DATABASE SECURITY AND AUDITING PROTECTING DATA INTEGRITY AND AGGCESSIBILITY HASSAN A. AFYGILINIDATABASE SECURITY AND AUDITING: Protecting Data Integrity and Accessibility By Hassan A. AfyouniTHORSON oa COURSE TECHINOLENGi¥ Database Security and Auditing: Protecting Data Integrity and Accessibility By Hassan A. Afyouni Bxecutive Editor: Mac Mendelsohn ‘Senior Product Manager: Bunce Yeates-Fogle Senior Acquisitions Bditor: Maureen Martin Editorial Assistant: Jennifer Smith COPYRIGHT © 2006 Thomson Course ‘Technology, division of Thomson Learns Inc. Thomson Learning™ ia trademark used herein under license Printed in Canada 123456789WCo9 08070605 For more information, contact Thomson (Course Technology, 25 Thomson Place, Boston, Massachusets, 02210 (Or find us on the World Wide Web Development Editor: Gretchen Kiser Production Editors: Brooke Booth, Cecile Kaufinan ‘Senior Marketing Manager: Karen Seite Associate Product Manager: Mirella Misiaszek ALL RIGHTS RESERVED. No pat of thie work ‘covered bythe copyright hereon maybe epro- duced or used in any forin or by ay rmeane— tion, of information storage and retrieval sy=- tems—ithout the veritten permission of the publisher For permision to use material from this text oF product, submits request online at ‘wonthomsoncights.com ‘Any additonal questions about permissions can be submited by e-mail to ‘[email protected] (Quality Assurance Testing: Chris Scriver, Serge Palladino, Burt LaFountain Cover Designer: Laura Rickenbach Disclaimer: ‘Thomson Course Technology reserves the right to revise this publication and make changes from time to time in its content without notice. ‘The Web addresses inthis book are subject to change from time to time 3s necessary without ISBN 0-619-21559:3,sight Brief Contents introduction Part | Chapter One Security Architecture .... Chapter Two Operating System Security Fundamentals Chapter Three Administration of Users. Chapter Four Profiles, Password Policies, Privileges, and Roles Chapter Five Database Application Security Models Chapter Six Virtual Private Databases . Part it Chapter Seven Database Auditing Models . . Chapter Eight ‘Application Data Auditing. . 165 =207 -.287 = 283 Chapter Nine Auditing Database Activities. Part Ill Chapter Ten Security and Auditing Project Cases ...... 349 ‘Appendix A Appendix B Glossary. BibliographyTable of Contents Introduction. xiii i Part | Chapter One Security Architecture ...... Introduction Security Ee Information Systems. Database Management Systems Information Security .. Confidentiality Integrity... Availability. oe Information Security Architecture. Database Security Database Security Levels . Menaces to Databases . Asset Types and Their Value Security Methods Database Security Methodology ----- Database Security Definition Revisited -28 Chapter Summary Review Questions : Hands-on Projects ..... i Case Project . Chapter Two - Operating System Security Fundamentals .. Operating System Overview... ‘The Operating System Security Environment .. ‘The Components of an Operating System Security Environment .........-..++.37 Services... 37 vvi CONTENTS Files . : File Permissions ...... File Transfer. Sharing Files Memory Authentication Methods. ‘Authorization User Administration Password Policies Vulnerabilities of Operating Systems. . E-mail Security Chapter Summary . Review Questions. Hands-on Projects. Case Project .. Endnotes ....... 40 Chapter Three Administration of Users ....... Introduction Documentation of User Administration Operating System Authentic: Creating Users. Creating an Oraclel0g User .- IDENTIFIED Clause .... BY Password Option EXTERNALLY Option . GLOBALLY AS external_name Option = DEFAULT TABLESPACE tablespace_name Clause ‘TEMPORARY TABLESPACE tablespat QUOTA Clause .. PROFILE Clause . PASSWORD EXPIRE Clause ACCOUNT Clause . sen (Creating an Oracle10g User Using Database Authentication : Creating an Oraclel0g User Using External (Operating Stem) ‘Authentication Creating an Oracle User Using Global Authentic ‘Creating a SQL Server User ‘Windows Integrated (Trusted) Logins »CONTENTS vii Creating Windows Integrated. Losin. 2B SQL Server Login. : 76 Removing Users . : 9 Removing an Oracle User ..... “79 SQL Server: Removing Windows Integrated Logins 80 Modifying Users : ModifVing an Oracle User - SQL Server: Modifying Windows Integrated Login Attributes . Default Users See Oracle Server Default Users - SYS and ORAPWD Utility SQL Server Default Users . Remote Users. Database Links ‘Authentication Methods Linked Servers Remote Servers Practices for Administrators and Managers... Best Practices... Chapter Summary . Review Questions... Hands-on Projects ... Case Projects. Chapter Four Profiles, Password Policies, Privileges, and Roles .. . Introduction eee Defining and Using Profiles Creating Profiles in Oracle . Creating Profiles in SQL Server 2000 Designing and Implementing Password Policies What Isa Password Policy? ......-...4 Designing Password Policies Implementing Password Policies... Granting and Revoking User Privileges “6 16vii contents Privileges in SQL Server cee 2B Table and Database Objects Pies 136 ‘Column-level Privileges . Mi Creating, Assigning, and Revoking User Roles. Creating Roles with Oracle ...... ‘Creating Roles with SQL Server . : 146 Best Practices 155 Chapter Summary .. Review Questions Hands-on Projects ... Case Projects 156 157 157 160 Chapter Five Database Application Security Models . Introduction ‘Types of Users Security Models . ‘Access Matrix Model Access Modes Model . Application Types Client/Server Applications Web Applications .... Data Warehouse Applications .. Other Applications . Application Security Models Security Model Based on Database Roles Security Model Based on Application Roles Security Model Based on Application Fun: ‘ Security Model Based on Application Roles and Functions... Security Model Based on Application Tables ..............., Data Encryption ....... Chapter Summary Pharmacy Application Review Questions Hands-on Projects Case Projects... Endnotes i| CONTENTS ix Chapter Six Virtual Private Databases . Introduction Overview of Virtual Private Databases Implementing a VPD Using Views... Hiding Rows Based on the Current User Implementing a VPD Using Application Context, Implementing Oracle Virtual Private Databases .. Viewing VPD Policies and Application Context Using the Data Dictionary . : Viewing VPD Policies and Applicaton Contexts Using Policy Manager... : Implementing Row- and Colummlevel Security with SQLServer. 2243 Row-based Security Using Access Levels. Row-based Security Using Application Functions . Column-based Security .. Chapter Summary . Review Questions Hands-on Projects. Case Projects Part I Chapter Seven Database Auditing Models Introduction Auditing Overview ... Definitions . Auditing Activities Auditing Environment .. Auditing Process Auditing Objectives... Auditing Classifications and Types. ‘Audit Classifications Audit Types . Benefits and Side Effects of ring Auditing Side Effects .x CONTENTS: Auditing Models ‘Simple Auditing Model 1 ‘Simple Auditing Model 2 ‘Advanced Auditing Model . Historical Data Model : ‘Auditing Application Actions Model .......... 2 Security Chapter Summary Review Questions: «2... Hands-on Projects .....+.00+++ Case Projects ses eeseeseee Chapter Eight Application Data Auditing .... Introduction .........005 seeene DML Action Auditing Architecture Oracle Triggers SQL Server Triggers Creating Triggers : ‘ Implementation of an Historical Model with SQL Server Implementation of Application Actions Model with SQL Server Fine-grained Auditing (FGA) with Oracle .. DML Statement Audit Trail. DML Action Auditing with Oracle . Data Manipulation History .... History Auditing Model Implementation Using Oracle ..... DML Auditing Using Repository with Oracle (Simple 1) . DML Auditing Using Repository with Oracle (Simple 2) . ‘Auditing Application Errors with Oracle . Oracle PLISQL Procedure Authorization. Chapter Summary ...... cee 3d --324 337 34 344 Review Questions ........++ 345 Hands-on Projects .. 345 Case Projects .......1 347CONTENTS xi Chapter Nine Auditing Database Activities . Beenie 349 Introduction 350 Using Oracle Database Activities .. : 350 (Creating DLL Triggers with Oracle ee 2351 -382 Example of LOGON and LOGOFF Database Events - ee 355 ‘Auditing Code with Oracle .... ‘Auditing Database Acti Auditing DDL Activi Oracle Alert Log ‘Auditing Server Activity with Microsoft SQL Server 2000... ties with Oracle . 367 368 Implementing SQL Profiler .......... 368 Security Auditing with SQL Server 369 Data Definition Auditing .. 374 Database Auditing with SQL Server ....... 375 Database Errors Auditing with SQL Server . 376 Chapter Summary .. 377 Review Questions. 378 Hands-on Projects . 11378 Case Project Endnotes ..... Part Ill Chapter Ten Security and Auditing Project Cases Introduction See Case 1: Developing an Online Database Case 2: Taking Care of Payroll Case 3: Tracking Town Contracts Case 4: Tracking Database Changes (Case 5: Developing a Secured Authorization Repodtoryxii CONTENTS Appendix A Database Security Checklist Appendix B Database Auditing Checklist Glossary cece cee eres eran: 399 Bibliography . 5.0.0.0... eee sees ee 405Introduction THE COST OF DATA LOSS 1S RISING progressively every year. Companies are losing data due to malicious attacks and improper implementation of database security and auditing. Data integrity and accessibility must be protected in order to ensure the com- pany operability. ‘Yesterday's DBAs were equipped with all sorts of technical skills that empowered them to manage the database for optimal efficiency and use. Today's DBAS must have in addition the ability to implement security policies and auditing procedures in order to protect one of the most valuable assets of an organization—data. Data has become so Iission critical and indispensable an asset that an organization could become paralyzed and inoperable if data integrity, accessibility, and confidentiality is violated. This book is designed to provide the reader with an understanding of security con- cepts and practices in general and those specific to database security in a highly detailed implementation. Not only will te reader gain a good understanding of database secu- rity, the reader will be shown how to develop database applications embedding from simple to sophisticated security and auditing models using Oracle10g and Microsoft SQL Server 2000. Intended Audience This book is intended for any person who is involved with database applications. The reader could be a developer, system analyst, business analyst, data architect, database administrator, ora systems development manager working with database applications. This book can be used as a textbook in colleges and universities, in career training, schools, or as training material for companies with IT professionals. The book assumes the reader has a basic knowledge of database concepts. The book's pedagogical features are designed to provide a learning experience to equip the reader with all the tools nec- essary to implement database security and auditing in order protect data, Each chapter includes a case study that places the reader in the role of problem solver, requiring you to apply concepts presented in the chapter to achieve a successful solution. Book Organization This book is divided into three logical parts: the first part (Chapters 1 to 6) introduces, you to general concepts related to database security; the second part (Chapters 7 to 9) discusses topics related database auditing; and the third part (Chapter 10) provides prac- tical case projects covering all th xiiixiv DATABASE SECURITY AND AUDITING: PROTECTING DATA INTEGRITY AND ACCESSIBILITY Chapter Descriptions Here is a summary ofthe topics covered in each chapter of this book: (Chapter 1, “Security Architecture” presents fundamental security concepts that serve as. the building blocks to data and database security. This chapter covers important con cepts such as information systems components, database management systems function- alites, and major components of information security architecture. These concepts and ‘others are presented and explained from a database security perspective. ‘Chapter 2. The first line of defense is the network that connects users to the database and the second line of defense is the operating system of the server where the database resides. “Operating System Security Fundamentals” provides a quick but essential tour of the operating system functionalities from a security perspective. The focal points of the chapter are an explanation of the components of the operating system security environ ‘ment, operating system vulnerabilities, and password polices, Chapter 3, “Administration of Users” is a step-by-step walkthrough on how to create, drop, and modify user accounts in Oracle10g and SQL Server 2000. This chapter outlines all the various security risks related to user administrations that administrators must be ‘ware of. Finally, this chapter concludes with best practices adopted by database admin istration experts. Chapter 4, “Profiles, Password Policies, Privileges, and Roles” covers the security compo- nents of a database account. This chapter provides full description and instruction on how to administer these components and details on how to grant and revoke these com: ponents to and from database user accounts. This chapter concludes with best adminis- tration practices related to these topics. Administration instructions are provided for both Oraclel0g and SQL Server 2000. (Chapter 5, “Database Application Security Modes” presents concepts that are the core of «database application security It presents different application security models that can be adopted and implemented for most business models Chapters 6, “Virtual Private Databases” explains in detail the concept of virtual private databases and presents step-by-step implementa Oraclet0g. In addition, this chapter explores and implements virtual private database functionalities such as Application Context and Policy Manager provided by Oraclel0g. ‘Chapter 7, “Database Auditing Models is a fundamental chapter for understanding database auditing, The chapter explains the differences between and the interdependence of security and auditing, This chapter defines the role and responsibilities ofthe auditor and presents a full discussion of the auditing environment and auditing benefits and side ng effects. Another important part of this chapter is discussion of various database au ‘models to be implemented in Chapters 8 and 9. ‘Chapter 8, “Application Data Auditing” presents an implementation of application data changes auditing. Step-by-step instruction shows the reader how to develop and imple- ‘ment the database auditing models presented in Chapter 7 in both SQL Server and. Oracle10g. The fine-grained auditing feature provided by Oracle10g is outlined in this >n using views in SQL Server 2000 andFeatures INTRODUCTION xv ‘chapter along with detailed explanations on how it can be implemented as part of the database administration procedures. Chapter 9, “Auditing Database Activities” provides the reader with various demonstra- tions and illustrations on how to implement database auditing using Oracle10g and SQL Server 2000. Subtopics of database auditing include database events, data control state- ments, and data definition operations. A full description and implementation of Oracle10g AUDIT statement is provided in this chapter. SQL Server 2000 and Oraclel0g tracing facilities are also covered. Chapter 10, ‘Security and Auditing Project Cases” is implementation only. No new data- base concepts are presented. However, this chapter presents the most important phase of the learning process—implementation in practical business situations. This chapter presents five different cases that encompass all the major topics and materials covered in this book. Appendix A, “Security Checklist” presents a chec impact database security. of security dos and don'ts that “Appendix B, “Auditing Security” presents a checklist of auditing dos and don'ts for data- base auditing. ‘To help you in fully understanding database security and auditing, this book includes ‘many features designed to enhance your learning experience. ‘4 Chapter Objectives. Each chapter begins with a detailed list of the concepts to be mastered within that chapter. This list provides you with both a quick reference to the chapter's contents and a useful study aid. Illustrations and Tables. Numerous illustrations of security and auditing concepts and models are presented supplement text discussion. In addition, the many tables provide details of database objects presented in this book as well as some of the practical and theoretical information. Hands-On Projects. Although itis important to understand the database and audit- ing concepts, it is more important to improve and build your knowledge with real life implementation of hands-on projects. Each chapter provides includes several Hands-On Projects aimed at providing you with practical implementation of con- cepts and scenarios covered in each chapter. These projects cover both Oraclel0g. and Microsoft SQL Server 2000. = Chapter Summaries. Each chapter's text is followed by a summary of the concepts introduced in that chapter. These summaries provide a helpful way to review the ideas covered in each chapter. a Review Questions. The end-of-chapter assessment begins with a set of review ques- ions that reinforce the ideas introduced in each chapter. These questions help you evaluate and apply the material you have learned. Answering these questions will ensure that you have mastered the important concepts of database security and auditing.xvi DATABASE SECURITY AND AUDITING: PROTECTING DATA INTEGRITY AND ACCESSIBILITY Case Projects. Located at the end of each chapter are Case Projects. In these exten- sive exercises, you implement the skills and knowledge gained in the chapter through real design and implementation scenarios. & Glossary. For easy reference, a glossary atthe end of the book lists the key terms in alphabetical order along with definitions. = Step-by-step demonstrations. These ae essential components of the book illustrat- ing in detail how to implement most ofthe concepts presented in each chapter. ' Scenarios. Embedded within the chapter text, scenarios are very helpful in relating the concepts to real life situations. Text and Graphic Conventions ‘Wherever appropriate, additional information and exercises have been added to this book to help you better understand the topic at hand. Icons throughout the text alert You to additional materials. The icons used in this textbook are described below. ‘The Note icon draws your attention to additional helpful material related to the subject being described. Each Hands-On activity in this book is preceded by the Hands-On icon and a description of the exercise that follows. The Hands-On icon also appears in the chapter to identify which Hands-On Project provides practice for the current topic. (Case Project icons mark Case Projects, which are scenario-based assignments. In these ‘extensive case examples, you are asked to implement independently what you have learned. Special icons highlight information in the book that explain how you can secure information using people, products, or procedures. Instructor's Materials ‘The following additional materials are available when this book is used in a classroom setting. All of the supplements available with this book are provided to the instructor on a single CD-ROM. You can also retrieve these supplemental materials from the Course ‘Technology Web site, wwnn.course.com, by going to the page for this book, under “Download Instructor Files & Teaching Tools.” Electronic Instructor’s Manual. The Instructor’s Manual that accompanies this textbook includes the following items: additional instructional material to assist in class Preparation, including suggestions for lecture topics; recommended lab activities; tips on setting up a lab for the Hands-On Projects; and solutions to all end-of-chapter materials. ExamView Test Bank. This cutting-edge Windows-based testing software helps instruc- tors design and administer tests and pretest. In addition to generating tests that can be Printed and administered, this full-featured program has an online testing component that allows students to take tests at the computer and have their exams automatically graded. PowerPoint Presentations. This book comes with a set of Microsoft PowerPoint slides for each chapter. These slides are meant to be used as a teaching aid for classroom Presentations, to be made available to students on the network for chapter review, of to be printed for classroom distribution. Instructors are also at liberty to add their own slides for other topics introduced.INTRODUCTION xvii Figure files. All of the figures and tables in the book are reproduced on the Instructor's Resource CD, in bitmap format. Similar to PowerPoint presentations, these are included as a teaching aid for classroom presentation, to make available to students for review, or to be printed for classroom distribution. Lab Requirements To the User This book is divided into three parts and each partis designed to be read in sequence from beginning to end. Each chapter in the Database Security part builds on preceding chapters to provide a solid understanding of all the necessary concepts and practical {implementations of security in database applications. Also, each chapter in the Database Auditing builds on preceding chapters to provide a comprehensive understanding of auditing from a database perspective. The last part of the book is designed to provide the reader with practical cases using all concepts learned in previous parts of the book. Hardware and Software Requirements The following are the software requirements needed to perform cases and code pre- sented in the chapter and the end-of-chapter mate Oracle10g (10.1.0.2.0) ‘Windows SQL Server 2000 Oracle Enterprise Manager Oracle Policy Manager ‘Windows 2000 Please note that SQL Server will not install on Windows XP. For more information ‘on the SQL Server 2000 system requirements, please refer to the Microsoft™ Web site at: http: oem microsoft.com/sql/evaluation/sysreqs/2000/default.asp Specialized Requirements ‘The code presented in this book requires a good understanding of Oracle PL/SQL lan- guage and Microsoft SQL Server 2000 Transact-SQL language. In some instances knowl- edge of Oracle and Microsoft SQL Server administration may be required. Special Acknowledgments | would like to thank Jason Penniman for his contribution of writing the Microsoft SQL Server code presented in this book. His talent and skills never failed to amaze me.DATABASE SECURITY AND AUDITING: PROTECTING DATA INTEGRITY AND ACCESSIBILITY Acknowledgments ‘The completion of this book is attributed to every member of the team that worked dili- ‘gently on this project. My thanks to Mac Mendelsohn, Vice President, Product Technology Strategy, for giving me the opportunity to write this book, Maureen Martin for her sup- Port, and Eunice Yeates-Fogle for patiently managing this project. The Quality Assurance ‘Team, Chris Scriver, Serge Palladino, and Burt LaFountain did a terrific job, as did Brooke Booth and Cecile Kaufman who shepherded the manuscript through the production Process. Special thanks to my friends for their support: Robert Payne, Garry Boyce, Sou Chon Young, Bob Hurley, Vinnie Falcone, Barbara Griffin, and to the reviewers and pro- duction team. I am indebted to the following individuals for their respective contributions ‘of perceptive feedback on the initial proposal, the project outline, and the chapter-by- chapter reviews of the text: Randy Weaver, Everest College Barbara Nicolai, Purdue University Calumet Anthony Dashnaw, Clarkson University Michelle Hansen, Davenport University Kenneth Kleiner, Fayetteville Technical Community College G. Shankar, Boston University Dan Rafail, Lansing Community College Yiber Ramadani, George Brown College Debbie Rasnick, Virginia Highlands Community College John Russo, Wentworth Institute of Technology ‘Arjan Sadhwani, San José State University ‘Ningning Wa, University of Arkansas at Little Rock Dedication I dedicate this book to my beautiful, beloved, and devoted wife whose love and support is never ending, and to the pearls of my life: my daughter, Aya, and my sons, Wissam and Sammy. About the Author Hassan A. Afyouni has been working in the information technology field as a consultant for over fifteen years as database developer, database architect, database administrator, and data architect. He has been an instructor at several universities in Canada and the United States, a corporate trainer for some major corporations, and a curriculum devel- ‘per for various courses and programs.PART ONE Security Architecture LEARNING OBJECTIVES: Upon completion of this material, you should be able to: = Define security ‘= Describe an information system and its components Define database management system functionalities Outline the concept of information security [Identify tie major components of information security architecture List types of information assets and their values = Define database security = Describe security methods 4 = fae ee = = = = Ea faee EE cea 4 p—4 cae = od = ies = i= | Same Sa Same Seams fet rae2 CHAPTER 1 Introduction A quick look at security statistics reveals that security violations and attacks are increasing slobally at an annual average rte of 20% Statistics show that virus alerts, e-mail spam- ‘ming, identity theft, data theft, and other types of security breaches ae also on the rise, Rising ata faster rate are the related cost for preventive and protective measures. In response to this situation, organizations are focusing more heavily on the security of their information. This book places you inthe role of a database administrator who is respond: ing to this increasing focus on security by strengthening the security of your organization's database. The frst part of this book deals with topics that enable you to implement secu rity measures on your database to protect your data from a variety of violations. To pre- pare for the technical discussions inthe chapters to follow, this chapter presents an intro- duction to concepts such as general security, information systems, database management systems, and information security—all of which act as the basis for database security. To gain an understanding of the issues you would face as a database administrator {rying to implement increased security, consider the following scenarios. They give you a feeling for the types of security topics covered by the first half of this book. ‘A prominent institution hires you to manage a team of skilful database developers, architects, and administrators. Your fist challenge on the job is to design and implement ‘anew database security policy to secure data and prevent data integrity violations You are a database administrator fora small startup company. Your company just ‘won a contract from a large, reputable organization to implement a new database application. One of the requirements is to enforce astringent security policy, which ‘was never before a priority for your company. You are a database developer assigned to a new project, which involves the latest technology. As you read the functional specification of the module you are to build, you discover that the data to be stored must be encrypted. ‘These area few of the many scenarios you're likely to encounter as you progress through the world of work. This chapter covers both security principles and implementa- tion, in general, and database security, more specifically. Not long ago, most companies protected their data simply by preventing physical access to the servers where the data resided. This practice was sufficient until several inci- dents occurred in which data was jeopardized, compromised, and hijacked. Corporations quickly moved to enforcing security measures via operating systems, which prevented data violations by requiring the authentication of the identity of computer users. This approach was successful until new vulnerabilities and new threats brought different types Of risks to database systems and applicat Database management systems that depend on operating systems cannot survive without the implementation of security models that enforce strict security measures. Most database management systems did not have a secure mechanism for authentication and encryption until recently, when setious research and development was initiated to add security components that enable database administrators to implement security policies, Yesterday's DBA was equipped with all sorts of technical skills that empowered him ‘or her to manage a database efficiently. Today's DBA is required to have an additional skill—that of implementing security policies that protect one of the most valuable assets of a company—its data, ns,