Five Threats to Data Security and How to Protect Against Them
Transcription
Five Threats to Data Security and How to Protect Against Them
Five Threats to Data Security and How to Protect Against Them Table of Contents Executive Summary The purpose of this paper is to examine five specific risks to data security, showing where and how confidential data may be vulnerable—and how you can protect your business against these threats. Introduction..........................................................................................................................................................1 1) Data Vulnerability in Transit and Storage .................................................................................................2 Why Web Servers and Databases Are Not Secure ...............................................................................2 Protecting Data with Encryption ................................................................................................................2 2) New Types of Application-level Attack.....................................................................................................3 Exploitable URLs and Worms .....................................................................................................................3 Intrusion Protection Against Malicious Traffic.........................................................................................3 3) Private Key Mismanagement ........................................................................................................................4 When Private Keys are Not so Private.....................................................................................................4 Protecting Keys with Secure Key Management.......................................................................................4 4) Identity and Access Management Risks .....................................................................................................5 Who Is It and How Do You Know? ..........................................................................................................5 Authentication, Authorization, and Access Control ..............................................................................5 5) Misconfigurations and Other Administration Errors..............................................................................6 To Err is Human ... and Potentially Dangerous .......................................................................................6 Easy, Error-free Administration ..................................................................................................................7 About SafeNet .....................................................................................................................................................8 Introduction Most networking and security professionals are already familiar with the many statistics about Internet traffic and data security. You know that the increase in confidential information sent over the Internet has resulted in increased cases of data compromise. You’ve read the reports of successful application-level and URL-based attacks launched against Web servers and ecommerce databases. You know that 60% of security breaches are perpetrated by insiders. And you know that a compromise in data security can mean a compromise to the business itself. This paper is not designed to re-tread these statistics or horror stories. The purpose of this paper is to examine five specific risks to data security, showing where and how confidential data may be vulnerable—and how you can protect your business against these threats. The specific risks are posed by: o o o o o unencrypted data in vulnerable locations new types of application-level attacks mismanagement of private keys inadequate user authentication and authorization human administrative error All of these risks have one thing in common: they can be greatly reduced, in some cases completely eliminated, through an Active Application Security product that effectively delivers a powerful combination of data encryption, key management and access management technologies, with no loss in networking performance. 1) Data Vulnerability in Transit and Storage Why Web Servers and Databases Are Not Secure The SSL protocol is a proven method of protecting information moving over the Internet. Using SSL to secure confidential data such as credit card numbers and medical information offers protection from prying eyes as this data passes from sender to recipient via the Internet, intranets and extranets. But once this data reaches its destination—typically a Web server in the recipient’s network—the encryption is stripped away, leaving the data in a plain-text format as it traverses the local area network, application servers, and databases. Therein lies the vulnerability—data in a plain-text state is easily readable in transit and in storage. In this state, it is particularly vulnerable to theft or compromise by anyone inside or outside the network who can gain access to the Web servers or to the database. What’s needed. In order to truly protect this data, it is not enough to simply protect the network. The data itself must be safeguarded. Currently, the most reliable way to provide this protection is through encryption that—instead of being stripped off at the Web server—stays with the data as it travels through Web servers and application servers and is stored in the database. Protecting Data with Encryption If typical network caches and switches could read encrypted data, there wouldn’t be unencrypted data on the network. But caching and switching functions, which require reading packet data rendered incomprehensible by encryption, cannot perform this function. SafeNet has developed a data security solution capable of caching and switching without leaving data vulnerable and unencrypted on the backend. Placed on the network between the switch and the Web server farm, the SafeNet device sits directly in the data path to terminate the SSL/TLS session of HTTPS traffic and decrypt the packets for caching and switching. Via SafeNet’s Content Encryption Service Engine, specific data fields are re-encrypted with a super-secure triple-DES key or AES. This ensures that data never resides in a vulnerable plain-text format, but remains protected anywhere in the network whether in transit or in storage. The same encryption that guards confidential information such as credit card and bank account numbers also protects passwords and cookies. Passwords are safe from common exploits such as dictionary attacks because the actual password is guarded with a keyed hash that protects the password even in the event of a dictionary attack on the password file. Cookies are similarly protected with a Message Authentication Code, so if an altered cookie were submitted, the SafeNet device would recognize and reject it as unauthorized. Encryption also protects Web-based enterprise applications, such as MS Outlook, PeopleSoft, SAP, Oracle, and Siebel. Any application-specific protocol can be secured in transit and in storage, easily and without added capital and operational costs. White Paper: Five Threats to Data Security and How to Protect Against Them—Page 2 of 8 Positioned directly in the data path, the SafeNet solution protects data where it is most vulnerable—on the backend infrastructure—by encrypting incoming HTTP/HTTPS traffic, in addition to performing caching, switching and SSL/TLS acceleration functions. 2) New Types of Application-level Attacks Exploitable URLs and Worms Recent attacks against e-commerce sites have proven the vulnerability of Web sites to exploitable URLs. Certain Web servers and third-party add-ons ship with exploitable holes installed by default. If these vulnerable URLs are left unblocked, an attacker can take advantage of these weak links to run scripts that provide unauthorized access to the Web servers. Similarly, worms (like Code Red and Nimda) target servers and execute attack commands causing denial-of-service and site-defacement consequences for the victim networks. Part of the problem here is that an effective defense requires a constant, and often unrealistic, level of vigilance. Firewalls, operating at a lower network level, are not effective in protecting against attacks at the application layer. Security advisories promptly report known exploitable URLs, but the job of defending against these vulnerabilities is one of relentless catch-up, with no guarantees against new exploits that arise nearly every day. This situation creates serious potential for damage, both to the network and to the information stored there. What’s needed. What is needed is either an SSL/TLS termination product that can automatically upload and block a list of vulnerable URLs, or a Active Application Security solution that: a) sits in the data path to terminate malicious traffic and b) allows network administrators to immediately block weak URLs so networks are not unprotected while security vendors prepare the corrective patch for customers. Intrusion Protection Against Malicious Traffic The SafeNet product sits between the front router and the backend infrastructure. As the recipient of all HTTP/HTTPS traffic, the solution applies specific defined filtering rules based on the type of request. This allows the solution to intercept and terminate malicious payloads, effectively protecting the backend servers. This method of URL-blocking is more convenient since it is easier to define filters on a few upfront devices than on a larger number of backend servers. White Paper: Five Threats to Data Security and How to Protect Against Them—Page 3 of 8 As an additional protection against URL-based attacks, the device itself is more secure than typical Web servers. The hardware is tamper-resistant and all non-essential services and executables have been removed resulting in a stripped-down operating system that carries no standard shell other than its own proprietary command-line interface. A defense against Denial of Service (DoS) overloads such as SYN floods has been built-in, and the management console is designed for easy error-free blocking of a specific list of URLs. 3) Private Key Mismanagement When Private Keys are Not so Private Keys are the foundation of all encryption-based security solutions. If a hacker, internal or external, gains access to your private keys, the security of your entire network is gone. Not reduced—gone. That’s a risk currently assumed by companies that store the Web server’s private keys on the Web server itself. Web servers are not secure due to the fact that anybody can connect to it, and typically a high number of MIS personnel have access to it. Additionally, the keys are often stored in an easily readable plaintext format. Stored in a software environment and exposed in server memory, keys are vulnerable to discovery. An intruder who compromises your keys can launch “spoofing” attacks impersonating your site with the stolen key, and “eavesdropping” attacks using the stolen key to hack into an online transaction or access earlier transactions. What’s needed. The best protection against private key compromise is a superior combination of physical security and key management technology, including tamper-resistant hardware and the most stringent security standards throughout the private key lifecycle. Protecting Keys with Secure Key Management With a SafeNet solution, private keys remain private. Secure key management technology is certified to FIPS 140-1 Level 2, the most stringent standard of government-specified best practices for deploying network security. This safeguards keys, in both hardware and software, against compromise throughout the entire lifecycle. Secure Storage Private keys are generated and stored in a tamper-proof housing. Any attempt at physical tampering results in the immediate destruction of all private keys, making it much more difficult for either external or internal hackers to access this vital information. Even if a solution is stolen, the private keys remain secure. Secure Transport and Backup When private keys are backed up, they are doubly encrypted using an administrator’s backup key and an internal key, preventing exposure of the administrator’s password even under a dictionary White Paper: Five Threats to Data Security and How to Protect Against Them—Page 4 of 8 attack at a backup file. Keys are never exported in cleartext and cannot be released without triple-DES encryption, ensuring secure preservation in all backup and storage activities. Secure Recovery Even the strictest standards of tamperproof security must allow for key recovery in the event of legitimate need. If a key owner were injured or incapacitated, there must be a way to avoid the irretrievable loss of their key and thus their data. SafeNet has designed a “k of n” recovery procedure that allows for this through the use of a single master key. Inaccessible to any individual, this master key can be assembled only by a predefined group of individuals who each own a piece of the key and simultaneously agree to combine all their pieces. Even then, the master key can only be utilized for single key recovery, not to “unlock” the key storage. The benefits are clear: emergency key recovery is possible, but only via a coordinated and extremely secure measure. 4) Identity and Access Management Risks Who Is It and How Do You Know? The advent of intranets and extranets—as well as the transformation of Web browsers into universal client to server-based applications—has made it possible for an organization to extend data access to employees, customers, and business partners. But offering access to a broader constituency creates its own IT challenges: how to identify authorized and unauthorized users, how to define and manage access to specific data systems, and how to ensure that those identities cannot be counterfeited or altered. Many systems allow access based upon a user ID and password, but a more robust and provably secure solution utilizes client-side digital certificates. These utilize public/private key encryption technologies, and though unbreakable, are often not deployed due the challenge of generating and managing these certificates, as well as the computational load placed upon the network system. What’s needed. The best way to ensure that the right people are able to access the right resources is a system that combines certificate-based authorization, tamper-proof hardware and granular access control with management ease and no loss of networking performance. Authentication, Authorization, and Access Control Authentication and Authorization SafeNet solutions utilize digital certificates, a more secure method of identification than user IDs and passwords. Certificates can contain a great deal of data about an individual or network resource, making them an ideal mechanism for authorization. Instead of simply granting carte blanche access to the network, the system can deliver a more granular level of access tailored to user status and data needs. To reduce the complexity of creating and managing certificates, the solutions have a built-in certificate authority, making certificate generation easy and efficient. Additionally, SafeNet’s hardware-based SSL/TLS acceleration technologies ensure that data security does not come at the cost of low performance. Access Control SafeNet’s solutions allow customized security procedures to be established and enforced for multiple levels and functions. Individual administrators can be authorized to perform specific functions, such as networking, security and back-ups. Each function can be protected by a separate password, thereby limiting security risk to the entire network. White Paper: Five Threats to Data Security and How to Protect Against Them—Page 5 of 8 Netegrity SiteMinder With the Netegrity SiteMinder Service Engine, SafeNet solutions allow select users—like employees, partners and customers—to present their encrypted credentials and be authorized for a specific level of access. Netegrity Web Agents running on a secure SafeNet solution are less susceptible to compromise than on a regular Web server. 5) Misconfigurations and Other Administration Errors To Err is Human ... and Potentially Dangerous Network administration is known for being a notoriously thankless job. It is also rife with opportunities for mistakes: simple omissions, typos, or oversights that would go unnoticed in any another profession can spell security risks on a network and serious performance problems on a Web site. For instance, the process of configuring SSL parameters properly on a Web server is typically cumbersome and error-prone. While most Web servers allow for SSL configuration, they often require a high level of expertise and familiarity with command-line interfaces in order to be done accurately and thoroughly. An improperly configured server can result in adverse interactions with other parts of the network, security or functionality gaps, or improper levels of network access. Incorporating security into a network solution requires constant vigilance over subtle details and non-obvious product interactions. This explains why ease-of-use and clarity—two concepts that used to refer to simple convenience in network administration—are now recognized to be legitimate security issues. What’s needed. Outside of the creation of a network administrator who is never subject to fatigue, stress, or being overworked or under-trained, the best way to ensure error-free management (and risk-reduced network security) is to build in the features that anticipate, and protect against, common errors. Toward that end, a single multi-purpose hardware product that provides a unified management view along with intuitive configuration fields can greatly reduce configuration and other management mistakes. White Paper: Five Threats to Data Security and How to Protect Against Them—Page 6 of 8 Easy, Error-free Administration SafeNet solutions feature a combination of intuitive, advisory interfaces, software safeguards and hardware features designed to reduce the risk of administrative error and ensure proper configuration and management. Easy Configuration A secure browser-based GUI guides the administrator through each configuration step; alternatively, a command-line interface is available for advanced users. The interfaces’ ease-of-use allows the products to be quickly deployed often in a matter of minutes, with one-button replication for on-the-fly scalability. Certificate Generation The same intuitive GUI is used to simply certificate requests, so the user is walked through each step and able to complete the process in a matter of seconds, eliminating the risk of taking shortcuts that aren’t secure. Simple Secure Maintenance For daily management, remote administration via the Web interface is secured with 128-bit encryption via TLS to protect administrator commands. Advanced users can use the commandline interface, protected via a Secure Shell connection, to create scripts. For increased security, remote administration can be disabled, either globally or granularly. Secure Logging Secure audit and activity logs keep a full record of administrative and connection events, pinpointing incorrect configurations and unauthorized access attempts. Managing Keys and Certificates Administrators generate, manage and import certificates securely through the Web or commandline interface, reducing the chance of error. To easily manage a large number of keys, the interface provides for convenient life-cycle key management. Minimizing Error The file system is read-only to prevent accidental or unauthorized software changes. All configuration files and private key data are stored using a hierarchy of internal keys. Additionally, unlike most servers and other network appliances, SafeNet products verify the authenticity of software upgrades, ensuring the security of configuration data and certificates. SNMP Integration The SafeNet management console integrates with HP Open View and other network management systems, allowing the user to receive SNMP traps about service levels and to issue SNMP “gets” or queries. White Paper: Five Threats to Data Security and How to Protect Against Them—Page 7 of 8 About SafeNet In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specializing in the technology sector. Vector Capital acquired Aladdin in March of 2009, and placed it under common management with SafeNet. Together, these leading global companies are the third largest information security company in the world, which brings to market integrated solutions required to solve customers’ increasing security challenges. SafeNet’s encryption technology solutions protect communications, intellectual property and digital identities for enterprises and government organizations. Aladdin’s software protection, licensing and authentication solutions protect companies’ information assets and employees from piracy and fraud. Together, SafeNet and Aladdin have more than 50 years of security expertise in more than 100 countries around the world. Aladdin is expected to be fully integrated into SafeNet in the future. For more information, visit www.safenet-inc.com or www.aladdin.com. SafeNet Corporate Headquarters 4690 Millennium Drive Belcamp, MD 21017 Tel: +1 410 931 7500 Tel: 1 800 533 3958 - Sales TTY Users: +1 800 735 2258 FAX: +1 410 931 7524 www.safenet-inc.com ©2009 SafeNet, Inc. All rights reserved. SafeNet and the SafeNet logo are registered trademarks of SafeNet, Inc. All other product names are trademarks of their respective owners. White Paper: Five Threats to Data Security and How to Protect Against Them—Page 8 of 8