Threats to Databases and Solutions

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> In our last section,
00:00
we talked about the basics of building a database.
00:00
Now we're going to talk about some of
00:00
the most common threats and then the solutions.
00:00
Code injection being solved through
00:00
input validation and sanitization.
00:00
Then we have the threat of aggregation and inference
00:00
being solved by what we refer to as polyinstantiation.
00:00
We had mentioned code injection earlier.
00:00
I know it's at the bottom of the list,
00:00
but I just want to get that out of the way.
00:00
We've already talked about
00:00
how to mitigate code injection.
00:00
Code injection is when an attacker uses
00:00
input forms to input malicious code into our database.
00:00
If it's stored in our database,
00:00
it can be read by our database and run by our database.
00:00
We don't want to allow an attacker to input
00:00
any sort of code that might be run on the back-end.
00:00
Why we keep that from happening is we validate input.
00:00
If it doesn't follow specific rules,
00:00
then that entry is not allowed, it's disallowed.
00:00
You'll get an error message if you try to input,
00:00
that your name is Bobby Tables or something like that,
00:00
should be referencing tables in an input form.
00:00
Now, the other threat
00:00
that we want to talk about and really two threats,
00:00
we have aggregation and inference.
00:00
Let's talk about that for a minute.
00:00
I went to lunch with some friends
00:00
>> of mine I used to work
00:00
>> with and I hadn't seen them in a couple of months.
00:00
We got around the table and
00:00
one of my friends scooched
00:00
in like she had something to tell me.
00:00
Now, this particular friend of mine is a gossip.
00:00
God, love her. She's a gossip.
00:00
Now, I personally do not gossip.
00:00
I'm like, listen, but I don't gossip.
00:00
She scooched in and I perked up my ears.
00:00
She said, "Hey, did you know Holly was pregnant?"
00:00
I said, "No, that's great news.
00:00
When did she tell you?"
00:00
Her answer really cracked me up
00:00
because she said, "Oh, she didn't tell me."
00:00
Well, we'll have what?
00:00
She said "Well, let me tell you how I know.
00:00
Holly went to happy hour with us
00:00
last week and she didn't drink. "
00:00
Okay, whatever.
00:00
"That's not all.
00:00
Holly had a doctor's appointment last week".
00:00
Okay, that's fine.
00:00
"That's not all.
00:00
She was sick as she could
00:00
be yesterday when she came to work. "
00:00
Now what's interesting is we have
00:00
>> an assortment of facts.
00:00
>> None of them particularly meaning
00:00
>> anything on their own.
00:00
>> But when you aggregate or put them together,
00:00
we start to see what may be a bigger picture.
00:00
Aggregation just simply means I'm
00:00
pulling lots of facts from different locations.
00:00
Where the real attack is,
00:00
is when we take those facts and we jump to
00:00
a conclusion or we make an assumption.
00:00
She aggregated these facts.
00:00
My friend was sick,
00:00
she had a doctor's appointment, she didn't drink.
00:00
She made the assumption based on
00:00
those three aggregated pieces of information,
00:00
she made the assumption
00:00
that my friend Holly was pregnant.
00:00
I got a question for you.
00:00
Do you think my friend Holly was pregnant?
00:00
Oh, yes, she was.
00:00
You better listen to those gossips.
00:00
They know a lot more.
00:00
As a matter of fact,
00:00
I knew Brad and Angelina were going to break up
00:00
months before they did because I'm always watching.
00:00
Just kidding. Don't care.
00:00
But here's the thing.
00:00
That is what good gossips do,
00:00
is they listen and they don't discard
00:00
any one piece of information because
00:00
>> it's insignificant.
00:00
>> They keep it in
00:00
their back pocket so when something else comes,
00:00
they can compare and pull together
00:00
this information to try to get a big picture.
00:00
The question is, well,
00:00
what if Holly didn't want people
00:00
>> to know she's pregnant?
00:00
>> What could she have done? Well, she had two choices.
00:00
The first choice, she could have lied.
00:00
She could have just said none of your business.
00:00
I'm sorry. Rather than lying, she should have
00:00
just said none of your business.
00:00
"Hey, Holly, you're not drinking tonight. Why not?"
00:00
None of your business.
00:00
"Hey, are you just getting in from work?
00:00
Where work you?" None of your business.
00:00
"Holly, you seem to be sick.
00:00
Are you feeling okay?"
00:00
None of your business.
00:00
Now, if she'd said none of your business,
00:00
instead of giving any information, that would be fine.
00:00
But what happens when you tell a gossip?
00:00
None of your business.
00:00
Game on, none of your business.
00:00
[LAUGHTER] it's my business now I will find out.
00:00
Just the way that when
00:00
we label that our data is top secret,
00:00
we're actually telling an attacker,
00:00
"Hey, here's some really good stuff."
00:00
Simply by labeling something as top secret,
00:00
we're actually making it more desirable to an attacker.
00:00
Just the way if you tell me none of your business,
00:00
all of a sudden I'm like, oh,
00:00
this must be juicy.
00:00
The idea is we don't want attackers
00:00
to pull together pieces of
00:00
unclassified information to make
00:00
>> a classified assumption.
00:00
>> The pulling it together is aggregation,
00:00
the assumption is inference.
00:00
The better thing that Holly could have done,
00:00
rather than saying none of your business,
00:00
Holly should have just lied.
00:00
"Hey, Holly, you're not drinking tonight?"
00:00
Oh, I'm designated, driver.
00:00
Now that doesn't tell me, none of your business,
00:00
that just gives me an answer that frankly is boring,
00:00
I don't think of it again.
00:00
"Hey Holly, you are a little late.
00:00
Where are you coming from?"
00:00
Oh, I did an extra appointment.
00:00
That's fine." Holly, you look sick."
00:00
Yeah, a college friend was over
00:00
last night and we stayed up till 3:00 in the morning.
00:00
What we're doing is we're feeding misinformation to
00:00
snooping parties to satisfy them without telling them,
00:00
"oh, this is a good secret that you don't know."
00:00
Now the way this would work is,
00:00
this is often built into
00:00
databases as a type of confidentiality control.
00:00
The idea is, let's say that I'm in
00:00
a Naval Yard and I noticed
00:00
that a ship is being prepared to sail.
00:00
They're bringing stuff on,
00:00
they're getting it ready.
00:00
I log on to the database
00:00
>> with somebody without clearance.
00:00
>> I have no clearance. I log on to the database.
00:00
I see that the ship is destined for the coast of
00:00
Africa and it's delivering food. Okay, fine.
00:00
That satisfies my curiosity.
00:00
I've been told what it is.
00:00
However, because you have top-secret clearance,
00:00
when you log on right behind me,
00:00
you're given the actual scenario,
00:00
is that the ship is being loaded with
00:00
munitions and it's delivering
00:00
the munitions somewhere in the Middle East.
00:00
What we have is we have two instances
00:00
of the same situation.
00:00
It's a database control.
00:00
One is misinformation fed to people
00:00
>> with lower clearance.
00:00
>> The other is accurate information that's
00:00
only available to people of a certain level.
00:00
Word on the street is this is
00:00
something showing up on the test.
00:00
Polyinstantiation,
00:00
think of it as a fancy word for lying.
00:00
Next time you're caught in a lie.
00:00
That wasn't a lie.
00:00
I was just polyinstantiating
00:00
a little bit and then throw a smoke bomb and run.
00:00
Polyinstantiation solves the problem
00:00
of aggregation and inference.
00:00
We don't want people to figure out lots of
00:00
information that's unclassified so
00:00
that they can make an assumption of
00:00
something that is classified.
00:00
Rather than letting individuals
00:00
pull together pieces of information,
00:00
we may feed misinformation downward
00:00
in order to protect the more classified information.
00:00
Winston Churchill once said,
00:00
that sometimes, what was it he said?
00:00
Sometimes the truth is so sacred we must
00:00
protect it with a body of lies. That's pretty heavy.
00:00
But that's exactly what's
00:00
going on with polyinstantiation.
00:00
We provide protection for
00:00
our top-secret very sensitive information
00:00
by feeding misinformation downwards.
00:00
We talked about our database vulnerabilities
00:00
of code injection,
00:00
aggregation, and inference.
00:00
We talked about some of the solutions
00:00
with aggregation and inference.
00:00
We talked about polyinstantiation.
00:00
Then for code injection,
00:00
we talked about input sanitization and validation.
00:00
Well look at that, look where that brings us.
00:00
We have finished the lecture
00:00
>> by golly on all of domain 8.
00:00
>> Domain 8, of course,
00:00
was software development security where we talked about
00:00
secure software development in
00:00
our processes in the software development lifecycle.
00:00
We talked about securing web applications and then we
00:00
wrapped up with a tax on databases.
00:00
Throughout this section, we've talked about malware.
00:00
That wraps up Domain 8.
00:00
Stick around, we'll do a little bit of
00:00
additional information as we
00:00
take all this information together,
00:00
give you some ideas about where
00:00
to go and what to do next.
Up Next