CIS 483 Final
guidelines for determining the classification system for alerts
*classification system for error severity levels 1. information messages 2. errors that can be corrected by a user 3. software errors 4. fatal errors *classification system for alerts 1. create immediate alerts for software and fatal errors 2. create alerts for errors that can be corrected by a user 3. do not create alerts for informational errors
column level encryption
*Can encrypt specific data columns *Use built in functions and rely on a key management hierarchy *Need to reconstruct the application to handle encryption/decryption explicitly when storing or retrieving data *The tables modified to store the encrypted data as varbinary. when used, converted back to the original data type *can be encrypted using a certificate or passphrase
sysadmin (fixed server role)
*can conduct any task in SQL server *DBAs
dbcreator (fixed server role)
*can create and make changes to databases *assistant DBAs as well as developers *DONT use it
bulkadmin (fixed server role)
*can execute the BULK INSERT statement *assistant DBAs
setupadmin (fixed server role)
*can install replication and manage extended stored procedures *Assistant DBAs
diskadmin (fixed server role)
*can manage files on disk *assistant DBAs
securityadmin (fixed server role)
*can manage security issues (login creation/deletion, audit logs reading, grant permission to create database) *Assistant DBAs
serveradmin (fixed server role)
*change server wide configuration options *assistant DBAs
steps to sign stored procedures using certificates
*create a certificate *sign stored procedures with the certificate *create a user from the certificate (certificate user) *grant the access to the tables and stored procedures to the certificate user
*database user *fixed database role *user-defined database role *application role
database level principles
users, database roles
database principals
INFORMATION_SCHEMA & sys
database users that it used internally
db_ddladmin
Allowed to run any Data Definition Language (DDL) command against the database. This includes commands to Create, Alter, and Drop database objects. Cannot Grant, Revoke, or Deny.
inference
sensitive information derived from non sensitive information
implicit context switching
set the execution context within a module such as a stored procedure, trigger, or user-defined function
roles
similar to groups in Windows
aggregation
the sum of different instances of entity result in sensitive information being exploited
ALTER AUTHORIZATION
used to change the ownership of a securable
*SQL server login *fixed server role *user-defined server role
SQL server level principles
logins, server roles
SQL server principals
user-defined server, database roles
*create a custom set of permissions *server-level permissions can be allocated *group users with the same security privileges within the database * can assign windows user or group accounts to user database roles * can assign a SQL account or a windows account to database user
signing procedures with certificates
*create a sever and database user account with no rights to the base objects *create a certificate user account rights to a table and a stored procedure
transparent data encryption (TDE)
*database engine performs encryption and decryption automatically *transparent to the end user and applications *no changes to the database or applications *simpler for bulb encryption of data
dbo
*database owner *sysadmin fixed server is mapped to this user in each database. any object created by any member of the sysadmin fixed server role belongs to this user automatically
audit charter
*define the IS audit and assurance function 1. mission and goals 2. independence and accountability 3. roles and responsibilities of the auditee
guidelines for determining the notification policy
*determine whom to notify based on the alert classification *design a notification escalation policy *design a review process for events that are not notified *do not create too many notifications for the same person or group
execution context
*determines the permissions to execute statements *can be changes to a different principal other than the user or login connected to the session
service master key
*each SQL server instance has this *created automatically during installation and protected by the Data Protection API *symmetric key *if compromised, all keys can be decrypted
principal
*entities that can request SQL Server resources *includes logins of all types and roles *each has SID *each scoped at the windows, server or database level
public role (in server roles)
*every SQL Server login belongs to this role *the login inherits the permissions granted to the public on that object if nothing has been granted
public role (in database roles)
*every database has this role *all database users and roles inherit permissions granted to the public
fixed database roles
*fixed permissions at the database level *assigned to database users
vulnerability scanning
*focuses on know weaknesses *can be automated *does not necessarily require expertise
penetration testing
*focuses on known and unknown weaknesses *requires highly skilled testers *carrier tremendous legal burden in certain countries/orgs
IT security auditing
*focuses on security policies and procedures *used to provide evidence for industry regulations
threat hunting
*focuses on unknown and advanced threats *analyst-driven investigation, not relying on rule-based detection or signature mechanisms *methods: 1. hypothesis-driven 2. IOC-driven 3. Analytics-driven
permissions
*granted to a principal on securables *GRANT, DENY, REVOKE
fixed-server roles
*installed by default and have fixed permissions *logins assigned to these roles *cascaded to the database level
processadmin (fixed server role)
*kill a process *assistant DBAs and developers
application roles
*manage database access for an application *database principal *do not contain members; inactive by default *can use EXECUTE as to connect to other databases *user assumes the application role permissions, losing its own permissions *activated by stored procedure: sp_setapprole
guidelines for identifying what to monitor
*monitoring events at the instance level *monitoring events at the database level
schema ownership
*ownership of schemas and schema-scoped securables is transferable *schema owner has full control on all objects in the schema *schemas can be owned by any database principal *single pricipal can own multiple schemas *multiple database users can share a single default schema *each user has a default schema from 2005
classes of controls
*preventive *detective *deterrent *corrective *compensating *recovery
guidelines for designing database roles
*provides a granular permissions framework *uses grant, deny, and revoke permission states
major steps of a pen test
*reconnaissance and footprinting *scanning *exploiting *data collection *cleaning-up *deliver report
securables
*resources on which permissions can be granted *principals acquire permissions to these *can be nested to form hierarchies called "scope"
explicit context switching
*use EXECUTE AS statement to change the user or login *grant IMPERSONATE to a login or user to enable execution as a different login or user
ownership chaining
*use most of the time *circumvent DENYs *multiple database objects access each other sequentially
database master key
*used in creating certificates or asymmetric keys *protected by service master key *encrypted using a 3DES key derived from the password and service master key
guidelines for securing the SQL server agent service
1. execute the SQL server agent service under a windows security context 2. create a local or domain windows low-privilege account 3. use subsystems to restrict access 4. define a proxy account
VIEW DEFINITION
allowed for viewing (source code, login info, table metadata) if given at the table level
db_accessadmin
allowed to add or remove database access for logins
db_backupoperator
allowed to back up the database
db_datawriter
allowed to change the data in all user tables
db_securityadmin
allowed to manage permissions for database users, including membership in roles
db_owner
allowed to perform any action on the database. members of the sysadmin fixed-server role are mapped to this database role
db_datareader
allowed to read all user table data
db_denydatawriter
denied the right to change the data in any of the user tables
db_denydatareader
denied the right to read all user table data
guest
disabled by default. if enabled, any login can use the database without a user account
ALTER
gives ability to modify
CONTROL
gives ownership-like rights
*windows group *windows domain login *windows local login
windows level principles