49
Database Security and Database Security and Auditing: Protecting Data Auditing: Protecting Data Integrity and Accessibility Integrity and Accessibility Chapter 3 Administration of Users

Computer Forensics

Tags:

Embed Size (px)

Citation preview

Page 1: Computer Forensics

Database Security and Database Security and Auditing: Protecting Data Auditing: Protecting Data Integrity and AccessibilityIntegrity and Accessibility

Chapter 3Administration of Users

Page 2: Computer Forensics

Database Security and Auditing 2

ObjectivesObjectives

• Explain the importance of administration documentation

• Outline the concept of operating system authentication

• Create users and logins using both Oracle10g and SQL Server

• Remove a user from Oracle10g and SQL servers

Page 3: Computer Forensics

Database Security and Auditing 3

Objectives (continued) Objectives (continued)

• Modify an existing user using both Oracle10g and SQL servers

• List all default users on Oracle10g and SQL servers

• Explain the concept of a remote user• List the risks of database links

Page 4: Computer Forensics

Database Security and Auditing 4

Objectives (continued)Objectives (continued)

• List the security risks of linked servers• List the security risks of remote servers• Describe best practices for user administration

Page 5: Computer Forensics

Database Security and Auditing 5

Documentation of User AdministrationDocumentation of User Administration

• Part of the administration process• Reasons to document:

– Provide a paper trail– Ensure administration consistency

• What to document:– Administration policies, staff and management– Security procedures– Procedure implementation scripts or programs– Predefined roles description

Page 6: Computer Forensics

Database Security and Auditing 6

Documentation of User Administration Documentation of User Administration (continued)(continued)

Page 7: Computer Forensics

Database Security and Auditing 7

Documentation of User Administration Documentation of User Administration (continued)(continued)

Page 8: Computer Forensics

Database Security and Auditing 8

Operating System AuthenticationOperating System Authentication

• Many databases (including Microsoft SQL Server 2000) depend on OS to authenticate users

• Reasons:– Once an intruder is inside the OS, it is easier to

access the database– Centralize administration of users

• Users must be authenticated at each level

Page 9: Computer Forensics

Database Security and Auditing 9

Operating System Authentication Operating System Authentication (continued)(continued)

Page 10: Computer Forensics

Database Security and Auditing 10

Creating UsersCreating Users

• Must be a standardized, well-documented, and securely managed process

• In Oracle10g, use the CREATE USER statement:– Part of the a Data Definition Language (DDL)– Account can own different objects

Page 11: Computer Forensics

Database Security and Auditing 11

Creating an Oracle10Creating an Oracle10gg User User

• IDENTIFIED clause– Tells Oracle how to authenticate a user account– BY PASSWORD option: encrypts and stores an

assigned password in the database– EXTERNALLY option: user is authenticated by

the OS– GLOBALLY AS option: depends on

authentication through centralized user management method

Page 12: Computer Forensics

Database Security and Auditing 12

Creating an Oracle10Creating an Oracle10gg User User (continued)(continued)

Page 13: Computer Forensics

Database Security and Auditing 13

Creating an Oracle10Creating an Oracle10gg User User (continued)(continued)

• DEFAULT TABLESPACE clause: specifies default storage for the user

• TEMPORARY TABLESPACE clause• QUOTA clause: tells Oracle 10g how much

storage space a user is allowed for a specified tablespace

• PROFILE clause: indicates the profile used for limiting database resources and enforcing password policies

Page 14: Computer Forensics

Database Security and Auditing 14

Creating an Oracle10Creating an Oracle10gg User User (continued)(continued)

Page 15: Computer Forensics

Database Security and Auditing 15

Creating an Oracle10Creating an Oracle10gg User User (continued)(continued)

• PASSWORD EXPIRE clause: tells Oracle to expire the user password and prompts the user to enter a new password

• ACCOUNT clause: enable or disable account• ALTER USER: modifies a user account• Oracle Enterprise Manager: GUI administration

tool

Page 16: Computer Forensics

Database Security and Auditing 16

Creating an Oracle10Creating an Oracle10gg User User (continued)(continued)

Page 17: Computer Forensics

Database Security and Auditing 17

Creating an Oracle10Creating an Oracle10gg User User (continued)(continued)

Page 18: Computer Forensics

Database Security and Auditing 18

Creating an Oracle10Creating an Oracle10gg User Using User Using External (Operating System) External (Operating System)

AuthenticationAuthentication

• Depends on an external party to authenticate the user

• Steps:– Verify account belongs to ORA_DBA group– Set the Windows registry string

OSAUTH_PREFIX_DOMAIN to FALSE– View setting of the OS_AUTHENT_PREFIX

initialization parameter– Change OS_AUTHENT_PREFIX to NULL

Page 19: Computer Forensics

Database Security and Auditing 19

Creating an Oracle10Creating an Oracle10gg User Using User Using External (Operating System) External (Operating System) Authentication (continued)Authentication (continued)

Page 20: Computer Forensics

Database Security and Auditing 20

Creating an Oracle10Creating an Oracle10gg User Using User Using External (Operating System) External (Operating System) Authentication (continued)Authentication (continued)

Page 21: Computer Forensics

Database Security and Auditing 21

Creating an Oracle10Creating an Oracle10gg User Using User Using External (Operating System) External (Operating System) Authentication (continued)Authentication (continued)

• Steps (continued):– Create an Oracle user– Provide new user with CREATE SESSION

privilege

• Advantage: allows administrators to use one generic user to run maintenance scripts without a password

Page 22: Computer Forensics

Database Security and Auditing 22

Creating an Oracle User Using Global Creating an Oracle User Using Global AuthenticationAuthentication

• Enterprise-level authentication solution• Use the CREATE USER statement• DBA_USERS view: contains information about

all accounts

Page 23: Computer Forensics

Database Security and Auditing 23

Creating an Oracle User Using Global Creating an Oracle User Using Global Authentication (continued)Authentication (continued)

Page 24: Computer Forensics

Database Security and Auditing 24

Creating an Oracle User Using Global Creating an Oracle User Using Global Authentication (continued)Authentication (continued)

Page 25: Computer Forensics

Database Security and Auditing 25

Creating a SQL Server UserCreating a SQL Server User

• Create a login ID first; controls access to SQL Server system

• Associate login ID with a database user• Must be member of fixed server roles

(SYSADMIN or SECURITYADMIN)• Two types of login IDs:

– Windows Integrated (trusted) login– SQL Server login

Page 26: Computer Forensics

Database Security and Auditing 26

Creating Windows Integrated LoginsCreating Windows Integrated Logins

• Command line:– SP_GRANTLOGIN system stored procedure– Can be associated local, domain, group

usernames

• Enterprise Manager:– Use the Security container– Logins -> New Login

Page 27: Computer Forensics

Database Security and Auditing 27

Creating Windows Integrated Logins Creating Windows Integrated Logins (continued)(continued)

Page 28: Computer Forensics

Database Security and Auditing 28

Creating Windows Integrated Logins Creating Windows Integrated Logins (continued)(continued)

Page 29: Computer Forensics

Database Security and Auditing 29

Creating Windows Integrated Logins Creating Windows Integrated Logins (continued)(continued)

Page 30: Computer Forensics

Database Security and Auditing 30

Creating SQL Server LoginsCreating SQL Server Logins

• Command line:– SP_ADDLOGIN system stored procedure– Password is encrypted by default– Specify a default database

• Enterprise Manager:– Security container– Logins -> New Login– SQL Server Authentication option

Page 31: Computer Forensics

Database Security and Auditing 31

Creating SQL Server Logins Creating SQL Server Logins (continued)(continued)

Page 32: Computer Forensics

Database Security and Auditing 32

Removing UsersRemoving Users

• Simple process• Make a backup first• Obtain a written request (for auditing purposes)

Page 33: Computer Forensics

Database Security and Auditing 33

Removing an Oracle UserRemoving an Oracle User

• DROP command• CASCADE option: when user owns database

objects• Recommendations:

– Backup the account for one to three months– Listing all owned objects– Lock the account or revoke the CREATE

SESSION privilege

Page 34: Computer Forensics

Database Security and Auditing 34

SQL Server: Removing Windows SQL Server: Removing Windows Integrated LoginsIntegrated Logins

• Command line: SP_DENYLOGIN system stored procedure

• Enterprise Manager:– Highlight the desired login – Choose Delete from the Action menu

Page 35: Computer Forensics

Database Security and Auditing 35

Modifying UsersModifying Users

• Modifications involve:– Changing passwords– Locking an account– Increasing a storage quota

• ALTER USER DDL statement

Page 36: Computer Forensics

Database Security and Auditing 36

Modifying an Oracle UserModifying an Oracle User

• ALTER USER statement• Oracle Enterprise Manager: graphical tool

Page 37: Computer Forensics

Database Security and Auditing 37

Modifying an Oracle User (continued)Modifying an Oracle User (continued)

Page 38: Computer Forensics

Database Security and Auditing 38

SQL Server: Modifying Windows SQL Server: Modifying Windows Integrated Login AttributesIntegrated Login Attributes

• Command line:– SP_DEFAULTDB system stored procedure– SP_DEFAULTLANGUAGE stored procedure

• Enterprise Manager:– Expand the security container– Select desired login– Properties (on the Action Menu)

Page 39: Computer Forensics

Database Security and Auditing 39

Default UsersDefault Users

• Oracle default users:– SYS, owner of the data dictionary– SYSTEM, performs almost all database tasks– ORAPWD, creates a password file

• SQL Server default users:– SA, system administrator– BUILT_IN\Administrators

Page 40: Computer Forensics

Database Security and Auditing 40

Remote UsersRemote Users

Page 41: Computer Forensics

Database Security and Auditing 41

Database LinksDatabase Links

• Connection from one database to another: allow DDL and SQL statements

• Types: PUBLIC and PRIVATE• Authentication Methods:

– CURRENT USER– FIXED USER– CONNECT USER

Page 42: Computer Forensics

Database Security and Auditing 42

Database Links (continued)Database Links (continued)

Page 43: Computer Forensics

Database Security and Auditing 43

Linked ServersLinked Servers

• Allow you to connect to almost any:– Object Linking and Embedding Database

(OLEDB)– Open Database Connectivity (ODBC)

• OPENQUERY function• Map logins in your SQL Server instance to

users in the linked database• Remote servers: allow communication using

RPC

Page 44: Computer Forensics

Database Security and Auditing 44

Linked Servers (continued)Linked Servers (continued)

Page 45: Computer Forensics

Database Security and Auditing 45

Practices for Administrators and Practices for Administrators and ManagersManagers

• Manage:– Accounts– Data files– Memory

• Administrative tasks:– Backup– Recovery– Performance tuning

Page 46: Computer Forensics

Database Security and Auditing 46

Best PracticesBest Practices

• Follow company’s policies and procedures• Always document and create logs• Educate users• Keep abreast of database and security

technology• Review and modify procedures

Page 47: Computer Forensics

Database Security and Auditing 47

Best Practices (continued)Best Practices (continued)

• For SQL server:– Mimic Oracle’s recommended installation for

UNIX– Use local Windows or domain Windows

accounts

• Block direct access to database tables• Limit and restrict access to the server• Use strong passwords• Patches, patches, patches

Page 48: Computer Forensics

Database Security and Auditing 48

SummarySummary

• Document tasks and procedures for auditing purposes

• Creating users:– CREATE USER statement in Oracle– Login ID in SQL Server

• Removing users:– SQL DROP statement– SP_DENYLOGIN Windows system stored

procedure

Page 49: Computer Forensics

Database Security and Auditing 49

Summary (continued)Summary (continued)

• Modifying user attributes: ALTER USER DDL statement

• Local database and users• Remote users• Database links• Linked servers


COMPUTER FORENSICS · 2019-08-24 · 1.0 Computer Forensics In Today’s World 1.0 Intro To Computer Forensics 2.0 Need For Computer Forensics 3.0 What is Cyber Crime 4.0 Forensics

COMPUTER FORENSICS · 2019-08-24 · 1.0 Computer Forensics In Today’s World 1.0 Intro To Computer Forensics 2.0 Need For Computer Forensics 3.0 What is Cyber Crime 4.0 Forensics

Documents
Computer +forensics

Computer +forensics

Technology
Live Forensics Investigations Computer Forensics 2013

Live Forensics Investigations Computer Forensics 2013

Documents
Computer Forensics

Computer Forensics

Documents
Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Documents
Cloud Storage Forensics - SANS Computer Forensics

Cloud Storage Forensics - SANS Computer Forensics

Documents
Computer Forensics. Definition What is Computer Forensics?? –Computer forensics involves the preservation, identification, extraction, documentation,

Computer Forensics. Definition What is Computer Forensics?? –Computer forensics involves the preservation, identification, extraction, documentation,

Documents
Computer forensics - Jordan University of Science and ...tawalbeh/aabfs/presentations/computer_forensics.pdf · 29.08.2006 Computer forensics 2 Computer forensics Definitions: Forensics

Computer forensics - Jordan University of Science and ...tawalbeh/aabfs/presentations/computer_forensics.pdf · 29.08.2006 Computer forensics 2 Computer forensics Definitions: Forensics

Documents
COMPUTER FORENSICS & CAREER DR. JOE CICCONE CJ317: Computer Forensics

COMPUTER FORENSICS & CAREER DR. JOE CICCONE CJ317: Computer Forensics

Documents
Computer forensics

Computer forensics

Technology
COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

Documents
Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics

Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics

Documents
Defining computer forensics Computer Forensics ......Computer Forensics Computer forensics is a fascinating field. As enterprises become more com-plex and exchange more information

Defining computer forensics Computer Forensics ......Computer Forensics Computer forensics is a fascinating field. As enterprises become more com-plex and exchange more information

Documents
Computer Forensics: Basics Lecture 1 The Context of Computer Forensics

Computer Forensics: Basics Lecture 1 The Context of Computer Forensics

Documents
Computer)Forensics - Computing Science and Mathematics ... · Computer)Security)&)Forensics Autumn)2014 Computer)Forensics! Computer)Forensics)is)the)process)of)analysing)digital)media)to)determine)if)

Computer)Forensics - Computing Science and Mathematics ... · Computer)Security)&)Forensics Autumn)2014 Computer)Forensics! Computer)Forensics)is)the)process)of)analysing)digital)media)to)determine)if)

Documents