🅾️The dangers and challenges of cyber and malicious attacks on databases and preferred decisions and solutions
Alireza Kamrani
11/26/2024
In this day and age, securing data and ensuring the right choice of monitoring and detecting tools at all layers, from the network to the infrastructure, has become much more colorful than before, and all organizations are concerned about which policy, tool, and configuration can be the right choice for them. In this regard, the challenges of choosing the right and trusted tool have become a problem for some organizations. In order to ease the mind of what to do to stay safe, sometimes maximum pressure on technical personnel can only be the result of hasty choices.
In this discussion, I want to take a look at these security challenges with a focus on securing the database layer, and my intention is to help organizations that are struggling with these challenges and are suddenly changing security policies on their platform and business.
A few years ago, it was believed that software installed on Linux did not need antivirus, because at that time (at least 10 years ago) the number of users who had serious services and end products on Linux was not as widespread as it is today, and most attacks were seen on the Windows operating system. However, in recent years, with the progress and development of the Linux operating system, and the improvements it brought in providing application and database services, this popular operating system has gained a higher usage rate and the number of Linux expert users has actually increased. With the expansion of DevOps, this number reached its highest level of popularity and reached its limit with the development of cloud platforms, which has led to the Linux operating system becoming attractive to hackers and attacks on various Linux distributions.
Well, the feeling of being informed, as an executive or technical manager, that your system has been hacked and part of your data has fallen into the hands of hackers is not pleasant to anyone, and with the recent events that we have witnessed for some important companies in the financial, banking, and infrastructure industries, it is natural that there will be a public determination to solve this problem and find a solution that can prevent data from leaking in any way.
Hacking organizations has been happening for a long time, and I will not discuss what makes hackers attractive in this category.
Well, let's get to the point, which is the challenges and solutions for securing databases, and especially the Oracle database, which plays an important role in mega projects and large infrastructures.
Musts:
In the first step, there are a series of standard security protocols that are generally musts, such as the machine on which the database is installed must be protected in a separate zone in the network and must not have internet access,
Second:
Access levels on the operating system and existing users must be reviewed and the minimum necessary access granted,
The whole issue of connecting to the database should not be direct and a combined tool and interface such as the OLDAP protocol with the ability to log all logins should be used, in the case of Oracle, using Centrally managed Users
or CMU can create order and integrity in controlling the creation and integrated management of users on the database, but it does not provide security alone, older tools such as Oracle Oud, Oid are no longer supported with the advent of new versions of Oracle.
Although these products are successful in centralizing the creation and management of database users, the complexities of installation and maintenance, accessibility and load balancing concerns in them have caused them to be used in small quantities, and some of them depend on Microsoft's Active Directory, which itself poses a high security challenge.
Third:
Apart from the importance of hardware firewalls, which are one of the most important obligations in networks, the use of software firewalls is also very useful in detecting and blocking logins and table crawl operations in the database. For example, FortiDB products were mandatory for all PSPs several years ago, but later became obsolete, or for example, implementing Oracle Database Firewall, which is a software product that has been unveiled and supported by Oracle for many years, which has the ability to block suspicious requests based on created roles, or it can only be in logging mode to monitor logins, logins, exits, and operations performed by the user, and report reports based on created roles.
Fourth:
The next solution could be to secure clients for accessing the database, meaning that security focuses on network access and connects anyone who acts as a database support and database administrator to the database through a middleware or software interface, for example, using virtual desktops and restricting software installation on the server and client that accesses the database.
Fifth:
Keeping the operating system and database version up to date:
Updating the kernel and updating Linux packages may seem attractive and hassle-free even with automation tools, but when it comes to installing an Oracle database on a Linux operating system, limitations are revealed.
The first requirement in keeping operating systems up to date is to ensure that there are no performance and functional problems with the products installed on it. Therefore, this process must be carefully reviewed and tested in a test environment before updating or applying security patches.
The next limitation is on updating the Oracle software itself or any other relational database. Usually, large organizations do not have the ability to move in parallel with the birth of new versions and migration to more recent versions due to the large number of projects and lack of human resources. Even if there is sufficient human resources, sometimes obstacles such as the weakness of applications and their lack of functional compatibility with new versions of the operating system or database contradict each other.
And finally, database migration in large organizations that serve a large amount of data is itself a heavy project, and therefore, an Oracle product may be used for years without even thinking about applying security patches, let alone changing major database versions.
What has been mentioned so far was a summary of the must-haves in increasing security in the database area.
Well, it is clear that with these few main techniques, we can reach the basic level of security, which means focusing on existing access and closing the ways that can take data out of our organization, and regular and periodic management and updates.
Impacts, challenges and security decisions for technical forces:
When we talk about securing at the level of database managers and administrators, we must follow one rule, Database managers in any organization are considered to be among the people who have maximum access and restricting them with methods such as Audit Vault cannot help increase security.
I think the idea of restricting database administrators is a wrong idea at all, because there are still ways to bypass this limitations.
I think the database administrator account should be separated from the end users and we should not face this challenge of transparency.
Perhaps you say what happens if that specialist who has all kinds of access suddenly removes data from the organization for any reason? Well, this possibility exists at all levels for management layers, even the human resources manager who, for example, can and has the possibility of giving sensitive data of all employees to another company.
Generally, when there is a security concern, a series of new policies are adopted that will definitely affect the way technical forces work and make it difficult for them to work. For example, usually the first step is to remove remote access and a technical expert must be present to fix problems and any administrative work must be referred.
With these strategies, working in an operational environment becomes a little difficult for technical forces, but with the understanding that these are among the basic security requirements, it eventually becomes a habit and there is no need to worry, unless the decisions are very sudden and an emergency situation has occurred, in which case any management decision is possible.
Impact of security challenges and decisions on quality of service:
It is clear that any level of security guidelines may eventually cause slowdowns at a specific layer, from technical tasks and time and methods of connecting to the database to time constraints on database connections on technical forces that cause us to go through several stages to connect to the database for a certain time,
Well, this has a number of drawbacks in the first step
For example, the database administrator may no longer be interested in proactive operations and investigating database problems at a deeper layer and digging into the database to find performance problems compared to before, or these proactive activities may be reduced, due to certain intervals in connecting to the database and passing through seven readers to reach the database, while the high rate of changes at the layer. Large databases generally require a high time and interruption in the middle of technical operations itself adds to the difficulty of the work.
And after a while, technical people may only be satisfied with errors and alarms that slow down the system or cause some accidents. (I have seen this from experience)
So in security decisions, over time, with targeted planning, standards, and finally strategies should gradually spread to the body and various technical layers. Hasty actions always cause problems for technical colleagues and even affect the quality of service and sacrifice security.
Other useful solutions for database security:
Another issue in the discussion of database security can be data security in the
Datafile, tablespace, ... and any object layer such as backups, the goal is that these settings and policies make it easy to read if any data accidentally gets out of the database outside the organization.
Using wallets and encryption methods along with SSL configuration may be a solution to this concern, but their implementation requires technical knowledge, slow connections, and maintenance challenges, all of which can hurt the final quality of service. They also make system maintenance and troubleshooting difficult.
Challenges of coexistence of antiviruses with databases:
Here I want to review the challenges and the requirement to install security software such as antiviruses and operating system protection products,
Well, using antiviruses on machines in an organization's infrastructure is a hot topic as attacks increase, and all sensitive organizations are looking for an antivirus with better and more secure features.
Apart from the challenges of real support and licensing that have always existed, the first question is whether the database should have antivirus or not?
As I mentioned above, adding each layer of security causes slowdowns and disruptions and increases the processing load and work, and the tighter we tighten this screw, the more tangible its effect on the quality of service and the quality of the technical workforce.
Well, here, because we are under pressure and stress from attacks, we may move in a direction where we sacrifice everything for the sake of greater security, even sacrificing the quality of service and response time at every layer for security.
And when the technical expert talks about why these decisions are made, he hears that the order comes from higher authorities!
We even hear that the top managers have taken on the challenges and risks of this issue and it must be installed!
While no technical person from the database teams was present when the management decisions were made!
I have nothing to say about installing antivirus on application servers and other machines, and what seems to be the end is that it is better to install them because of the internet connection, or even if they do not have the internet, there is still no particular obstacle to their not having it, of course with a special configuration, not sometimes monitoring and controlling every layer in the operating system by the antivirus, because anyway the first concern is to protect the system while maintaining the quality of service,
It is different in the case of databases in this category.
Due to the momentary lock that antiviruses put on each object (file, etc.), the first place that is damaged is the quality and response time, and interference in the internal functioning of the databases.
The presence of unknown errors and interference in internal database services due to antivirus control and monitoring operations can be very effective.
In this case, the database administrator must be able to prove that the disruption and problem occurred from the antivirus side, and this may be challenging.
A look at the challenges of a real example:
Imagine that at midnight you, as a database administrator, wake up due to a disruption or increased consumption of database resources and after an hour of investigation, you realize that the problem is with the antivirus. So, is the support of the antivirus service company awake and available at that time or do you have to register a support ticket and wait while your service is affected!
Therefore, the discussion of contractual content with antivirus service companies should be transparent and practical.
Newer antiviruses mostly use machine learning tools and analyze behaviors over a period of time, learn, and make decisions based on what they have learned. For example, based on a month of monitoring the operating system, the antivirus may have learned that the data transfer rate from the primary server to the standby always consumes an average of 200 MB of bandwidth. A few days later, a job that runs every three months starts working and the redo log generation rate and the archive log transfer rate to the standby server triples. This is where the problem starts and you have to try and be careful for several hours to check and confirm the slowdown resulting from processing this volume of files. Your standby may be delayed for hours. Unfortunately, the primary server crashes in the middle of the job and you cannot failover because the standby is lagging and out of sync, and you may face data loss. This is a real scenario that you may encounter
Now, has data loss been seen due to the slowness of antivirus processing on business life!
Anyway, using antiviruses for security has been a challenge since ancient times and is not a topic of conversation today,
And for this reason, if you search a little about what is the way that leads to the peaceful coexistence of databases alongside antiviruses, you will eventually find that antiviruses and databases are not compatible with each other, solutions for understanding and reconciling antiviruses and databases have also been recommended, for example, Oracle says that if you insist on installing antiviruses, you should exclude all Oracle paths and directories from any antivirus operations (which again does not guarantee non-interference),
Well, let's think about the environment where the operating system with the database is protected in the secure zone in our network structure, and sufficient control over logins and access to the operating system and database is already well set up.
In such an environment, of course, only a database service, such as Oracle, is installed on the machine and all users under a specific protocol can use the database on a specific port.
And assuming that the connections are secure and mechanisms such as using wallets and SSL are activated, an appropriate level of security can be achieved. Antiviruses, apart from checking and interfering with existing processes and files, even monitor memory. In fact, by activating specific modules, nothing is safe from the antivirus's eyes and everything must be checked by this software.
These checks reduce the quality of service layer by layer and bring challenges of maintenance and improper use of resources.
In my opinion, installing antivirus on databases is not necessary and its disadvantages cannot be ignored.
The extent to which a management decision can sacrifice quality for security should be transparent and debatable and should not be overdone, because security is not always 100%. What is important is that you are prepared for threats and that standard criteria are met. And you have followed the Best Practices to the extent necessary for your organization, and sometimes it is really not worth drastically increasing security settings that reduce the quality of service.
But in this situation, where the discussion of hacking and information leakage by any means has become a hot topic, it has caused antivirus companies to gain new life and sometimes it is possible that this feeling of insecurity and the entanglement of organizations can be abused.
Ultimately, these companies are only sellers and persuasive, and the more they sell, the better for them.
But should this lead to the fact that, for example, if we buy more licenses for existing machines, we will get a better discount from the selling companies, and now that we have bought a lot, we will install antivirus on all machines. This is not the right way and I hope it does not end in this way,
Because these companies are ultimately sellers and in the best conditions, they also guarantee support services and product updates, but what remains are the challenges and difficulties of supporting technical experts and dealing with errors that remain due to the operation of antiviruses.
Conclusion:
The discussion of the necessity of site standby and site backup is also very colorful, but due to the high cost of their implementation, they are usually neglected.
The need to have data guard and multiple and delayed standbys can also increase your peace of mind against attacks.
The need to maintain backups in several secure locations and ultimately on tape is of great importance, because when an infection is detected, it is usually too late and the entire system is infected, even your standby, even your backups.
Therefore, using tools that are write-only can be a lifesaver for you.
Always provide a standby in no mount mode
and a standby with a delay in the sink, so that if you lose everything, at least your data is preserved somewhere for n hours. Of course, thanks to the existence of ransomware and malware that can live without any actions and develop in a place for a long time and then start their sabotage, having a database with a delay still does not provide complete security, but it is better than nothing.
In addition, every decision requires consultation with the technical team and the organization's security team, and without consulting these two teams, you cannot make the final decision.
Please share your opinion on basic and standard security and requirements in the field of databases in the comments of this post,
and share your valuable opinions on how to deal with hasty decisions and sacrificing quality of service and increasing the level of work of technical experts in response to these decisions.
Sincerely,
Alireza Kamrani
Technical RDBMS Team Lead
No comments:
Post a Comment