Effective Oracle Database 10g Security by Design

When applications and databases are installed today, they start in a state that is often configured to help the user become productive as quickly as possible. As such, one of the first things you should do to protect yourself is to tighten your configurations against attacks—also referred to as hardening. An important aspect of this process is that everything needs to be hardened. For example, paying attention to just the network security while forsaking the operating system security is not a good idea. Security extends from the infrastructure components to the applications themselves. The old saying is true: a chain is as strong as its weakest link.

The following sections suggest ways to harden your systems. It’s important to understand the hardening process for the operating system, the network, and application server because the database ultimately depends on and interacts with all three of these components.

The Operating System

Operating systems vary in practically every aspect. They not only serve different roles within an organization, they also have different design targets from their respective manufacturers. Depending on the operating system, the version, and the role of the server in which the operating system resides, the actions you must take to harden it will change. The following list is suggestive, not comprehensive, but should nevertheless serve as a guide to some of the most useful practices for hardening an operating system:

• Physically protect the servers Real “incidents” have occurred when someone put the server on a cart and wheeled it off. They got not only the hardware, but all applications and data within. Database servers are often prime targets because they hold the information jewels and generally run on the more expensive hardware. Once the server falls into the possession of someone else, it’s very difficult to ensure that the data within it is still secure.

• Turn off un-needed daemons and services You should disable traditional services such as Telnet, ftp, finger, and print services, unless there’s a good reason not to do so. On Windows machines, there shouldn’t be any open shares. A good practice is to disable everything and then enable only the things that are needed to get the server into its operational state.

• Check file and directory permissions Before plugging the machine into the network, the system files should be correctly secured. Setting the correct permissions on files and directories prevents unauthorized people from accessing things they should not. It’s a good idea to check the files’ settings periodically to ensure that nothing has changed. A lot of valuable information can be leaked from a system where the simple directory and file permissions haven’t been set and maintained properly.

• Remove or disable unused accounts Many operating systems come with default accounts. Some of the accounts are tied to services. When the services are no longer in operation, it’s advisable to disable or remove the account to prevent it from being used as a foothold into your system.

• Remove unused and unneeded software This can be a challenging, though necessary, task. Removing unneeded programs limits the possibility that someone will exploit a bug and compromise the system. This especially pertains to default programs that may be out of date, unpatched, and configured in an insecure manner. In addition, any accounts automatically provisioned in support of the application should be removed or, at minimum, disabled.

• Lock inactive computers One of the most common times information is stolen is when an employee goes to lunch and leaves an unlocked, unattended computer. Setting the computer to lock itself upon inactivity helps with this problem, as does training the employees to lock computers before leaving them. Typical timeout values vary from one minute of inactivity in highly secure, high-traffic areas, to ten minutes in more controlled areas. Locking prematurely inhibits the usability of the computer, so the timeouts have to be weighed against how the user interacts with the computer. A company policy should establish proper values and be rigorously enforced.

• Use an Intrusion Detection System (IDS) An IDS can automate some of the processes needed to detect someone tampering with your system, which is helpful in ensuring everything is as it should be. Create a procedure for handling incidents that arise. For example, if the system administrator sees someone or something changing directory and file permissions, they should know how to respond immediately to the event.

• Turn off banners to prevent fingerprinting Fingerprinting, or profiling, is the act of interrogating a system, either actively or passively, to determine the make and model of the server. Fingerprinting allows someone to tailor their attacks for the known vulnerabilities of that specific system. Welcome banners are a favorite target. Simply issuing a Telnet or ftp to a server with banners will generally give the OS and version release. Therefore, banners and anything else that identifies key aspects of the server should be disabled or turned off. While there are many ways to determine information about a system, turning off banners is a simple way to make the job of system fingerprinting a little more challenging for hackers.

• Run virus protection software This is a must and should be enforced via a company policy. Infections spread through contact. One infected client computer can cause major disruption throughout an entire organization. Regular and frequent updates to the software’s virus definitions are mandatory for virus protection to work effectively.

• Keep it patched Software is imperfect. Application of patches, and in particular, security patches, is a key ingredient in maintaining a secure infrastructure. Delaying patch application can result in a compromised system or systems. However, there are prudent reasons why patch application may be deferred; see the upcoming bullet “Apply Patches” for more details.

• Monitor the OS logs and keep them secure Log files may be your best hope in determining suspicious activity. For this reason, it is important to check these files regularly for irregularities. Also, be sure the log files are secured from nonadministrative users. This helps to prevent an attacker from deleting the log files and thus covering their tracks.

• Restrict the number of super-users Ensure that the super-user privilege is given only to a certain group of administrators who are willing to be accountable for anything bad that happens to the system. Also ensure that the shared password is strong and not written on a sticky note underneath the keyboard of the server!

• Read, read, read Several books have been written discussing the hardening process for specific operating systems. Some of the titles to consider are McGraw-Hill/Osborne’s Hardening Linux by John H. Terpstra, Hardening Windows Systems by Roberta Bragg, and Hardening Network Infrastructure by Wesley J. Noonan. These books are invaluable tools that cover the nuances of each particular operating system. While the suggestions given here are generally applicable to all operating systems, these books often spell out particular idiosyncrasies of various operating systems.

The Network

In some ways, the network poses the biggest security challenge. It is the connective tissue linking together the various clients, servers, corporations, partners, and quite frankly everything and everyone. The usefulness of your IT systems is generally based on these vast and varied interconnections, but the connections also introduce risks.

Network security can be simply described as providing data confidentiality and data integrity and preventing data disruption for data in transit. The problem is simple: you are trying to pass sensitive data over an unprotected medium. As data moves through the “ether,” it is susceptible to everything in the great unknown.

Another concern is manifested by what a network is. The network provides a connection path, not just for the authorized people, but the unauthorized as well. Think of networks as the hallways that interconnect the rooms in a big apartment building. Almost anyone can walk the halls. Similarly, almost anyone can traverse the network. The halls lead to the offices. The networks lead to the computers. The offices have valuables. The computers store valuable data. Just as the hallways can allow a thief to gain access to an office, a network can allow hackers to attack your servers from afar. Protecting the network means you are protecting everything that touches the network.

Network security distills into encrypting the data streams, providing data integrity checks, and limiting access into certain networks and servers to authorized people. There are many things that can be done to provide network security. Here are some of the most popular:

• Use a good network topology A good network topology and design can mitigate risks and help secure the infrastructure. The topology includes placement of hubs, routers, firewalls, wireless access points, and modems. Designing a network also involves making decisions such as whether to utilize shared networks, bus architectures, or switched networks. Think carefully about the design from a security perspective as well as the normal bandwidth and hardware cost perspectives. This is not a one-time process. Every new piece of network hardware added to the network should trigger someone to rethink and re-evaluate the network topology.

• Use Virtual Private Networks (VPNs) VPNs are good for securing all traffic, regardless of protocol, across unprotected network domains. VPNs are also attractive solutions for linking field offices to the main office when using public (shared) networks.

• Use IPSec or Secure Socket Layer (SSL) for strong encryption and authentication SSL was originally developed by Netscape for use in their browsers. It has become the de facto standard for securing http traffic. SSL is also a key technology in allowing e-commerce to prosper.

• Firewalls, firewalls, firewalls Probably the most exciting part about network security, other than cryptography, is the firewall. Firewall technology has grown exponentially since it was started. Today, there are many types and many to choose from, and they have vast and varying capabilities. The challenge of firewalls lies in properly configuring them to secure your enterprise networks while still making things accessible and usable. Basic designs often incorporate a demilitarized zone (DMZ), a technique for isolating Internet traffic from intranet traffic. Consider mixing vendor products because vulnerabilities found in one vendor’s product are unlikely to be found in another vendor’s product.

• Check configurations regularly Security is a perpetual process. Your network device configurations may have to be tweaked on regular intervals. Plan for this. The configurations should start with the most restrictive policy and then relax to accommodate the needed ports and protocols.

• Use Network Address Translations (NAT) This technique hides the real IP addresses of your computers from the outsiders. When done correctly, NAT can be a useful security technique because it shields your network topology from hackers.

• Apply patches Patch the routers, switches, firewalls, and computer networking software as often as possible. It usually isn’t long from the time an exploit is discovered until it is made public, and someone has posted a script on the Internet to be used by anyone and everyone to exercise this new vulnerability. Quickly applying patches may be your only defense.

• Use Network Intrusion Detection Systems (IDS) Network IDS provide another layer of defense. They typically monitor the network and can detect things such as denial-of-service attacks, IP spoofing, and other signs of malicious activity.

• Stay abreast of technology developments Research and development in the area of network security continues at a rapid pace. Interesting developments include the use of personal firewalls, IDS capabilities, and application filtering. Stay current and knowledgeable on what’s available and how to use it properly to secure your enterprise. Hackers are always on the bleeding edge of technology, and you should be too.

The Application Server

Application servers are a critical part of your infrastructure. Here, I am not only referring to the Oracle Application Server, but also to anyone’s application server. Because application servers provide an environment for applications, they are particularly attractive targets. They typically provide access to databases that hold key information and may contain encryption keys, passwords, and other valuable pieces of information. Many of the actions needed to secure application servers are similar to the actions discussed for securing the OS and network.

• Turn off banners Just as with operating systems, you want to keep your application server’s cards close to your chest. Identifying information can be a hacker’s ally.

• Remove ports and services that are not in use Many application servers include a broad array of network services. Turn everything off, and then selectively turn on the features that are needed. In some cases, this may not be easy because there can be a lot of infrastructure ports that are needed by the server.

• Consider nonstandard ports for services Everyone knows the ports for http, LDAP, and so on. While switching ports is somewhat remedial, an attacker has to guess which one of the 65,000 other ports you might have chosen. If you have removed banners and turned off everything except what you need, this step can help solidify your security even more.

• Use virtual hosting to conceal the host name Similar in concept to using NAT, it is beneficial to hide the actual hostname from hackers.