securing postgresql from external attack
play

Securing PostgreSQL From External Attack B RUCE M OMJIAN January, - PowerPoint PPT Presentation

Jan 29, 2024 •28 likes •318 views

Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich with attack vectors to exploit. This presentation explores the many potential PostgreSQL external vulnerabilities and shows how they can be

  1. Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich with attack vectors to exploit. This presentation explores the many potential PostgreSQL external vulnerabilities and shows how they can be secured. Creative Commons Attribution License http://momjian.us/presentations Securing PostgreSQL, From External Attack 1 / 29

  2. Attack V ectors Securing PostgreSQL, From External Attack 2 / 29

  3. External Attack V ectors ◮ ’Trust’ security ◮ Passwords / authentication theft ◮ Network snooping ◮ Network pass-through spoofing ◮ Server / backup theft ◮ Administrator access Securing PostgreSQL, From External Attack 3 / 29

  4. Internal Attack V ectors (Not Covered) ◮ Database object permissions ◮ SQL injection attacks ◮ Application vulnerability ◮ Operating system compromise Securing PostgreSQL, From External Attack 4 / 29

  5. Authentication Security http://www.my-time-machines.net/mosler_34.htm Securing PostgreSQL, From External Attack 5 / 29

  6. Avoid ’Trust’ Security # TYPE DATABASE USER CIDR-ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv6 local connections: host all all ::1/128 trust Solution: Use the initdb -A flag, i.e., you don’t want to see this: WARNING: enabling "trust" authentication for local connections Y ou can change this by editing pg_hba.conf or using the -A option the next time you run initdb. Securing PostgreSQL, From External Attack 6 / 29

  7. Password Snooping Connection Request PostgreSQL Database Need Password Database Client Password Sent Server Vulnerable to snooping md5(password+username) md5(password+username) md5(password+username) md5(password+username) Using ’username’ in the MD5 string prevents the same password used by different users from appearing the same. It also adds some randomness to the md5 checksums. Securing PostgreSQL, From External Attack 7 / 29

  8. MD5 Authentication Prevents Password Snooping connection request PostgreSQL need password, sent random salt Database Database Client md5(md5(password+username) + salt) Server md5(password+username) md5(password+username) md5(password+username) md5(password+username) Securing PostgreSQL, From External Attack 8 / 29

  9. MD5 Authentication Prevents Password Replay connection request PostgreSQL need password, sent random salt0 Database Database Client md5(md5(password+username) + salt0) Server OK md5(password+username) connection request md5(password+username) Malicious md5(password+username) need password, sent random salt1 Database md5(password+username) Client md5(md5(password+username) + salt0) X replay salt is a random four-byte integer so millions of connection attempts might allow the reuse of an old authentication reply. Securing PostgreSQL, From External Attack 9 / 29

  10. Password Attacks ◮ Weak passwords ◮ Reuse of old passwords ◮ Brute-Force password attacks None of these vulnerabilities is prevented by Postgres directly, but external authentication methods, like LDAP , PAM , and SSPI , can prevent them. Securing PostgreSQL, From External Attack 10 / 29

  11. Queries and Data Still Vulnerable to Network Snooping SELECT * FROM customers; PostgreSQL Barr Bearings | $10230 | James Akel Database Database Client Queries and data vulnerable to snooping Server Password changes are also vulnerable to snooping. Securing PostgreSQL, From External Attack 11 / 29

  12. SSL Prevents Snooping By Encrypting Queries and Data AES256(SELECT * FROM customers); PostgreSQL AES256(Barr Bearings | $10230 | James Akel) Database Database Client Queries and data encrypted by SSL Server Securing PostgreSQL, From External Attack 12 / 29

  13. Preventing Spoofing http://redwing.hutman.net/~mreed/warriorshtm/impostor.htm Securing PostgreSQL, From External Attack 13 / 29

  14. Localhost Spoofing While the Database Server Is Down Connection Request Fake PostgreSQL Database Need Plain Password Database Client Password Sent Server X Records passwords for later use with the real server Uses a fake socket or binds to port 5432 while the real server is down. (/tmp is world-writable and 5432 is not a root-only port.) The server controls the choice of ’password’ instead of ’md5’. Securing PostgreSQL, From External Attack 14 / 29

  15. Network Spoofing Connection Request Fake PostgreSQL Database Need Plain Password Database Client Password Sent Server X Records passwords for later use with the real server Without SSL ’root’ certificates there is no way to know if the server you are connecting to is a legitimate server. Securing PostgreSQL, From External Attack 15 / 29

  16. Network Spoofing Pass-Through Connection Request Fake PostgreSQL PostgreSQL Database Need Plain Password Database Database Client Password Sent Server Server OK Query Records passwords for later Result use with the real server. It can also capture queries, data, and inject its own Query queries. Result Without SSL ’root’ certificates there is no way to know if the server you are connecting to is a legitimate server. Securing PostgreSQL, From External Attack 16 / 29

  17. SSL ’Prefer’ Is Not Secure SSL or Non−SSL Prefer SSL Fake PostgreSQL PostgreSQL Database No SSL Database Database Client Non−SSL Server Server OK Query Records passwords for later Result use with the real server. It can also capture queries, data, and inject its own Query queries. Result Without SSL ’root’ certificates there is no way to know if the server you are connecting to is a legitimate server. Securing PostgreSQL, From External Attack 17 / 29

  18. SSL ’Require’ Is Not Secure From Spoofing SSL or Non−SSL Require SSL Fake PostgreSQL PostgreSQL Database OK SSL Database Database Client SSL Server Server OK Query Records passwords for later Result use with the real server. It can also capture queries, data, and inject its own Query queries. Result Without SSL ’root’ certificates there is no way to know if the server you are connecting to is a legitimate server. Securing PostgreSQL, From External Attack 18 / 29

  19. SSL ’V erify-CA’ Is Secure From Spoofing SSL verify-ca Fake PostgreSQL PostgreSQL Database Invalid certificate Database Database X Client (no CA signature) Server Server root.crt server.crt Securing PostgreSQL, From External Attack 19 / 29

  20. SSL ’V erify-full’ Is Secure Even From Some Certificate Thefts SSL verify−full Fake PostgreSQL PostgreSQL Database Invalid certificate Database Database X Client (hostname mismatch) Server Server root.crt ������� ������� server.crt server.crt ������� ������� Certificate stolen from a CA−trusted computer, but not the database server. Securing PostgreSQL, From External Attack 20 / 29

  21. Data Encryption T o Avoid Data Theft http://jproc.ca/crypto/enigma.html Securing PostgreSQL, From External Attack 21 / 29

  22. Disk Volume Encryption http://www.pclaunches.com/ Securing PostgreSQL, From External Attack 22 / 29

  23. Column Encryption id | name | credit_card_number --------+--------------------+------------------------------ 428914 | Piller Plaster Co. | \xc30d04070302254dc045353f28 ; 456cd241013e2d421e198f3320e8 ; 41a7e4f751ebd9e2938cb6932390 ; 5c339c02b5a8580663d6249eb24f ; 192e226c1647dc02536eb6a79a65 ; 3f3ed455ffc5726ca2b67430d5 Encryption methods are decryptable (e.g. AES), while hashes are one-way (e.g. MD5). A one-way hash is best for data like passwords that only need to be checked for a match, rather than decrypted. Securing PostgreSQL, From External Attack 23 / 29

  24. Where to Store the Key? On the Server SELECT * FROM customers; PostgreSQL Barr Bearings | $10230 | James Akel Database Database Client Decrypted data Server key Securing PostgreSQL, From External Attack 24 / 29

  25. Store the Key on an Intermediate Server SELECT SELECT Cryptographic PostgreSQL V#ja20a Database Barr Bearings Server Database Client Decrypted Encrypted Server key Securing PostgreSQL, From External Attack 25 / 29

  26. Store the Key on the Client and Encrypt/Decrypt on the Server SELECT decrypt(col, key) FROM customers; PostgreSQL Barr Bearings | $10230 | James Akel Database Database Client Decrypted data Server key Securing PostgreSQL, From External Attack 26 / 29

  27. Encrypt/Decrypt on the Client SELECT * FROM customers; PostgreSQL V#aei32ok3 Database Database Client Encrypted data Server key This prevents server administrators from viewing sensitive data. Securing PostgreSQL, From External Attack 27 / 29

  28. Store the Key on a Client Hardware T oken SELECT * FROM customers; PostgreSQL V#aei32ok3 Database Database Client Encrypted data key Server This prevents problems caused by client hardware theft. Securing PostgreSQL, From External Attack 28 / 29

  29. Conclusion http://momjian.us/presentations Todd Ehlers, Flickr Securing PostgreSQL, From External Attack 29 / 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing PostgreSQL Christophe Pettus PostgreSQL Experts, Inc. PGDay FOSDEM 2018 Greetings!

Securing PostgreSQL Christophe Pettus PostgreSQL Experts, Inc. PGDay FOSDEM 2018 Greetings!

Securing PostgreSQL Christophe Pettus PostgreSQL Experts, Inc. PGDay FOSDEM 2018 Greetings! Christophe Pettus CEO, PostgreSQL Experts, Inc. thebuild.com personal blog. pgexperts.com company website. Twitter @Xof

945 views • 70 slides
Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

www.securing.pl Pawel Rzepa Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in - Pentesting - Cloud security assessment Blog: https://medium.com/@rzepsky @Rzepsky

1.1k views • 63 slides
Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Benjamin Braun, Klemens Mang Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to detect attackers accessing your service? How to analyze attack patterns? How to detect yet unknown attack

246 views • 13 slides
Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole

Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole

Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole detection mechanisms Security and Cooperation in Wireless Networks Georg-August University Gttingen Introduction many wireless networking

639 views • 32 slides
PostgreSQL Who, What, When, Where, Why, How? 1 QUIS? Who's involved with PostgreSQL? Core

PostgreSQL Who, What, When, Where, Why, How? 1 QUIS? Who's involved with PostgreSQL? Core

PostgreSQL Who, What, When, Where, Why, How? 1 QUIS? Who's involved with PostgreSQL? Core team: https://www.postgresql.org/community/contributors/ Large Users: https://www.postgresql.org/about/users/ Case Studies:

517 views • 7 slides
PostgreSQL SQL-MED Ibrar Ahmed Senior Software Engineer @ Percona PostgreSQL Consultant What?

PostgreSQL SQL-MED Ibrar Ahmed Senior Software Engineer @ Percona PostgreSQL Consultant What?

PostgreSQL SQL-MED Ibrar Ahmed Senior Software Engineer @ Percona PostgreSQL Consultant What? Is an relational database Licence PostgreSQL: Released under the PostgreSQL management system (RDBMS) License. (Similar to the BSD or MIT)

232 views • 10 slides
A DFA attack on White-box implementations of AES with external encoding WhibOx 2019: White-Box

A DFA attack on White-box implementations of AES with external encoding WhibOx 2019: White-Box

A DFA attack on White-box implementations of AES with external encoding WhibOx 2019: White-Box Cryptography and Obfuscation, 18-19/05/2019, Darmstadt Alessandro Amadori , Wil Michiels and Peter Roelse Department of Mathematics and Computer

655 views • 26 slides
PostgreSQL Provider The PostgreSQL provider gives the ability to deploy and congure resources

PostgreSQL Provider The PostgreSQL provider gives the ability to deploy and congure resources

PostgreSQL Provider The PostgreSQL provider gives the ability to deploy and congure resources in a PostgreSQL server. Use the navigation to the left to read about the available resources. Usage provider "postgresql" { host

242 views • 12 slides
Securing your database servers from external attacks Alkin Tezuysal (Sr. Technical

Securing your database servers from external attacks Alkin Tezuysal (Sr. Technical

Securing your database servers from external attacks Alkin Tezuysal (Sr. Technical Manager,Percona) David Busby (Information Security Architect, Percona) Who we are? David Busby (@icleus) Alkin Tezuysal ( @ask_dba ) Technical

429 views • 30 slides
Distributed PostgreSQL Santa Clara, California | April 23th 25th, 2018 Simon Riggs CTO,

Distributed PostgreSQL Santa Clara, California | April 23th 25th, 2018 Simon Riggs CTO,

Distributed PostgreSQL Santa Clara, California | April 23th 25th, 2018 Simon Riggs CTO, 2ndQuadrant, leading PostgreSQL Support Company Database Architect & Consultant Author of PostgreSQL Admin Cookbook PostgreSQL Major

305 views • 26 slides
Look It Up: Practical PostgreSQL Indexing Christophe Pettus PostgreSQL Experts

Look It Up: Practical PostgreSQL Indexing Christophe Pettus PostgreSQL Experts

Look It Up: Practical PostgreSQL Indexing Christophe Pettus PostgreSQL Experts Postgres Open 2019 Christophe Pettus CEO, PostgreSQL Experts, Inc. christophe.pettus@pgexperts.com thebuild.com twitter @xof Indexes! We

1.14k views • 78 slides
PostgreSQL, pgAdmin, and JOINs PDBM 7.37.3.1.5 Dr. Chris Mayfield Department of Computer

PostgreSQL, pgAdmin, and JOINs PDBM 7.37.3.1.5 Dr. Chris Mayfield Department of Computer

PostgreSQL, pgAdmin, and JOINs PDBM 7.37.3.1.5 Dr. Chris Mayfield Department of Computer Science James Madison University Feb 06, 2020 What is PostgreSQL? PostgreSQL is a powerful, open source object-relational database system. . .

768 views • 18 slides
Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides
Securing Your Data in Postgres Payal Singh DBA@OmniTI payal@omniti.com Contents Event

Securing Your Data in Postgres Payal Singh DBA@OmniTI payal@omniti.com Contents Event

Securing Your Data in Postgres Payal Singh DBA@OmniTI payal@omniti.com Contents Event Triggers Authentication ACLs Auditing Row-Level Security SSL / TLS Encryption Replication https://www.postgresql.org/support/security/ 1.

932 views • 50 slides
Securing Software Supply Chains Why 3 Days Might Be Your New Normal for DevSecOps Cameron

Securing Software Supply Chains Why 3 Days Might Be Your New Normal for DevSecOps Cameron

Securing Software Supply Chains Why 3 Days Might Be Your New Normal for DevSecOps Cameron Townshend Solution Architect, APJ, Sonatype Since 2000, 52% of Fortune 500 have been replaced. Established business leaders are also under attack

515 views • 47 slides
Beyond Trust PostgreSQL Client Authentication Christoph Mnch-Tegeder 2ndQuadrant

Beyond Trust PostgreSQL Client Authentication Christoph Mnch-Tegeder 2ndQuadrant

Beyond Trust PostgreSQL Client Authentication Christoph Mnch-Tegeder 2ndQuadrant http://www.2ndquadrant.com/ 2017-02-05 Part I Authentication Why Authentication? Too complicated Nobody knows my database Nobody will attack us

813 views • 39 slides
Universit degli Studi di Napoli Federico II Corso di Applicazioni Telematiche a. a. 2008-2009

Universit degli Studi di Napoli Federico II Corso di Applicazioni Telematiche a. a. 2008-2009

Universit degli Studi di Napoli Federico II Corso di Applicazioni Telematiche a. a. 2008-2009 Simon Pietro Romano spromano@unina.it Corso AT AA2008-09 Simon Pietro Romano 1 Session Initiation Protocol (SIP) SIP overview

357 views • 32 slides
Modern Security Model for Linux Operating Systems Aleksander Zdyb S OFTWARE E NGINEER T IZEN P

Modern Security Model for Linux Operating Systems Aleksander Zdyb S OFTWARE E NGINEER T IZEN P

Aleksander Zdyb Modern Security Model for Linux Operating Systems Aleksander Zdyb S OFTWARE E NGINEER T IZEN P LATFORM S ECURITY a.zdyb@samsung.com https://github.com/azdyb Briefly about security requirements About Tizen operating system

920 views • 46 slides
CS 204: Advanced Computer Networks Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social

CS 204: Advanced Computer Networks Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social

CS 204: Advanced Computer Networks Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences 1403 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring17/ 1 Why Networks? Supports the applications that we use today Social media

725 views • 46 slides
Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern Immutability The Inverse Life Coach Pattern Trust The foundation of software security 1. Hello! Im Businessman Bob! 2. Hello! Im the

666 views • 66 slides
Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de>

Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de>

Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de> Wed Apr 18, 2012 University of the German Federal Armed Forces, Munich Slide 1 Outline History Design Goals SSL/TLS Stack

439 views • 15 slides
SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common standards for securing network applications in Internet E.g., web browsing Essentially, standards to negotiate, set up, and apply crypto

2.93k views • 13 slides
Session Management e t Software and Web Security 2 a age Sess o sws2 Recall from last week

Session Management e t Software and Web Security 2 a age Sess o sws2 Recall from last week

1 Session Management e t Software and Web Security 2 a age Sess o sws2 Recall from last week Server and client, i ie. web application and browser, b li ti d b communicate by HTTP requests and responses HTTP response can be

631 views • 44 slides
Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons SSH Secure shell (remote login) IPSec IP Security suite, originally for use with IPv6 SSL/TLS Secure Sockets Layer / Transport Layer

322 views • 18 slides

More recommend