網絡數據庫安全外文文獻翻譯

網絡數據庫安全外文文獻翻譯(含：英文原文及中文譯文)文獻出處：KBertino.DatabaseSecurity[J]IEEETransactionsonSoftwareEngineering,2015,13(2):129-140.英文原文DatabaseSecurityKarlBertino“WhydoIneedtosecuremydatabaseserver?Noonecanaccessit—it’sinaDMZprotectedbythefirewall!”Thisisoftentheresponsewhenitisrecommendedthatsuchdevicesareincludedwithinasecurityhealthcheck.Infact,databasesecurityisparamountindefendingorganizationsinformation,asitmaybeindirectlyexposedtoawideraudiencethanrealized.Databasesecurityhasbecomeahottopicrecently.Asmoreandmorepeopleareconcernedaboutcomputersecurity,wehavefoundthatfirewallsandwebserversaremoresecurethanever(althoughthisdoesnotmeanthattherearenolongermanyinsecurenetworks).Therefore,theemphasisisonincreasingthetechnicalconsiderations,suchastreatingthedatabasewithamoremeticulousreview.◆GeneralsafetyawarenessBeforewediscussdatabasesecurityissues,itisprudentandnecessarytoensurethattheunderlyingoperatingsystemandsupportingtechnologiesaresecure.Ifavanillaoperatingsystemcannotprovideareliableandsecurefoundationforthedatabase,itisnotworththeefforttoensurethatthedatabaseissecure.Wheninstallingtheoperatingsystem,therearemanygoodliteraturereferences.AcommonproblemoftenencounteredistheapplicationofadatabaseonthesameserverasawebserverhostingtheInternet(orIntranet).Althoughthismaysavethepurchaseofaseparateserver,thisseriouslyaffectssecurityissues.Ifthisisthecase,thisisconfirmedwhenthedatabaseisopenlyconnectedtotheInternet.ArecentexampleIrememberisanApachewebserversystemserviceorganizationprovidedontheInternet,withtheOracledatabaseprovidingtheport1521ontheInternet.Wheninvestigatingthisissue,itwasfurtherdiscoveredthataccessingtheOracleserverwasaprotectionmeasure(includingalackofapassword)withoutaservertostopit.FromtheperspectiveofthedevelopmentoftheInternet,thisdatabaseisnotrespected,buttheuseofdefaultsettingsandroughsecuritymeasuresmaketheservermorevulnerable.Theissuesmentionedabovearenotstrictlydatabaseissues.Theycanalsobeclassifiedasbuildingmechanismsandfirewallprotectionissues,butintheenditisadatabase,whichisuncompromising.Securityconsiderationswereforcedfromthepointofviewofthevariouspartsofthenetwork.Youcan'trelyonanyoneelseoranythingelsetoprotectyourdatabase.◆ThevulnerabilitydevelopedbySQLandOraclegivesattacktoolsaspacetouse.Istumbleduponadatabasesecurityaspectinarecentsecurityassessmentforaclient.Interestingly,wearetestinginternalenterpriseapplicationsthatuseadatabasebackend(SQL)toholdthedetailsoftheclient.ThesecurityreviewprocesswentwellandaccesscontrolwasbasedonWindowscertification.OnlyauthenticatedWindowsuserscanseetheirowndata.Theapplicationitselfseemstoprocessinputrequestsandrejectallattemptstoaccessthedatabasedirectly.Thenweaccidentallydiscoveredabackupoftheapplicationintheofficeofthework.ThismediaisequippedwithabackupoftheSQLdatabase,whichwere-storedonthelaptop.Allsecuritycontrolsgotolocationswherethedatabasewasnotoriginallyrecovered,andwecanbrowsethecompletedatabasewithoutanyrestrictionsinplacetoprotectsensitivedata.Thismaybelikeacompromisesystemsecurity,butitisreallyimportant.Oftenitisnotadirectapproachtoattackagoal,andtheendresultisthesame;thesystemcompromises.Databasebackupscanbestoredontheservertofacilitateindirectaccesstodata.Thereisasimplesolutiontotheaboveproblem.InSQL2000,passwordprotectioncanbeusedforbackupsettings.Ifthebackupusespasswordprotection,thepasswordmustbeusedwhencreatingthepassword.Thisisaneffectiveandlesscomplexwaytopreventsimplecaptureofbackupdata.Howeverthismeansthepasswordmustberemembered!◆CurrenttrendTherearemanycurrenttrendsinITsecurity,manyofwhicharetiedtodatabasesecurity.Thefocusondatabasesecurityisdrawingtheattentionofattackers.DuetothevulnerabilitiesdevelopedbySQLandOracle,thereisaspaceavailableforattacktools.Theemergenceofthesetoolshasraisedthestakes,andwehaveseenthatattacksareprimarilydirectedatspecificdatabaseportswheretheserverisexposedtotheInternet.Acommonproblemthatrunsthroughthesecurityindustryisapplicationsecurity,especiallycustomizedWebapplications.AsthecapabilitiesofWebapplicationsbecomemoresophisticated,itposesagreaterpotentialthreattothesecuritygapsinapplicationcoding.Inordertomeetthefunctionalrequirementsofapplicationsoftware,back-enddatastorageisusuallyusedtoarrangetheformatofwebcontent.Thisrequiresmorecomplexbackenddataencoding.Developersusedifferentstylesofcodedevelopment,someofwhicharenotsecurityaware,whichmaybethesourceofdevelopmenterrors.SQLinjectionisahottopicinthecurrentITsecurityindustry.Withtheever-increasingnumberofwaysandmeansofshorteningthetimetodevelopdatabases,thecurrentdebateintechnicalsecurityforumsisverycommon.SQLinjectionisamisleadingtermbecausetheconceptalsoappliestootherdatabases,includingOracle,DB2,andSybasesystems.◆WhatisSQLinjection?SQLinjectionisamethodofcommunicationthatthesoftwaredeveloperdoesnotwishtousewiththedatabasetousecodeorinstructions.Thisisthemostcommonformofwebapplicationsoftwarefound.Anycontentthatanyuserentersintotheapplicationisacommonsourceofattacks.Manyfriendsherehavealreadyseentheusualerrormessageboxwhenaccessingthewebsite,andoftenshowthattheuserinputhasnotbeenhandledcorrectly.Oncethistypeoferroroccurs,theattackerwillfocusonamorespecificinputstring.Specificsecurity-relatedcodingtechniquesshouldincorporatecodingstandardswhenusingtheorganization.Thedamagecausedbythistypeofvulnerabilitycanbeprofound,althoughthiswilldependonthelevelofprivilegeassociatedwiththeapplicationandthedatabase.Ifthesoftwareaccessesdatawithadministratortyperights,thenmaliciouslyrunningcommandswillalsobethislevelofaccessrights,andatthistime,systemcompromiseisinevitable.Thisproblemissimilartotheoperatingsystem'ssecurityrules,wheretheprojectshouldrunwiththelowestprivilege,anditisnecessary.Ifitisnormaluseraccess,thenenablethisrestriction.Thesameproblem,SQLsecurityisnotentirelyadatabaseproblem.Specificdatabasecommandsorrequirementsshouldnotbeallowedthroughtheapplicationlayer.Thiscanbepreventedby"securitycode".Thisisanoff-topictopic,butthedetaileddesignofsomebasicstepsthatshouldbeappliedisnecessary.Thefirststepistoverifyandcontroluserinputwhenacquiringanyapplication.Wherepossible,stricttypesshouldbesettocontrolspecificdata(eg,expectedvaluedata,stringtypedata,etc.),andwherepossible,ifthedataischaracter-based,Banspecificnon-alphanumericcharacters.Ifthisisnotpossible,considerationshouldbegiventotheuseofalternativecharacters(forexample,singlequotes,whicharecommonlyusedinSQLcommands).Specificsecurity-relatedcodingtechniquesshouldbeaddedtothecodingstandardwhenusingyourorganization.Ifalldevelopersusethesamebaselinestandards,specificspecificsecuritymeasures,thiswillgreatlyreducetheriskofSQLinjectioncompromises.Anothersimplemethodthatcanbeusedistoclearallprogramsthatarenolongerneededinthedatabase.Theselimitthedegreeofmalicioususethatisnolongerneededinthedatabaseorismorethanexcessive.Thisissimilartoeliminatingunnecessaryserviceprogramsintheoperatingsystemandisacommonsecuritypractice.◆SummaryInshort,mostoftheaboveviewpointsIhavemadearegeneralawarenessofsecurityconceptsandarenotspecifictoadatabase.However,alloftheseareindeedappliedtothedatabase,andifthesebasicsecuritymeasuresareapplied,yourdatabasesecuritypropertieswillbegreatlyimproved.Inthenextarticleondatabasesecurity,wewillfocusonspecificSQLandOraclesecurityissues,andprovidedetailedexamplesandopinionsforDBAsanddevelopers.Intheabove,wediscussedthegeneraldatabasesecurityconceptsandcommonproblems.InthisarticlewewillfocusonthespecificsecurityissuesofMicrosoftSQLandOracle,andequallyimportantaresolutionstomitigatetheseissues.DatabasesecurityhasmanysimilaritieswithgeneralITsecurityissues.Therearesomesimplesecuritymeasuresandstepsthatcanbeeasilyimplementedtogreatlyincreasesecurity.Althoughtheseseemtobecommonsense,itissurprisingthatwehaveseenhowmanytimesthecommonsecuritymeasureshavenotbeenimplementedsoastocreatesecurityrisks.◆UseraccountandpasswordsecurityOneofthefirstbasicrulesinITsecurityisto"ensureyouhaveareliablepassword."Inthisstatement,Ihaveassumedthatthefirstpasswordhasbeenset,althoughthisisoftennotthecase.Inlastyear’sarticle,Ispokealittleaboutgeneralsecurityawareness,butIthinkit’snecessarytore-emphasizethisissueandit’sveryimportant.Justliketheoperatingsystem,thefocusofattentionisontheaccountsecurityoftheinternaldatabase.Itspurposeistomanageaccounts.InSQL,thiswillbetheSAaccount.InOracle,thiscanbeSYSDBAoranOracleaccount.ItisalsocommonforaSQLSAserviceaccounttouse"SA"asapassword,whichisverycommon,orevenworse,ablankpassword.Eventhemostbasicsecurityrulesforsuchpasswordsarelazytolimit.Userswillnotbeallowedtohaveablankpasswordontheirowndomainaccount,sowhyvaluablesystemresources,suchasdatabases,aretolerated.Forexample,ablank"SA"passwordallowsanyuser(suchasMicrosoft'sQueryAnalyzerorEnterpriseManagerto"manage"SQLServeranddatabase)tocontainclientsoftware.Thedatabaseisusedasthebackendofwebapplicationsoftware.Thelackofpasswordcontrolwillleadtoacompletecompromiseofsensitivedata.Withthesystemlevelaccesstothedatabase,notonlytoperformthequerytothedatabase,create/modify/deletethetable,butalsotoperformwhatiscalledstoredprocedures.中文譯文數據庫安全作者：卡爾·伯蒂諾“為什么要確保數據庫服務安全呢?任何人都不能訪問-這是一個非軍事區(qū)的保護防火墻”,當我們被建議使用一個帶有安全檢查機制的裝置時,這是通常的反應。事實上,在防護一個組織的信息方面,數據庫的安全是至高無上的,因為它可能會間接接觸比我們意識到的更廣泛的用戶。這是兩篇研究數據庫安全文章中的第一篇。在這篇文章中我們將討論一般數據庫安全概念和和比較普遍的問題。在下篇文章,我們將把焦點放在特定的MicrosoftSQL和Oracle的安全關注上。近來數據庫安全已成為一個熱門話題。隨著越來越多的人關注計算機安全,我們發(fā)現,防火墻和網絡服務器比以前都更加安全化了(雖然這并不等于說現在不再有許多不安全的網絡存在)。因此,重點是加大對技術的考慮力度,譬如以更細膩的審查態(tài)度對待數據庫?！粢话惆踩庾R在我們討論有關數據庫安全問題之前,確保底層操作系統(tǒng)和支撐技術的安全是審慎而且必要的。如果一個vanilla操作系統(tǒng)無法為數據庫提供一個穩(wěn)妥可靠的安全基礎,花費太多努力去確保數據庫安全是不值得的。當安裝操作系統(tǒng)時,有許多好的文獻資料可以參考。經常遇到的一個普遍問題,就是作為網絡服務器托管Internet(orIntranet)的同一服務器上數據庫的應用。雖然這可能節(jié)省的購買一個單獨的服務器費用,但這嚴重影響了安全問題。如果這是確定的,當數據庫開放地連接到互聯(lián)網這種情況被證實了。最近的一個例子,我記得是一個Apache網絡服務器系統(tǒng)服務組織在互聯(lián)網上提供的,與Oracle數據庫在互聯(lián)網上提供有關端口1521。在調查這個問題時進一步被發(fā)現,訪問該Oracle服務器是沒有服務器加以制止之類的保護措施的(包括缺乏密碼)。從互聯(lián)網發(fā)展前景看,這個數據庫是不被推崇的,但默認設置的使用以及粗糙的安全措施,使服務器更加脆弱。上面提到的問題并不是嚴格地數據庫問題,還可以被歸類為構建機制和防火墻保護問題,但最終它確是數據庫,這是毫不妥協(xié)的。安全方面的考慮從面向網絡的各部分來看而被迫做出的。你不能依靠任何他人或任何別的事以保護你的數據庫安全?！粲捎赟QL和Oracle開發(fā)的漏洞給攻擊工具一個得以使用的空間。我在最近為客戶做的一項安全評估中偶然發(fā)現一個數據庫安全方面的。有趣的是，我們正在進行對使用一個數據庫后端(SQL)以存放客戶端的細節(jié)的企業(yè)內部應用軟件的測試。安全審查過程進展順利,訪問控制基于Windows認證。只有通過認證的Windows用戶能夠看到屬于他們的數據。這個應用軟件本身好像對輸入要求進行處理,拒絕直接進入資料庫的所有嘗試。之后我們在工作的辦公室偶然發(fā)現一個該應用軟件的備份。這個媒體裝有SQL數據庫的備份,這是我們重新存儲到筆記本電腦上的。所有安全控制均到那些原先并未恢復數據庫的位置上,而且我們能夠在適當的位置無任何限制地瀏覽完整的數據庫,以保護敏感的數據。這可能像是一種妥協(xié)的系統(tǒng)安全的方式,但確實是重要的。往往并不是采取直接的方法攻擊一個目標,并且最終結果是相同的;系統(tǒng)妥協(xié)。數據庫備份可以存儲在服務器上,從而有利于間接地訪問數據。以上問題有一個簡單的辦法來解決。在SQL2000可以為備份設定使用密碼保護。如果備份使用了密碼保護,當創(chuàng)建密碼時就必須使用密碼。這是一種有效而且不太復雜的方法阻止備份數據的簡單捕獲。然而這意味著密碼必須記住!◆當前趨勢在IT安全方面有許多當前趨勢,這些中的不少都與數據庫安全聯(lián)系起來。數據庫安全方面的焦點正吸引著攻擊者的注意力。由于SQL和Oracle開發(fā)的漏洞給攻擊工具一個得以使用的空間。這些工具的出現提高了賭注,我們已經看到,攻擊主要是針對服務器暴露到互聯(lián)網的特定數據庫端口。貫穿安全業(yè)的一個普遍問題是應用軟件安全,特別是定制的Web應用程序。隨著Web應用程序的功能變得越來越復雜,它帶來了應用程序編碼方面的安全漏洞的更大的潛在威脅。為了滿足應用軟件的功能性要求,后端數據存儲通常被用來安排網頁內容的格式。這就需要更復雜的后端數據編碼。開發(fā)者使用不同風格的代碼開發(fā),其中一部分沒有安全意識,這也許是開發(fā)錯誤的源頭。SQL注入就是當前IT安全業(yè)的一個熱門話題。隨著愈來愈多的以期縮短時間的開發(fā)數據庫的方式和手段的出現,目前在技術安全論壇中,爭論是很平常的。SQL注入是一個容易讓人誤導的術語,因為該概念也適用于其他的數據庫,包括Oracle,DB2和Sybase系統(tǒng)?！羰裁词荢QL注入?SQL注入的是軟件開發(fā)人員所不希望出現的與資料庫使用代碼或指令發(fā)送手段的交流方法。這是發(fā)現在Web應用軟件最常見的形式。任何用戶輸入應用軟件所不允許的內容是攻擊的一個常見來源。在座很多朋友已經看到了當訪問網站時通常的錯誤消息框,而且往往顯示用戶輸入沒有得到正確處理。一旦出現這種類型的錯誤,攻擊者將把焦點放在更具體的輸入字符串上。具體的與安全有關的編碼技術在使用組織時應加入編碼標準。由于這種類型的脆弱性所造成的損害,可以很深刻的,盡管這會取決于該應用軟件與數據庫關聯(lián)的特權級別。如果該