secured, the database is vulnerable and accessible to virtually anybody, which means that clients’ personal information is exposed. This could make the DMCS subject to penalties and fines.
Data encryption combined with proper user administration (assigning roles and passwords) and auditing is a good way of protecting information. The advantage of data encryption is that it protects data while meeting numerous regulations, such as Health Insurance Portability and Accountability Act, Sarbanes-Oxley Act, and Privacy Act of 1974. SQL Server 2008 provides built-in data encryption and key management features, which are utilized for the database security for the Disaster Management Communication System.
Introduction
“Security violations and attacks are increasing globally at an annual average rate of 20%.” (Afyouni, 2005). Today, organizations have more operational functions as well as support functions depending on databases. As databases become the foundation of many companies functionality and as it becomes more vulnerable to various attacks, database security becomes an important matter. Databases often contain confidential information such as customers and employees personal information, which makes securing the database a crucial part of building a reliable system. It is important that databases be properly secured while the right information is still available to the right customer or employee.
There are different types and levels of severity for database attacks. The attacks could be internal, caused byexcessive privileges given to customers and employees, or external such as SQL injection by an attacker. Severity of database attacks depends on how much and what part of the system has been violated.
The U.S. government has issued regulations regarding database security, which companies are to follow. There are standard policies and procedures for securing databases. “All organizations in the public, private, or government sector are therefore required to establish effective computer security policies and procedures either by law, contract, or just plain good business practice” (Peltier, 1991). Utilizing the procedures in accordance with the government regulations is the first step of securing a database. Each database needs to be periodically audited and the security needs to be updated.
For the Disaster Management Communication System, database security is crucial. The database contains confidential and personal information. In order for the system to operate effectively, its database needs to be secured so thatdata loss and attacks do not occur.
Statement of Problem
The Disaster Management Communication System’s database is designed to be remotely accessed by numerous users, and needs to provide accurate and often confidential information. The database contains vulnerable information, which if compromised, could sabotage the system’s operations. The problem is that currently there is no security for the DMCS and keeping the integrity of the database intact becomes an important task. Internal as well as external threats need to be taken into consideration when implementing database security policies and procedures. The Gramm-Leach-Bliley Act (GLBA)requires “all financial institutions to design, implement, and maintain safeguards to protect customer information,”(GLB Compliance - Gramm-Leach Bliley Act, 2006). The Health Insurance Portability and Accountability Act (HIPAA) requires “safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization,”(Health Information Privacy). These are compliance requirements that companies need to follow when implementing the security features.
Significance of Problem
The Disaster Management Communication System is designed to store clients’ personal information such as social security numbers, and addresses; as well as information about available resources from the system, such as vouchers, food, and transportation. “With the constant march toward a paperless business environment, database systems are increasingly being used to hold more and more sensitive information, so they present an increasingly valuable target” (Litchfield, Anley, Heasman, & Grindlay, 2005). If not secured properly, the database becomes vulnerable to attacks, which could lead to several implications. The entire system could become corrupted and/or nonfunctional, data loss can occur, and personal information could be stolen. Improper database security can be considered violation of laws and lead to significant financial loss and lawsuit. Building security into the system keeps it intact and running efficiently,which will benefit the whole community.
Statement of Purpose
This project studies data exploitation, threats, and defense, as well as securing databases in a SQL Server environment specifically. It discusses SQL Server 2008 best security practicesand how to apply them to the Disaster Management Communication System to comply with federal regulations. The final product of the project is a Database Security Policy and Procedure Manual including the installation of the SQL Server 2008 software. The Database Security Policy and Procedure Manual provide detailed instructions and recommendations regarding security features enforced for the server and database of the Disaster Management Communication System. By installing SQL Server 2008 and enabling built-in features, many database security issues are addressed and government regulations met.
Definitions
SQL Structured Query Language
HIPAA Health Insurance Portability and Accountability Act
SOX Sarbanes-Oxley Act
ePHI Electronic Protected Health Information
MSCAPI Microsoft Cryptographic Application Programming Interface
TDE Transparent Data Encryption
EKM Extensible Key Management
PKI Public Key Infrastructure
HSM Hardware Security Modules
EFT Electronic Funds Transfer
DDL Data Definition Language
DML Data Manipulation Language
OLAP Online Analytical Processing
WMI Windows Management Instrumentation
DBMS Database Management System
Limitations
This study is limited to researching SQL Server, therefore findings and conclusions about database security risks and threats might be biased towards SQL Server, the environment in which the Disaster Management Communication System is developed. The results of the research might not completely represent how frequently these threats occur or what their consequences are.
Delimitations
A delimitation of this study is that it only addresses detailed data security procedures specific to SQL Server and not any other database platforms. It is focused on theDisaster Management Communication System project, and implemented according to its specific requirements, and in compliance with government and HIPAA regulations for web access.
Literature Review
Introduction
Databases are widely used in different types of industries and are responsible for storing and managing sensitive information. They are what companies rely on for the proper and effective operation of their business. In order for the databases to be efficient, they need to be secured. Previously, security management used to rely mostly on intrusion detection, firewall, and anti-virus software. Today “attacks are more targeted than before” and there is “an increase in the number of attacks aimed at acquiring specific data or causing damage at specific organizations” (Louvel, 2004). This is why security management today utilizes risk assessment tools, which continuously detect security vulnerabilities and allow companies to take preventive actions. Securing databases is a challenge for companies for several reasons. Databases need to be secured in a way that sensitive information is only available to authorized individuals and at the same time information is readily available to users that need it. Authorization of the personnel to access confidential information could be risky. Internal threats cannot be predicted or avoided but they need to be taken into consideration when granting data access permission. Employees should only have access to information needed to complete their job. Exposure of sensitive information should be kept at a minimum. Another challenge with data security that companies face is the strict government regulations and standards for protecting data. “Some regulations are focused on protection of specific industry information, where others are more concerned with proper disclosure of data loss incidents and general privacy attributes” (Shackleford, 2007).
Database security challenges and requirements
Afyouni (2005) found that the cost of data loss is continuously rising because of various attacks and improper implementation of database security. Information integrity, confidentiality, and availability are the three components of information security. The accessibility and integrity of data need to be protected for the proper operability of any company. Validation and verification controls are used to protect data and to ensure that information has not been tampered with.
In their book, Fernandez Summers, and Wood (1981) summarized that it is important to restrict users of database access, providing them with only what is necessary for their job. Databases have different levels of importance and sensitivity, as well as different ways to be accessed and used, which need to be controlled and monitored in order to guarantee security. The following security policies are discussed: security administration policies (centralized or decentralized control, and ownership versus administration), policies for access-control specification (maximized sharing, open and closed system, name-dependant access control, content-dependant access control, context-dependant control, history-dependant control, and access types), policies for information flow control, and policies for enforcing control.
Peltier (1992) found that establishing responsibility levels and control of employees is the best way to constrain the exposure of data. Security is described as a people problem rather than a technical problem. One of the major database security problems stems from the unnecessary access employees have to data. By classifying information in order to limit its exposure, companies can ensure that controls are enforceable and operational costs are at a minimum. Employee awareness programs or helping employees understand why data security and complying with regulations are important is an initial step toward building security. Peltier (1992)developed security policies and mission statements, created an employee awareness program, and explained how to monitor employee and company compliance, as well as how to meet security laws.
Riccardi (2001) discussed reliability and security in database servers. He mentioned that a secure system is one that generates backups, which along with transaction logs can do a full recovery of databases even from the most catastrophic failures. Database systems need to be designed with the possibility of failures in mind and plans for reactingin the case of failure should be created. Riccardi (2001) listed several kinds of backup strategies: backup and checkpoints, transaction logs, recovery via reprocessing, recovery via roll forward, recovery via rollback, recovery from disk corruption, and automatic recovery. In order for a DBMS to be reliable, it needs to support three types of security: account security for validation of users, access security for protection of database objects, and operating system security for database and file protection.
New hardware and applications enter the market daily introducing new threats and vulnerabilities. Until effective solutions for these new vulnerabilities exist, the vulnerabilities are not published. “This gives users the opportunity to secure and protect their systems” (netVigilance, 2009). History has shown that an intrusion in a system can go completely undetected and if it is ever detected, it is often after information has been corrupted.
Cook (Cook, 2009) described how to shorten the backup time in order to provide better performance of an application. He listed two methods that could be helpful in lessening the backup period: using backup data compression and backing up database to disk, which is not used for storing the database itself or transaction log. Storing to the same disk can affect recoverability in case the disk fails. Cook also explains the three basic backup methods SQL Server offers: full backup, differential backup, and transaction log backup. When selecting a backup method, three factors need to be taken into consideration: how large the data is, how frequently it is changed, and what the nature of the data is. An advantage of SQL Server is that it allows backups while users are active and while transactions are being processed. Cook suggests that it is a good practice to perform full backup when the system is lightly loaded because the backup process requires the use of resources (input/output). SQL Server also offers the option of backing up individual files or groups of files. The author recommends frequent testing of the backups using the Restore Verify only command.
Yuhanna (2009) listed guidelines for developing a database security strategy. He found it was important to understand what the applicable regulatory compliance standards are. The regulatory requirements are to record all databases and classify them into highly sensitive, sensitive, and non-sensitive categories; institute common policies for the databases of each category; incorporate database security within the general security policy of the company; and practice advanced security measures (encryption, auditing, and monitoring). Yuhanna also provided three pillars he considered important in building a database security strategy: building a strong foundation with authentication, authorization, and access control (AAA), classification of databases, and patch management. Taking preventive measures through encryption, masking, change management, and establishing intrusion detection with auditing, monitoring, and vulnerability assessment are key in building a strong database foundation.
Security best practices need to address internal and external threats to database. Risk could be diminished through the following steps: risk first has to be assessed, identified vulnerabilities should be addressed as well, and finally real-time monitoring has to be performed (Sortino, Database Security Standards and Audit Implementation, 2010). According to IBM’s adaptable security solutions, the steps for achieving a desired state of information security include definition of controls, discovering and classifying, enforcing controls, addressing data retention, and lastly monitoring, auditing, and reporting (IBM, 2008).
Natan (2005) listed the basic steps of implementing database security, which include hardening of the environment, patching the database, audit the database, and defining an access policy. Hardening of the database environment is also known as locking down, or "hack-proofing" the database. By hardening the database environment, vulnerabilities from negligent configuration options are removed. Natan stated that this process is based on three major principles: limiting the access to important resources that can be intentionally or unintentionally misused, disabling functions that are not required for the implementation, and limiting the privileges of users. Patching is comprised of fixing or updating existing application or database. Natan revealed that by auditing database access and activity security, issues could be discovered and therefore quickly resolved. He also found that auditing creates a security layer based on prevention. The author concludes that for an effective implementation of database security, a security policy should be defined and implemented first.
“Reaching a desired security posture that can meet business and compliance requirements requires an enterprise-wide approach that directly maps to the business needs of the organization” (IBM, 2008). For reaching desired information security IBM suggests the following steps: define controls, discover and classify, enforce controls, address data retention, and monitor, audit, and report. Defining controls means assessing strength and weaknesses of the existing security system and comparing it with risk assessment results. Any potential exposures should be ranked and then security policies created. Discovering and classifying data involves finding out where data resides and who has access to it, as well as classifying sensitive data, deciding how it is handled and secured according to compliance requirements. It is important to enforce access controls to ensure the authenticity of all users accessing data. Data retention relates to the volume of a company’s data, so that as the volume grows, the requirements for storage must change to meet specific needs. For stored data to be easily located inactive and low-value data should be moved to lower-cost storage resources. This will provide more space for more valuable and used data. The last step of the information security lifecycle is to monitor, audit, and report on information security activities. Monitoring data access ensures that controls are in effect.
Kiely (2006) explained that the encryption features SQL Server supports provide multiple levels of server protection, which is defined as defense in depth. The technical article also reveals that SQL Server supports a range of encryption algorithms and keys and provides secure key management options including the option of having the user managing the keys. Kielyaffirmed that SQL Server supports a reliable encryption key hierarchy used for securing the keys that it manages (symmetric keys, asymmetric keys, and certificates).