当前位置：网站首页>What about data leakage? " Watson k'7 moves to eliminate security threats

What about data leakage? " Watson k'7 moves to eliminate security threats

2022-07-05 13:33:00 【Ink Sky Wheel】

Welcome to the morning news of Xihong radio ：

T The company system is 3 month 18 The Japanese were attacked by cyber crime , The data of millions of customers and potential customers has been leaked .

C Research Institute in 4 month 29 Daily report , One contains about 3500 The mysterious marketing database of 10000 personal details was leaked on the Internet , There is no password .

......

Frequent security incidents

How to do data security ？

Turn off the radio ,H The manager began to discuss data security issues with employees ：

H The manager ： Recently, data privacy leaks have occurred frequently , Extensive coverage , Great influence , As a result, many enterprises are caught in the double crisis of data protection compliance and social public opinion pressure . I just checked us R The database of the system , It is found that all the data stored in the data file is plaintext data ！

Caixiao X： There is a risk of information leakage , Sensitive data needs encrypted storage .

H The manager ： I can also check other people's sensitive information . And I guessed the password of any number of accounts , Or the default simple password .

Caixiao X: Our database does not have permission management , There is no rule strength limit for account and password .

H The manager ： incorrect , Who changed the data I added last week ?

Caixiao X: ...... Our application has no function of recording operators .

H The manager ： no way ！ The database has no security measures at all , Go to the municipal hospital immediately to find expert Watson ·K consulting , Let him give some targeted solutions .

Caixiao X: well , I'll go at once ！

Seek medical advice

Jincang KES Bring new vitality ！

Caixiao X Rush to the Municipal Hospital , Fill in R System database status and safety requirements table , Find expert Watson ·K Seek a good prescription . Watson ·K Listening to Cai Xiao X After the question , The use of KingbaseES Database to meet R Suggestions on the security requirements of the system .

KingbaseES The security features provided can cope with complex and diverse security business scenarios . Against various security threats KingbaseES There are solutions .KingbaseES Respectively from the counterfeit 、 Tampering 、 Deny 、 Information disclosure 、 Denial of service 、 The six types of security threats such as authority promotion are used for security protection .

However , in the light of KingbaseES Database security scheme , Caixiao x There are still some doubts ：

Seven questions and seven answers

Jincang KES Build a solid shield of enterprise data security ！

One question ： anti-phishing

Caixiao X： Many website systems have the phenomenon of user password disclosure , We R Many user passwords of the system are set simply ,KingbaseES How to prevent users' illegal access to the database ？

Watson ·K：KingbaseES Manage users through user identification and identity authentication based on enhanced password , It also supports strong access control function , To resist the security threat of phishing attacks .

User identification and authentication

KingbaseES The default password encryption algorithm is SCRAM-SHA-256. It is according to RFC 7677 The description in SCRAM-SHA-256 authentication , It can prevent password sniffing on untrusted connections and support storing passwords in an encrypted hash on the server .

KingbaseES The user information and password of the database are stored in a file named sys_authid In the data sheet of . Here are KES Encryption form of password in database ,sys_authid Tabular rolpassword The field shows the encrypted key ：

stay KES in , Password from sys_user Hidden in , This further enhances security , Even users who have access to views , You can't get the encrypted string of the password .

test=# select usename,passwd from sys_user where usename in('system','sao','sso');
 usename |  passwd
---------+----------
 system  | ********
 sao     | ********
 sso     | ********
(3  rows )

For password maintenance ,KingbaseES Support password complexity check 、 Mechanisms such as password validity and password history . Here are KingbaseES The form of password complexity check in the database , You can set the password complexity requirements according to your needs ：

alter system set passwordcheck.enable=on;
alter system set passwordcheck.password_length = 10;
alter system set passwordcheck.password_condition_letter = 3;
alter system set passwordcheck.password_condition_digit = 3;
alter system set passwordcheck.password_condition_punct = 1;
select sys_reload_conf();

This is set , The minimum password length 10 byte , Letter 、 The number is the least 3 individual , At least one special character .

For user login ,KingbaseES The corresponding identity authentication mechanism is also made, including support for abnormal login locking 、 Login information shows 、 Idle automatic disconnection and other identity authentication mechanisms .

Besides ,KingbaseES Support multiple login methods , You can also restrict user login IP. The same abnormal login lock can also be configured as needed , For example, set the maximum number of consecutive password failures to 10, The number of consecutive failed password locks is 6, The automatic unsealing time of blocked users is 1 Hours .

alter system set sys_audlog.max_error_user_connect_times = 10;
alter system set sys_audlog.error_user_connect_times = 6;
alter system set sys_audlog.error_user_connect_interval = 60;
select sys_reload_conf();
[test@4-34 bin]$ ./ksql test -U testu1 -p 54324 -h 127.0.0.1
 user  testu1  The password of ：
[test@4-34 bin]$ ./ksql test -U testu1 -p 54324 -W -h 127.0.0.1
 password ：
ksql:  error :  Can't connect to the server ： Fatal error :  password authentication failed for user "testu1"
NOTICE:  This is the 2 login failed. There are 4 left.
[test@4-34 bin]$ ./ksql test -U testu1 -p 54324 -W -h 127.0.0.1
 password ：
ksql:  error :  Can't connect to the server ： Fatal error :  password authentication failed for user "testu1"
NOTICE:  This is the 3 login failed. There are 3 left.
[test@4-34 bin]$ ./ksql test -U testu1 -p 54324 -W -h 127.0.0.1
 password ：
ksql:  error :  Can't connect to the server ： Fatal error :  password authentication failed for user "testu1"
NOTICE:  This is the 4 login failed. There are 2 left.
[test@4-34 bin]$ ./ksql test -U testu1 -p 54324 -W -h 127.0.0.1
 password ：
ksql:  error :  Can't connect to the server ： Fatal error :  password authentication failed for user "testu1"
NOTICE:  This is the 5 login failed. There are 1 left.
[test@4-34 bin]$ ./ksql test -U testu1 -p 54324 -W -h 127.0.0.1
 password ：
ksql:  error :  Can't connect to the server ： Fatal error :  The user "testu1" is locked.please wait 60 minutes to retry

Access control

KingbaseES Adopt a variety of control means to ensure the legitimacy and security of users' access to data , And effectively prevent unauthorized access of illegal users . Including autonomous access control and mandatory access control .

KingbaseES use ACL( Access control list ) Technology enables users to have their own tables and columns ( Field ) Autonomous access control . Users can independently authorize other users and roles to operate on their own data objects . When a user accesses a data table / Column time , Autonomous access control will be based on ACL Check whether the user's access rights to the access object are legal , It is used to decide whether to accept or reject the user's access behavior .

-- System permissions are actually some attribute permissions specified when creating users 
--system
-- to grant authorization 
create user u1 with superuser;
-- or 
alter user u1 with superuser;
create user u2 with createrole;
-- or 
alter user u2 with createrole;
create user u3 with login;
-- or 
alter user u3 with login;
create user u4 with createdb;
-- or 
alter user u4 with createdb;
-- The list is incomplete , You can see create user/alter user  sentence .
-- revoke 
alter user u1 with nosuperuser;
alter user u2 with nocreaterole;
alter user u3 with nologin;
alter user u4 with nocreatedb;
-- Object permissions are permissions that exist on database objects 
-- Get ready 
--system
create user u1;
create user u2;
--u1
\c test u1
create table testu1(id int);
insert into testu1 values(123);
--u2
\c test u2
select * from testu1; --error
-- to grant authorization 
--u1
\c test u1
-- Column level permissions 
grant select(id) on testu1 to u2;
-- Table level permissions 
grant select all on testu1 to u2;
--u2
\c test u2
select id from test; -- success
select * from test; -- success
-- revoke 
revoke select(id) on testu1 from u2;
revoke select all on testu1 from u2;

Two questions ： tamper-proof

Caixiao X：R The data of the system is modified through network transmission , Is there any way to ensure the security of the database during transmission ？

Watson ·K： When an attacker attempts to destroy user data files through the network , Or intercept the data in the transmission process ,KingbaseES Use the transmission integrity protection and user data integrity protection functions to protect against tampering .

Database access SSL Communication for transmission integrity protection , To configure SSL Transmission encryption .

By adding “ Data watermark ”,KingbaseES It realizes the integrity verification and protection in the data storage process . Every time you read the disk , Automatic data watermark verification . Every time I write to the disk , Automatically update the data watermark . Data verification support CRC、SM3、SM3_HMAC Algorithm .

Three questions ： Prevent information leakage

Caixiao X：R The current data of the system is plaintext , It is easy to leak data .KingbaseES How to prevent data leakage ？

Watson ·K：KingbaseES There is an encryption mechanism to prevent information leakage . Including transparent storage encryption 、 Non transparent encryption 、 Data desensitization 、 Object reuse , Transparent encryption includes encrypting objects , Encryption engine , Encrypted backup recovery and configuration file encryption .

Transparent storage encryption

KingbaseES Realize the encryption of data when it is written to disk , When the authorized user re reads the data, decrypt it . There is no need to modify the application , Authorized users will not even notice that the data has been encrypted on the storage medium , The encryption and decryption process is transparent to users . There are currently two types of encrypted objects , They are tablespace and table , The corresponding encryption methods are table space encryption and table encryption . It should be noted that different encryption methods are mutually exclusive , The same encryption object cannot support multiple encryption methods at the same time .

Tablespace encryption

create tablespace ts location '/home/kingbase/ts' with(encryption = true, enckey ='k1eyenc2');
--encryption:  Identify that the current table space is an encrypted table space 
--enckey:  User defined table space encryption key 
--sysencrypt.encrypt_user_tablespace
-- This parameter belongs to the encryption plug-in ,true  The table space created for is encrypted by default ,false  Then close this parameter 
-- How to confirm whether the data is encrypted 
-- First, confirm the physical file location of the encrypted object where the data is located 
-- Example ：
select oid,relname, relfilenode from sys_class where relname = 'test';
-- Then according to this statement, the query relfilenode  No. find the location of the physical file , or 
select sys_relation_filepath(sys_relation_filenode('test'));
-- Find the specific location of the data file 
--hexdump -c  If the database file is compared with other plaintext files, it is obvious that the data is encrypted , Are some invisible characters or garbled , Prove encryption successful .

Four questions ： Non repudiation

Caixiao X： We also find that sometimes the data is illegally modified , But there is no record of who made the modification .KingbaseES How to deal with this situation ？

Watson ·K： The safety protection measures of any system are not perfect , Deliberate theft , People who destroy data always try to break control , The audit function automatically records all user operations on the database and puts them into the audit log , The auditor can analyze the audit log , Take effective measures to prevent potential threats in advance .KingbaseES The database provides a complete set of audit mechanism , It is used to ensure the monitoring of various behaviors in the database , And then for the security of the database 、 Reliable and effective guarantee .

Audit

KingbaseES Realize the audit function to record the user's behavior , It mainly realizes the server instance level audit 、 Statement level audit 、 Schema object level auditing .

According to the different audit users , You need to use different users to set audit rules ： The database auditor is responsible for setting up for super users （ Including database administrators ） And database security officer Auditing rules ; The database security officer is responsible for setting the audit rules for ordinary users and database auditors .

After the database auditor and database security officer log in to the database , You can set audit rules directly ：

-- Database auditors SET statement level audit rules , The audit type is select table  sentence , The audit user is the database administrator system, The audit object is public  Mode of tab1
select sysaudit.set_audit_stmt('select table','system','public','tab1');
-- The database security officer sets object level audit rules , The audit type is table  object , Audit users are ordinary users user1, The audit object is public  Mode of tab2
select sysaudit.set_audit_object('table','user1','public','tab2');

Database auditors and database security officers can security Query the system view under the database to view the corresponding audit log ：

-- Database auditors need to query views sysaudit_record_sao, You can view super users （ Including database administrators system） And the audit log of the database security officer 
select * from sysaudit_record_sao;
-- The database security officer needs to query the view sysaudit_record_sso, You can view the audit logs of ordinary users and database auditors 
select * from sysaudit_record_sso;

Five questions ： Prevent privilege escalation

Caixiao X：R Many ordinary users in the system have the authority of super user , It would be very unsafe ,KingbaseES Does the database have permission management mechanism ？

Watson ·K：KingbaseES The safety management system of separation of powers is adopted , The separation of powers of database is to solve the problem of excessive concentration of power of database super users , Reference administration 、 legislation 、 The security management mechanism designed according to the principle of separation of judicial powers .

Separation of powers

KingbaseES Divide the database administrator into database administrator 、 Security administrator 、 There are three types of audit administrators .

• Database administrator

It is mainly responsible for various operations and independent access control of daily database management .

• Security administrator

Mainly responsible for the formulation and management of mandatory access control rules .

• Audit Manager

Mainly responsible for database audit , Supervise the operation of the first two types of users . The separation of powers has blocked the security vulnerability of abusing the privileges of database super users , Further improve the overall security of the database .KingbaseES It is allowed to modify the user names of security officers and auditors .

\c test system
alter user sao rename to sao2;
alter user sso rename to sso2;
\du
select * from sys_authid;

Besides ,KingbaseES Also through restrictions DBA、 Security administrator sso perform DCL Equal mechanism , Further restrict the permissions of the database administrator .

Six questions ： Anti denial of service

Caixiao X： We also found that some users of the system occupy too much resources , As a result, other users cannot use the database .KingbaseES How to avoid this situation ？

Watson ·K：KingbaseES It can limit the storage space and CPU resources ,KingbaseES adopt kdb_resource_group Plug in to realize the user quota function , adopt sys_spacequota The plug-in implements user table space quota .

Seven questions ： Safety qualification

Caixiao X: So far ,KingbaseES Databases can indeed be destroyed R Unsafe loopholes in the system . But excuse me KingbaseES Is there any relevant safety qualification certificate ？

Watson ·K： This can be completely assured . People's Congress Jincang KingbaseES It is the most complete to obtain safety qualification , Database products with the highest security level . It is also the first to pass the compulsory safety certification of the computer information system safety product quality supervision and inspection center of the Ministry of public security , And obtain a sales license for database products . The qualification certificates obtained include ：

Caixiao X: fantastic , I'll go back and report to the leader immediately , Upgrade the database to KingbaseES, Have comprehensive security solutions and complete certificates .

Watson ·K： Go ahead , Use KingbaseES Don't be afraid of database security threats anymore .

Conclusion

KingbaseES It is a self-developed high security database product , Through the new structured system design and enhanced diversified mandatory access control model framework , Several high-level security features have been developed , And complete implementation, including the separation of privileges 、 Identification 、 Diversified access control 、 User data protection 、 Technical and functional requirements of all structured protection levels including audit .KingbaseES Defense in depth , Escort database security ！