Chapter three

What is database security?

Database security refers to the range of tools, controls, and measures designed to establish and
preserve database confidentiality, integrity, and availability. Database security will focus primarily
on confidentiality since it’s the element that’s compromised in most data breaches.

Database security must address and protect the following:

 The data in the database

 The database management system (DBMS)
 Any associated applications
 The physical database server and/or the virtual database server and the underlying hardware
The computing and/or network infrastructure used to access the database
Database security is a complex and challenging endeavor that involves all aspects of information
security technologies and practices.
Why is it important?
By definition, a data breach is a failure to maintain the confidentiality of data in a database. How
much harm a data breach inflicts on your enterprise depends on a number of consequences or
factors:

 Compromised intellectual property: Your intellectual property—trade secrets, inventions, and

proprietary practices—may be critical to your ability to maintain a competitive advantage in
your market. If that intellectual property is stolen or exposed, your competitive advantage may
be difficult or impossible to maintain or recover.
 Damage to brand reputation: Customers or partners may be unwilling to buy your products
or services (or do business with your company) if they don’t feel they can trust you to protect
your data or theirs.
 Business continuity (or lack thereof): Some business cannot continue to operate until a
breach is resolved.

1
Fines or penalties for non-compliance: The financial impact for failing to comply with global
regulations such as the Sarbanes-Oxley Act (SAO) or Payment Card Industry Data Security
Standard (PCI DSS), industry-specific data privacy regulations such as HIPAA, or regional data
privacy regulations, such as Europe’s General Data Protection Regulation (GDPR) can be
devastating, with fines in the worst cases exceeding several million dollars per violation.
Costs of repairing breaches and notifying customers: In addition to the cost of communicating
a breach to customer, a breached organization must pay for forensic and investigative activities,
crisis management, triage, repair of the affected systems, and more.

Common threats and challenges

Many software misconfigurations, vulnerabilities, or patterns of carelessness or misuse can result
in breaches. The following are among the most common types or causes of database security
attacks and their causes.

Insider threats: An insider threat is a security threat from any one of three sources with
privileged access to the database:
 A malicious insider who intends to do harm
 A negligent insider who makes errors that make the database vulnerable to attack
 An infiltrator—an outsider who somehow obtains credentials via a scheme such as
phishing or by gaining access to the credential database itself

Insider threats are among the most common causes of database security breaches and are often
the result of allowing too many employees to hold privileged user access credentials.

Human error: Accidents, weak passwords, password sharing, and other unwise or
uninformed user behaviors continue to be the cause of nearly half (49%) of all reported data
breaches.

Exploitation of database software vulnerabilities

Hackers make their living by finding and targeting vulnerabilities in all kinds of software,
including database management software. All major commercial database software vendors and

2
open source database management platforms issue regular security patches to address these
vulnerabilities, but failure to apply these patches in a timely fashion can increase your exposure.

SQL/NoSQL injection attacks

A database-specific threat, these involve the insertion of arbitrary SQL or no-SQL attack strings
into database queries served by web applications or HTTP headers. Organizations that don’t follow
secure web application coding practices and perform regular vulnerability testing are open to these
attacks.

Buffer overflow exploitations

Buffer overflow occurs when a process attempts to write more data to a fixed-length block of
memory than it is allowed to hold. Attackers may use the excess data, stored in adjacent memory
addresses, as a foundation from which to launch attacks.

Malware: Malware is software written specifically to exploit vulnerabilities or otherwise cause

damage to the database. Malware may arrive via any endpoint device connecting to the database’s
network.

Attacks on backups: Organizations that fail to protect backup data with the same stringent controls
used to protect the database itself can be vulnerable to attacks on backups.

These threats are exacerbated by the following:

 Growing data volumes: Data capture, storage, and processing continues to grow
exponentially across nearly all organizations. Any data security tools or practices need to
be highly scalable to meet near and distant future needs.
 Infrastructure sprawl: Network environment are becoming increasingly complex,
particularly as businesses move workloads to mult-cloud or hybrid-cloud architectures,
making the choice, deployment, and management of security solutions ever more
challenging.

3
  Increasingly stringent regulatory requirements: The worldwide regulatory compliance
landscape continues to grow in complexity, making adhering to all mandates more difficult.
 Cybersecurity skills shortage: Experts predict there may be as many as 8 million
unfilled cybersecurity position by 2022.
Denial of service (DoS/DDoS) attacks

In a denial of service (DoS) attack, the attacker deluges the target server—in this case the database
server—with so many requests that the server can no longer fulfill legitimate requests from actual
users, and, in many cases, the server becomes unstable or crashes.

In a distributed denial of service attack (DDoS), the deluge comes from multiple servers, making
it more difficult to stop the attack.
Best practices

When evaluating database security in your environment to decide on your team’s top priorities,
consider each of the following areas:

 Physical security: Whether your database server is on premise or in a cloud data center, it
must be located within a secure, climate-controlled environment. (If your database server is in
a cloud data center, your cloud provider will take care of this for you.)
 Administrative and network access controls: The practical minimum number of users
should have access to the database, and their permissions should be restricted to the minimum
levels necessary for them to do their jobs. Likewise, network access should be limited to the
minimum level of permissions necessary.
 End user account/device security: Always be aware of who is accessing the database and
when and how the data is being used. Data monitoring solutions can alert you if data activities
are unusual or appear risky. All user devices connecting to the network housing the database
should be physically secure (in the hands of the right user only) and subject to security controls
at all times.
 Encryption: ALL data—including data in the database, and credential data—should be
protected with best-in-class encryption while at rest and in transit. All encryption keys should
be handled in accordance with best-practice guidelines.

4
 Database software security: Always use the latest version of your database management
software, and apply all patches as soon as they are issued.
 Application/web server security: Any application or web server that interacts with the
database can be a channel for attack and should be subject to ongoing security testing and best
practice management.
 Backup security: All backups, copies, or images of the database must be subject to the same
(or equally stringent) security controls as the database itself.
 Auditing: Record all logins to the database server and operating system, and log all operations
performed on sensitive data as well. Database security standard audits should be performed
regularly.
Controls and policies
In addition to implementing layered security controls across your entire network environment,
database security requires you to establish the correct controls and policies for access to the
database itself. These include:

 Administrative controls to govern installation, change, and configuration management for

the database.
 Preventative controls to govern access, encryption, tokenization, and masking.
 Detective controls to monitor database activity monitoring and data loss prevention tools.
Nb: Security controls, security awareness training and education programs, and penetration testing
and vulnerability assessment strategies should all be established in support of your formal security
policies.

Data protection tools and platforms

Today, a wide array of vendors offer data protection tools and platforms. A full-scale solution
should include all of the following capabilities:

 Discovery: Look for a tool that can scan for and classify vulnerabilities across all your
databases—whether they’re hosted in the cloud or on premise—and offer recommendations
for remediating any vulnerabilities identified. Discovery capabilities are often required to
conform to regulatory compliance mandates.

5
 Data activity monitoring: The solution should be able to monitor and audit all data activities
across all databases, regardless of whether your deployment is on premise, in the cloud, or in
a container. It should alert you to suspicious activities in real-time so that you can respond to
threats more quickly.
 Encryption and tokenization capabilities: In case of a breach, encryption offers a final line
of defense against compromise. Any tool you choose should include flexible encryption
capabilities that can safeguard data in on premise, cloud, hybrid, or multi-cloud environments.
 Data security optimization and risk analysis: A tool that can generate contextual insights by
combining data security information with advanced analytics will enable you to accomplish
optimization, risk analysis, and reporting with ease. Choose a solution that can retain and
synthesize large quantities of historical and recent data about the status and security of your
databases, and look for one that offers data exploration, auditing, and reporting capabilities
through a comprehensive but user-friendly self-service dashboard.

6
 Chapter three part 2
Operating System - Security
Security refers to providing a protection system to computer system resources such as CPU,
memory, disk, software programs and most importantly data/information stored in the computer
system. If a computer program is run by an unauthorized user, then he/she may cause severe
damage to computer or data stored in it. So a computer system must be protected against
unauthorized access, malicious access to system memory, viruses, worms etc. We're going to
discuss following topics in this study.

 Authentication
 One Time passwords
 Program Threats
 System Threats
 Computer Security Classifications
Authentication: Authentication refers to identifying each user of the system and associating the
executing programs with those users. It is the responsibility of the Operating System to create a
protection system which ensures that a user who is running a particular program is authentic.
Operating Systems generally identifies/authenticates users using following three ways −

 Username / Password − User need to enter a registered username and password with
Operating system to login into the system.
 User card/key − User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system.
 User attribute - fingerprint/ eye retina pattern/ signature − User need to pass his/her
attribute via designated input device used by operating system to login into the system.
One Time passwords: One-time passwords provide additional security along with normal
authentication. In One-Time Password system, a unique password is required every time
user tries to login into the system. Once a one-time password is used, then it cannot be used
again. One-time password are implemented in various ways.

7
  Random numbers − Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
 Secret key − User are provided a hardware device which can create a secret id mapped with
user id. System asks for such secret id which is to be generated every time prior to login.
 Network password − Some commercial applications send one-time passwords to user on
registered mobile/ email which is required to be entered prior to login.
Program Threats: Operating system's processes and kernel do the designated task as instructed.
If a user program made these process do malicious tasks, then it is known as Program Threats.
One of the common example of program threat is a program installed in a computer which can
store and send user credentials via network to some hacker. Following is the list of some well-
known program threats.

 Trojan Horse − Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.
 Trap Door − If a program which is designed to work as required, have a security hole in
its code and perform illegal action without knowledge of user then it is called to have a trap
door.
 Logic Bomb − Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.
 Virus − Virus as name suggest can replicate themselves on computer system. They are
highly dangerous and can modify/delete user files, crash systems. A virus is generally a
small code embedded in a program. As user accesses the program, the virus starts getting
embedded in other files/ programs and can make system unusable for user
System Threats: System threats refers to misuse of system services and network connections to
put user in trouble. System threats can be used to launch program threats on a complete network
called as program attack. System threats creates such an environment that operating system
resources/ user files are misused. Following is the list of some well-known system threats.

 Worm − Worm is a process which can choked down a system performance by using system
resources to extreme levels. A Worm process generates its multiple copies where each copy

8
 uses system resources, prevents all other processes to get required resources. Worms’
processes can even shut down an entire network.
 Port Scanning − Port scanning is a mechanism or means by which a hacker can detects
system vulnerabilities to make an attack on the system.
 Denial of Service − Denial of service attacks normally prevents user to make legitimate
use of the system. For example, a user may not be able to use internet if denial of service
attacks browser's content settings.

Computer Security Classifications

As per the U.S. Department of Defense Trusted Computer System's Evaluation Criteria there are
four security classifications in computer systems: A, B, C, and D. this is widely used specifications
to determine and model the security of systems and of security solutions. Following is the brief
description of each classification.

S.N. Classification Type & Description

1
Type A

Highest Level. Uses formal design specifications and verification techniques. Grants a high degree of
assurance of process security.

2
Type B

Provides mandatory protection system. Have all the properties of a class C2 system. Attaches a sensitivity
label to each object. It is of three types.

 B1 − Maintains the security label of each object in the system. Label is used for making decisions
to access control.
 B2 − Extends the sensitivity labels to each system resource, such as storage objects, supports
covert channels and auditing of events.
 B3 − Allows creating lists or user groups for access-control to grant access or revoke access to a
given named object.

9
3
Type C

Provides protection and user accountability using audit capabilities. It is of two types.

 C1 − Incorporates controls so that users can protect their private information and keep other users
from accidentally reading / deleting their data. UNIX versions are mostly Cl class.
 C2 − Adds an individual-level access control to the capabilities of a Cl level system.

4
Type D

Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this category.

Operating System - Linux

Linux is one of popular version of UNIX operating System. It is open source as its source code is
freely available. It is free to use. Linux was designed considering UNIX compatibility. Its
functionality list is quite similar to that of UNIX.

Components of Linux System

Linux Operating System has primarily three components

 Kernel − Kernel is the core part of Linux. It is responsible for all major activities of this
operating system. It consists of various modules and it interacts directly with the underlying
hardware. Kernel provides the required abstraction to hide low level hardware details to
system or application programs.
 System Library − System libraries are special functions or programs using which
application programs or system utilities accesses Kernel's features. These libraries
implement most of the functionalities of the operating system and do not requires kernel
module's code access rights.
 System Utility − System Utility programs are responsible to do specialized, individual
level tasks.

10
 Kernel Mode vs User Mode
Kernel component code executes in a special privileged mode called kernel mode with full access
to all resources of the computer. This code represents a single process, executes in single address
space and do not require any context switch and hence is very efficient and fast. Kernel runs each
processes and provides system services to processes, provides protected access to hardware to
processes.

Basic Features
Following are some of the important features of Linux Operating System.
 Portable − Portability means software can works on different types of hardware in same
way. Linux kernel and application programs supports their installation on any kind of
hardware platform.
 Open Source − Linux source code is freely available and it is community based
development project. Multiple teams work in collaboration to enhance the capability of
Linux operating system and it is continuously evolving.
 Multi-User − Linux is a multiuser system means multiple users can access system
resources like memory/ ram/ application programs at same time.
 Multiprogramming − Linux is a multiprogramming system means multiple applications
can run at same time.
 Hierarchical File System − Linux provides a standard file structure in which system files/
user files are arranged.
 Shell − Linux provides a special interpreter program which can be used to execute
commands of the operating system. It can be used to do various types of operations, call
application programs. etc.
 Security − Linux provides user security using authentication features like password
protection/ controlled access to specific files/ encryption of data.

The architecture of a Linux System consists of the following layers −

 Hardware layer − Hardware consists of all peripheral devices (RAM/ HDD/ CPU etc).
 Kernel − It is the core component of Operating System, interacts directly with hardware,
provides low level services to upper layer components.

11
  Shell − An interface to kernel, hiding complexity of kernel's functions from users. The shell
takes commands from the user and executes kernel's functions.
 Utilities − Utility programs that provide the user most of the functionalities of an operating
systems.

Chapter 3 part3
What is OS Security? The term operating system (OS) security refers to practices and measures
that can ensure the confidentiality, integrity, and availability (CIA) of operating systems.

The goal of OS security is to protect the OS from various threats, including malicious software
such as worms, Trojans and other viruses, misconfigurations, and remote intrusions.

OS security typically involves the implementation of control techniques that can protect your
assets from unauthorized modification and deletion or theft.

The most common techniques used to protect operating systems include the use of antivirus
software and other endpoint protection measures, regular OS patch updates, a firewall for
monitoring network traffic, and enforcement of secure access through least privileges and user
controls.

What are Common OS SECURITY?

Threats? : Here are a few of the most common threat vectors that can affect an
operating system.
Malware: Malware is short for malicious software, which encompasses a range of attack vectors
such as viruses, worms, Trojans, and rootkits. Malware is injected into a system without the
owner’s consent, or by masquerading as legitimate software, with the objective of stealing,
destroying or corrupting data, or compromising the device.

Malware can also replicate, allowing it to spread further in a corporate network and beyond.
Malware attacks often go undetected by the target user, allowing for the quiet extraction of
sensitive data. In other cases attackers silently “herd” compromised devices into botnets and use
them for criminal activities such as distributed denial of services (DDoS) attacks.

12
Denial of Service Attacks: A Denial of Service (DoS) attack is intended to clog a system with
fake requests so it becomes overloaded, and eventually stops serving legitimate requests. Some
DoS attacks, in addition to overwhelming a system’s resources, can cause damage to the
underlying infrastructure.

Modern DoS attacks are waged by a distributed network of thousands or millions of bots
(automated agents)—this is known as distributed denial of service (DDoS), and can be extremely
difficult to mitigate due to its huge scale.

An example of a DoS attack is the repeated use of system requests in a tight loop, or a “syn flood”
in which the attacker sends a large number of network requests, requiring the server to
acknowledge each one, and exhausting its resources.

Network Intrusion: Network intrusion occurs when an individual gains access to a system for
improper use. There are several types of network intrusion depending on the type of intruder:

 Careless insiders—authorized users who neglect to follow security policies or best

practices, causing exposure of sensitive assets.
 Malicious insiders—authorized users who misuse their privileges for malicious indigence.
 Masqueraders—external individuals who pose as legitimate users, exploiting the account
or credentials of an authorized user to gain access to the system.
 Clandestine users—attackers who penetrate the system by gaining supervisory control and
going around access controls.
Buffer Overflow: The main function of a buffer is to temporarily store data. Each buffer has a
capacity of data it can hold. During a buffer overflow attack, the buffer or other temporary data
stores are overflowing with data. When the buffer overflows, the program attempting to write the
data may overwrite other memory locations containing important information.

Threat actors look for buffer overflow vulnerabilities, which they can exploit to inject scripts that
help them hijack the system or crash it.

13
 How Can You Ensure Operating System Security?
Here are a few ways you can improve operating system security in your organization.

Authentication Measures: Authentication involves matching an identified user with the programs
or data they are allowed to access. All operating systems have controls that can be used to verify
that users who run a particular program are authorized to do so.

You can use the following techniques to authenticate users at the operating system level:

 Security keys: keys are provided by a key generator, usually in the form of a physical dongle.
The user must insert the key into a slot in the machine to log in.
 Username-password combinations: The user enters a username that is registered with the OS,
along with a matching password.
 Biometric signatures: The user scans a physical attribute, such as a fingerprint or retina, to
identify themselves.
 Multi-factor authentication: Modern authentication systems use multiple methods to identify
a user, combining something the user knows (credentials), something they own (such as a
mobile device), and/or a physical characteristic (biometrics).
Using One-Time Passwords: One-time passwords offer an additional layer of security when
combined with standard authentication measures. Users must enter a unique password generated
each time they log in to the system. A one-time password cannot be reused.

Examples of one-time passwords include:

 Network passwords: An application sends a one-time password to the users via a registered
email address or mobile phone number. The user must enter this password to log in to the
computer.
 Random numbers: The user receives a card with listing numbers that correspond to matching
letters. The OS requires the user to enter the numbers that match a set of randomly generated
letters.
 Secret keys: The user receives a device that generates secret keys. The user then enters the
secret key into the OS system, which identifies the user credentials associated with the key.

14
Virtualization: Virtualization enables you to abstract software from hardware, effectively
separating the two. The main advantage of virtualization is that it introduces a high level of
efficiency and flexibility, while providing greater security coverage. There are many types of
virtualization, including desktop, application, network, server, and network, storage, and OS
virtualization.

Operating system virtualization is a form of sandboxing.

What is OS virtualization?
OS virtualization enables you to multiple isolated user environments using the same OS kernel.
The technology that creates and enables this type of isolation is called a “hypervisor”, which serves
as a layer located between the device and the virtualized resources.

The hypervisor manages the virtual machines (VM) running on the device (typically 2-3 Vms).
Each VM is used for each user or each security zone. There are several types of VMs that can run
alongside each other. Here are the three main categories:

Fully locked-down VM: Should be used to provide access to sensitive data and corporate systems,
such as IT environments, payment systems, and sensitive customer data.

Unlocked, open VM: Should be used to provide unrestricted access to non-corporate resources.
For example, full web browsing sessions, installation of applications, and use of external devices.

Semi-locked-down VM: Should be used to provide access to standard corporate applications and
resources, such as office documents, company email, and internal services.

Advantages of OS virtualization
Each type of VM is limited to the actions allowed by design. Any further action is restricted. This
keeps the environment secure. The hypervisor runs below the OS of the device and splits the device
into multiple VMs running locally with their own OS—effectively isolating users.

Because the users are isolated, the devices remain secure. This ensures that employees and third
parties can gain access to company resources without endangering company resources.

15
Another major advantage of OS virtualization is that none of the virtualized environments can
directly access the network. Instead, connectivity is enabled via an invisible, virtualized network
layer that implements network segmentation directly on the endpoint device.

Testing and Validating Operating System Security

Securing an operating system or any software is an ongoing process that requires constant testing.
Depending on the risk and priority of a system, security posture tests may take place on a monthly,
weekly or daily basis. Here are a few testing methods you can use.

Vulnerability Assessment
Vulnerability assessment involves testing for weaknesses that may be lying undetected in an
operating system. Identifying vulnerabilities allows you to identify possible vectors for an attack
so you can better understand the risk to your system.

As part of a continuous process, vulnerability assessment attempts to stay on top of newly exposed
vulnerabilities by locating, classifying and prioritizing them according to severity and impact. This
process usually combines manual tasks with automated tools.

The following are some of the typical methods used for OS vulnerability assessment:

 Scanning for known vulnerabilities

 Scanning the software and applications on an operating system
 Scanning for malware
 Scanning for missing patches and updates
 Patch testing
 Port scanning
Penetration Testing: Penetration testing, or pentesting, is a security assessment strategy that
uses vulnerability assessment to identify how an attacker may successfully exploit vulnerabilities
in the system. The penetration testing method involves simulating an exploit to evaluate system
security.

16
Penetration testing helps discover vulnerabilities beyond the obvious, and seeks to identify the
methods an attacker may use to exploit them. Security teams can leverage the insights provided by
pentesting to put in place effective security measures.

There are three types of penetration testing, each of which provides different types of insights into
operating system security and potential for exploitation:

 White Box: The penetration tester has full technical knowledge of the system being tested.
 Grey Box: The pentester has limited technical knowledge of the system being tested.
 Black Box: The pentester doesn’t have any prior technical knowledge of the system being
tested.

Perception Point Advanced Browser Security

While a full OS isolation for window 10 or Windows 11 might seem like the ideal solution, it
comes with a couple of main pitfalls: impaired user experience and reduced productivity. You can
achieve the same level of security while not compromising functionality with a secure browser
extension.

Perception Point Advanced Browser Security adds enterprise-grade security to standard browsers
like Chrome, Edge, and Safari. The solution fuses advanced threat detection with browser-level
governance and DLP controls providing organizations of all sizes with unprecedented ability to
detect, prevent and remediate web threats including sophisticated phishing attacks, ransomware,
exploits, Zero-Days, and more.

By transforming the organizational browser into a protected work environment, the access to
sensitive corporate infrastructure and SaaS applications is secure from data loss and insider threats.
The solution is seamlessly deployed on the endpoints via a browser extension and is managed
centrally from a cloud-based console. There is no need to tunnel/proxy traffic through Perception
Point. Nb: Customers deploying the solution will experience fewer breaches, while providing their
users with a better experience as they have the freedom to browse the web, use SaaS applications
that they require, and access privileged corporate data, confidently, securely, and without added
latency.

17