Risky business--the self auditing database.The increasing frequency of database attacks is driving federal and state legislation that requires virtually every organization to deploy more robust audit mechanisms to protect sensitive data. To meet this requirement, some organizations attempt to use the built-in auditing tools supplied with database software platforms. This practice of setting up a "self-auditing' database is based upon several false assumptions and violates the fundamental audit requirement for independence. Flawed Assumptions There are several false assumptions implicit in Adj. 1. implicit in - in the nature of something though not readily apparent; "shortcomings inherent in our approach"; "an underlying meaning" underlying, inherent the use of built-in audit tools. The first is that the audit toot is the only element of the database that is not vulnerable to attack. In September 2005, Imperva discovered a MS-SQL Server vulnerability which proves that this is not the case. By preceding the client login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. message with NULL characters null character n. A data control character that fills computer time by adding nonsignificant zeros to a data sequence. an attacker can avoid MS-SQL's built in audit tools. This and and other similar vulnerabilities illustrate the flaw in assuming that built-in database audit tools are not vulnerable. Audit mechanisms are just as likely to be vulnerable as any other database- element. Even more flawed is a second assumption that an attacker will not turn off auditing, or tamper To meddle, alter, or improperly interfere with something; to make changes or corrupt, as in tampering with the evidence. with audit records once a server is compromised. An attacker may, for example, gain database administrative privileges and immediately disable To turn off; deactivate. See disabled. auditing mechanisms. Similarly, a rogue administrator or developer may abuse legitunately acquired administrative privileges to delete audit records in order to hide an attack. To further illustrate the point, consider a car with a 'built-in' video tape security feature. In the event that the door locks fail, a thief could be identified after the fact using the 'built-in' video tape. Does this make sense? The video tape would be stolen along with the car! Perhaps the considerate con·sid·er·ate adj. 1. Having or marked by regard for the needs or feelings of others. See Synonyms at thoughtful. 2. Characterized by careful thought; deliberate. thief will leave the camera on and mail the tape to police after the theft? This is an absurd system, but it's directly analogous to 'built-in' database auditing and it illustrates the obvious flaws in self-auditing security systems. Independence A keyword in the audit business is independence Any audit professional will tell you that audit mechanisms should be independent of the system being audited. Therefore, any legitimate database audit mechanism should be independent of database server and users. Database audit appliances offer one simple approach to achieving independence. As network devices, such appliances can extract detailed audit information from network traffic travelling to and from a database. Such a device can operate in stealth mode Taking place in secret. It often refers to the position that startup companies take when developing a product they feel will be very competitive in the marketplace. They swear everyone to secrecy and keep a very low profile until they are ready to launch. (no IP address, etc.) and remain completely invisible to attackers. All activity is tracked and records cannot be tampered with at any point. In addition, since network devices can be deployed by independent security/audit personnel they enable independence of audit and database administration (DBA)job function-, when desired. Audit appliances also offer performance and cost advantages versus native database mechanisms. Native audit mechanisms are notorious for consuming database CPU CPU in full central processing unit Principal component of a digital computer, composed of a control unit, an instruction-decoding unit, and an arithmetic-logic unit. and disk resources. The performance decline experienced when these audit features are enabled forces many organizations to scale back or abandon auditing altogether. This performance drawback DRAWBACK, com. law. An allowance made by the government to merchants on the reexportation of certain imported goods liable to duties, which, in some cases, consists of the whole; in others, of a part of the duties which had been paid upon the importation. is a clear disincentive dis·in·cen·tive n. Something that prevents or discourages action; a deterrent. disincentive Noun something that discourages someone from behaving or acting in a particular way Noun 1. to appropriate audit practices. Audit appliances, on the other hand, operate at line speed and have zero impact on database resources. By offloading audit overhead to independent appliances, organizations can enable extensive tracking, deploy fewer database servers, require less load balancing The fine tuning of a computer system, network or disk subsystem in order to more evenly distribute the data and/or processing across available resources. For example, in clustering, load balancing might distribute the incoming transactions evenly to all servers, or it might redirect them , and reduce costs. Bottom Line Native database audit mechanisms do not meet the fundamental audit requirement for independence. To make matters worse, they impact performance to an extent that drives many organizations to abandon database auditing altogether. As database attacks and legislation take center stage, organizations will be pressed to find and implement independent audit solutions. Database audit appliances represent an immediate, cost effect approach. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion