Advances in Computer Science Research, volume 70
2nd International Conference on Mechatronics Engineering and Information Technology (ICMEIT 2017)
The Research on MySQL Security Baseline
Yanhui Ma
School of Computer Science and Technology, Harbin Institute of Technology, Weihai, China 18363122135@163.commail
Keywords: MySQL, database security, security baseline, minimum security guarantee.
Abstract. At present, information system has been widely applied to various fields, but different kinds of database leaks and other security incidents continue to appear, leading to endless security risks for users. Database as the core of information system, the research on which seem to be very important. In order to improve the security of database, setting up security baseline of database properly brooks no delay. The security baseline of database system is the basic guarantee to ensure the safety of the database system. This paper studies the key attributes of database security and their role in database security, and on the basis, this paper gives the MySQL database security baseline, which provides the basic evidence for the security configuration of MySQL.
1. Introduction
Along with the rapid development of information system application technology, database application has gone deep into the national economy, people’s production and life, as well as other fields, becoming an indispensable part of social life today. So the security of the information is becoming more and more important and companies tend to pay more attention to its integrity, availability and confidentiality. In most cases, the information will be stored in the database, while the security of the database itself, which is responsible for the storage and maintenance of data, is facing unprecedented challenges. Any damage to the database may result in extremely serious consequences. Therefore, how to make the database system more secure has become the focus point people research on and concern on.
2. The security and threats of database
2.1 The security of database
Now there is no uniform definition of the concept of database security at home and abroad. At abroad, the definition of database security is most widely affected and accepted[1] by C.P.Pflagger, who describes the database security from the aspects of the integrity of the physical database, the integrity of the logical database, the security of the elements, the accessibility, the access control, the authentication and the usability. In China, the database security [2] is to ensure the confidentiality, integrity, consistency and availability of the database information, among which confidentiality refers to protect the data in the database from leaking and unauthorized access. Integrity means to protect the data in the database not to be destroyed and removed; consistency is to ensure that the data in the database satisfies entity integrity, referential integrity and user’s defined integrity requirements; availability refers to ensure the data in the database not available to authorized users for human or natural reasons. The security technical requirements of database management system includes identification, marking and access control, data integrity and database security audit.
2.2 The threats of database
At the moment, the main threat to the database comes from two aspects: hardware and software[3]. The threat of hardware is mainly due to some special reasons, such as disk damage, system crash and so on, which can be solved by local or remote database backup. The threat of software mainly comes from the SQL injection, virus infection, human error, password loss and so on. Among them, the SQL injection means the loopholes in the program because of the negligence of programmers. Thus,
| Copyright © 2017, the Authors. Published by Atlantis Press. | 128 |
| This is an open access article under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/). | |
|
|
Advances in Computer Science Research, volume 70
someone may login without account and gains the authority of the database operation, so as to steal the database information and even tamper with the database content. In order to reduce the threat of SQL injection and improve the security of database, programmers are advised to pre-compile SQL statements and bind variables. The threat of virus infection can be reduced through the use of anti-virus software, such as Kingsoft anti-virus, 360 anti-virus software and so on. These anti-virus software can find the virus of the existing system, then clean up to maintain the database security. Not qualified configuration to database by database administrators generally lead to the threats of human error, password loss and so on. Therefore, a reasonable configuration of database can significantly reduce the human error and reduce the threat to the database.
3. Database Security Baseline
Database system security baseline [4] means that the related attributes involved in database security should be made necessary and reasonable arrangement in the process of database configuration, which is the minimum security guarantee and the most basic security requirements. It is necessary to balance the cost and the risk to ensure the security of database, and the security baseline is just the reasonable boundary. Therefore, the construction of database security baseline has become the first step to ensure the database security, which is also a prerequisite to solve the problem of database security.
Database security baseline mainly includes five types [5], namely physical security baseline, database patch baseline, database configuration baseline, database health baseline and database business baseline. The first one means the physical protection of equipment and data resources. The second one is the most basic configuration requirement of the account, password, authority, log and so on for the database administrator. The third one means that the database must meet the requirement of the patch. The fourth is the indicator of whether or not to meet the requirements in the running state for the database. The last one means baseline-learning on the current business information of the database.
In this paper, we consider the database configuration baseline and the patch baseline to improve the security of the database. Database requires user authentication strictly. Every user must use the only account and corresponding password for authentication, so as to facilitate the subsequent audit trail. Besides, according to each account’s different right to database, a user account could only access the authorized system resources, with no permission to other sensitive information protected by other users, which will help the database administrator to restrict the access of users to particular database. Log and audit can monitor and record of all kinds of database operation, and restore them to audit database, which is convenient to query and analysis in the future. Moreover, it will also benefit to tracking the illegal operation of the database and subsequent database recovery operations. To check and update database regularly, install security evaluated patches and upgrade instantly, and refresh the virus and malicious code library constantly can effectively prevent system from attacks of viruses, Trojans, phishing, web software and other malicious software. At present, enterprises commonly use databases such as Oracle database, SQL Server, DB2, MySQL and so on. Based on the MySQL database, we do a research on MySQL database security baseline, with reference to literature [6, 7] about related configuration parameters and command.
4. MySQL Security Baseline Configuration
4.1 Account Security
In order to improve the security of the database to reduce the threat of external threats, it is the first to increase the protection of the entrance of the database. The user account and password is equivalent to the door key to the database, and the higher security level of the key is more security of the database. The database administrator assigns different user accounts to log on different databases and restrict the user's rights to improve the security of the database.
Account Management Security Baseline Requirements
The database administrator should delete or lock the account that has nothing to do with the database operation, maintenance and so on. In order to meet this condition, the database administrator
129
Advances in Computer Science Research, volume 70
first need to obtain all of the users’ information from the user table. The following command could be executed.
mysql>select * from user;
This command show all information of users to the administrator. If there are independent accounts, database administrator may use drop command to delete them.
4.2 Password Security
If there is a default user in the database using the default password, this will reduce the security of the database. Therefore, database administrator need to modify the default account password, otherwise the attacker may use the default account and the default password to intrusion database and threat the system security. In order to reduce the occurrence of such a situation, the database administrator can enforce the complexity of the password, such as length, duration, case and so on.
Account Password Security Baseline Requirements
The database administrator should check whether the account uses a default password and a weak password, depending on that the length of the password is at least 8 bits and the password includes numbers, lowercase characters, uppercase characters and special characters. The password should include at least two types of the four type. If there is a weak password, administrator need to modify it. The following commands can do this operation.
mysql>update user set password=password (“Hello123”) where user=’ma’; mysql>flush privileges;
At the same time, the password should be required not to set the same within 5 times and the password should be replaced at the most 90 day.
Authority Allocation Policy Security Baseline Requirements
The database administrator should allocate the minimum rights required to the user according to the business needs of the database. In order to meet this condition, the following command may be used.
mysql>select * from user; mysql>removke * ;
The first command is used to gain all rights of all users. After this, database administrator could determine whether there is unnecessary or dangerous authorization. If it exists, using the REVOKE command to recovery.
4.3 Log Audit
The log can record the users’ operations to the database, including login account, whether login is successful, the operation time and the corresponding operations such as add, delete, change, check, so as to be convenient to query the day after. Therefore, it is necessary to open the database log function.
Log Configuration Database Baseline Requirements
The log function should be set for the database. MySQL mainly includes five kinds of log, respectively, the error log, the query log, the slow query log, the update log and the binary log. In the MySQL command line, the following command may do works.
mysql>show variables like "log%";
This command could be used to display all the types of the log and the status of the logs. Generally, MySQL must be opened the error log. As for other log functions, database administrator need to use command to open them.
4.4 Other Configurations
Patch Security Baseline Requirements
The database administrator should ensure that the database system has installed the latest security patches. In order to meet the conditions, database administrator can view the current database version using the command: mysql –v. After compared with the safety of the latest version, if it is the latest version does not need to update, otherwise update to the latest version in the premise of business and network security. Also it should be through compatibility testing.
Remote Access Security Baseline Requirements
If the network connection is forbidden, it can prevent password attack, overflow attack and sniffing attack. However, it can only be applied to the condition which the application and the database on the
130
Advances in Computer Science Research, volume 70
same host. The database administrator can modify the MySQL configuration file /etc/mysql/my.cnf to allow remote connections.
# Instead of skip-networking the default is now to listen only on
# local host which is more compatible and is not less secure
# bind-address = 127.0.0.1
Now MySQL is allowed remote login. If database administrator delete the # before the bind-address, the MySQL will not be allowed remote connection. Database administrator determine whether the need to open this feature according to the different application scenarios. For example, if there is a need to deploy the application scenario, administrator should to open the remote access function.
Access Policy Security Baseline Requirements
Database should only be accessed by the trusted IP address. To achieve this goal, the following command may be used.
mysql>grant all privileges on db.* to username@’IP/netmask’;
After this operation, the database can only be accessed through the trusted IP address. Connection Number Security Baseline Requirements
The database administrator should set the maximum number of connections based on machine performance and business requirements. In order to set this condition, the database administrator can modify the option of max_connections in the MySQL configuration file /etc/mysql/my.cnf. After modified the option, is will work to restart MySQL service.
5. MySQL Database Security Baseline Score
In accordance with the previous description of the database security baseline detection, we have detected the MySQL database and then, we have used the way of weighted accumulation to evaluate the results. According to the importance of the database security baseline detections, we made a floating interval. And according to its importance to fluctuate, the higher the degree of importance, the higher the weight is. For example, the default password and weak password for database security are relatively important, so the weight will be higher. However the important degree of the alert log and update log is relatively low, so the weight is low. Once the standard is established, the database can be scored, and the score is higher, the degree of database security is higher. Here the range of the score is from 0 to 9 according to the importance. And detected result will be 1 or 0. If the result is 1, it means the database is consistent with the database baseline in this item. If the result is 0, it means the database is not consistent with the database baseline in this item. The detected results of MySQL are in table 1.
Table 1. The detected results of MySQL database security baseline.
| num | item | Weight | result | score |
|
|
|
|
|
|
| 1 | Administrator prohibition | 7 | 1 | 7 |
|
|
|
|
|
|
| 2 | Useless acount | 2 | 0 | 0 |
|
|
|
|
|
|
| 3 | Default password | 7 | 1 | 7 |
|
|
|
|
|
|
| 4 | Weak password | 6 | 1 | 6 |
| 6 | User’s policy | 5 | 0 | 0 |
| 7 | Error log | 3 | 1 | 3 |
| 8 | Warning log | 2 | 0 | 0 |
| 9 | Slow query log | 2 | 1 | 2 |
| 10 | Update log | 2 | 0 | 0 |
| 11 | Binary log | 2 | 0 | 0 |
|
|
|
|
|
|
| 12 | Latest patch | 4 | 1 | 4 |
|
|
|
|
|
|
| 13 | Remote access | 2 | 0 | 0 |
| 14 | Trusted IP address control | 6 | 0 | 0 |
| 15 | Connections | 5 | 0 | 0 |
|
|
|
|
|
|
|
| Database Conformity |
| 52.7% |
|
|
| Detected total scores/total scores |
| 29/55 |
|
131
Advances in Computer Science Research, volume 70
Table 1 shows the detected results of the MySQL database security baseline. Every item of the security baseline was detected. The result for every item is 1 or 0. The score of every item is the multiplication of weights and result. For example, the database has been configured the item of the error log, so the result is 1 and the score is 3. However because the database has useless accounts, the result is 0 and the score is 0. The detected total scores of the database is the sum of the individual score and the database conformity is equal to the detected total scores / total scores *100%. The database conformity can clearly show the security degree of the database. The higher conformity of the database, the security of database is higher. Otherwise there is a need to reconfigure the database to improve the security of the database. Using this detection method and evaluation method, the database administrator will have a good reference and scoring standards.
6. Conclusion
In order to make every item of the database baseline reasonable, database administrator must refer to the relevant standard requirements, which not only can effectively reduce the risk of database system, greatly reduce the cost of the security system and improve the security of the database, but also provide a good reference for the database management for the database administrator and reduce the possibility of error for human.
References
[1] Pfleeger C P, Pfleeger S L. Security in Computing. 3rd Editon. NJ: Prentice Hall, 2003.
[2] Jiao Yan. With Regard to the Status of the Database System Security Research. Network &Computer Security. 2010(5):45-47.
[3] Hu Xiaomin. Computer network database security threats and Countermeasures [J]. China New Telecommunication. 2015(13):98-99.
[4] Liu Tong. Study on the securiy baseline of complex information system [J]. Chinese Journal of Management Science. 2000(s1):636-644.
[5] Ma Xianhu, Xu Li, Jin Huasong. Security Protection Strategy of Database Based on Baseline Technology [J]. Computer & Telecommunication. 2013(4):28-31.
[6] Widenius M, Axmark D P. Mysql Reference Manual [J]. Dec 2009 - World Bank, Washington, 2002(4).
[7] Seidman C, Smith P. MySQL: The Complete Reference [M]. McGraw-Hill, Inc. 2009.
132
MySQL安全基线研究
关键词:MySQL,数据库安全,安全基准,最低安全保证。
摘要:目前,信息系统已经广泛应用于各个领域,但不同类型的数据库泄露等安全事件不断出现,给用户带来无尽的安全隐患。数据库作为信息系统的核心,其研究似乎非常重要。为了提高数据库的安全性,及时设置数据库的安全基线刻不容缓。数据库系统的安全基线是确保数据库系统安全的基本保证。本文研究了数据库安全的关键属性及其在数据库安全中的作用,在此基础上给出了MySQL数据库的安全基准,为MySQL的安全配置提供了基础依据。
1.简介
随着信息系统应用技术的飞速发展,数据库应用已深入到国民经济,人民生产生活等各个领域,成为当今社会生活不可或缺的一部分。因此,信息的安全性变得越来越重要,企业往往更加关注信息的完整性、可用性和保密性。在大多数情况下,信息将被存储在数据库中,而负责数据存储和维护的数据库本身的安全性正面临前所未有的挑战。数据库的任何损坏都可能导致非常严重的后果。 因此,如何使数据库系统更加安全成为人们研究和关注的焦点。
2.数据库的安全和威胁
2.1数据库的安全性
目前国内外对数据库安全的概念还没有统一的定义。在国外数据库安全的定义受C.P.Pflagger的广泛影响和认可。C.P.Pflagger从物理数据库的完整性、逻辑数据库的完整性、元素的安全性、可访问性、访问控制、认证和可用性来描述数据库的安全。在中国,数据库安全是为了保证数据库信息的机密性、完整性、一致性和可用性,其中保密性是指保护数据库中的数据免于泄露和未授权访问;完整性意味着保护数据库中的数据不被破坏和清除;一致性是确保数据库中的数据满足实体完整性,参照完整性和用户定义的完整性要求;可用性是指确保数据库中的数据由于人为或自然的原因而不被授权的用户使用。数据库管理系统的安全技术要求包括识别、标识、访问控制、数据完整性和数据库安全审计。
2.2数据库的威胁
目前,数据库的主要威胁来自硬件和软件两个方面。 硬件的威胁主要是由于一些特殊的原因,如磁盘损坏、系统崩溃等,可以通过本地或远程数据库备份来解决。软件的威胁主要来自SQL注入、病毒感染、人为错误、密码丢失等。其中,由于程序员的疏忽,SQL注入意味着程序中的漏洞。 因此,有人可能无需登录帐号就可以登录并获得数据库操作权限,从而窃取数据库信息甚至篡改数据库内容。为了减少SQL注入的威胁,提高数据库的安全性,建议程序员预编译SQL语句并绑定变量。通过使用反病毒软件,如金山毒霸杀毒软件,360杀毒软件等,可以减少病毒感染的威胁。这些防病毒软件可以找到现有系统的病毒,然后进行清理,以保持数据库的安全。 数据库管理员对数据库的配置不合格通常会导致人为错误,密码丢失等威胁。 因此,合理配置数据库可以显着减少人为错误,减少对数据库的威胁。
3.数据库安全基线
数据库系统的安全基准意味着数据库安全所涉及的相关属性应该在数据库配置过程中作出必要的合理安排,这是最低的安全保障和最基本的安全要求。为了保证数据库的安全,平衡成本和风险是必要的。安全基线只是合理的边界,因此,数据库安全基线的构建已成为保证数据库安全的第一步,也是解决数据库安全问题的前提。
数据库安全基线主要包括物理安全基线、 数据库补丁基线、数据库配置基线、数据库健康基线和数据库业务基线五种类型。第一个意思是设备和数据资源的物理保护;第二个是数据库管理员帐号、密码、权限、日志等最基本的配置要求;第三个意味着数据库必须满足补丁的要;求四是数据库是否满足运行状态的指标;最后一个意味着对数据库当前业务信息进行基准学习。
在本文中,我们考虑数据库配置基线和补丁基线来提高数据库的安全性。数据库严格要求用户认证。每个用户都必须使用唯一的账号和相应的密码进行认证,以方便后续的审计跟踪。另外,根据每个账号对数据库的不同权限,用户账号只能访问授权的系统资源,不受其他用户保护的其他敏感信息的许可,有利于数据库管理员限制用户访问特定数据库。日志和审计可以监视和记录各种数据库操作,并将其恢复到审计数据库,方便日后查询和分析。而且,跟踪数据库的非法操作和随后的数据库恢复操作也是有益的。定期检查和更新数据库,安装安全评估补丁并立即升级,不断更新病毒和恶意代码库,有效防止系统遭受病毒,木马,网络钓鱼,网络软件等恶意软件的攻击。目前企业普遍使用Oracle数据库、SQL Server、DB2、MySQL等数据库。基于MySQL数据库,我们对MySQL数据库安全基线进行了研究。
4. MySQL安全基线配置
4.1帐户安全
为了提高数据库的安全性,减少外部的威胁,首先要加大对数据库入口的保护。 用户帐号和密码相当于数据库的门密钥,密钥的安全级别越高,数据库的安全性越高。 数据库管理员分配不同的用户账号登录不同的数据库,限制用户权限,提高数据库的安全性。
帐户管理安全基准要求:
数据库管理员应删除或锁定与数据库操作、维护等无关的帐户。 为了满足这个条件,数据库管理员首先需要从用户表中获取所有的用户信息。下面的命令可以被执行:
mysql> select * from user;
该命令向管理员显示所有用户信息。如果有独立帐户,数据库管理员可以使用drop命令将其删除。
4.2密码安全
如果数据库中有默认账号使用默认密码,则会降低数据库的安全性。因此,数据库管理员需要修改默认账号密码,否则攻击者可能会使用默认账号和默认密码来入侵数据库,威胁系统安全。为了减少这种情况的发生,数据库管理员可以加强密码的复杂性,如长度、持续时间、条件等。
帐户密码安全基准要求:
数据库管理员应根据密码长度不小于8位,密码包括数字、小写字母、大写字母和特殊字符,检查帐号是否使用默认密码和弱密码。密码应至少包括四种类型中的两种。如果密码是弱密码,管理员要求用户去修改。以下命令可以执行此操作。
mysql> update user set password = password("Hello123")where user ='ma';
mysql>flush privileges;
同时,密码要求不要在5次以内设置,最多90天以上的密码应该更换。
权限分配政策安全基准要求:
数据库管理员应根据数据库的业务需要为用户分配所需的最小权限。为了满足这个条件,可以使用下面的命令:
mysql> select * from user;
mysql> removke *;
第一个命令用于获取所有用户的所有权限。在此之后,数据库管理员可以确定是否存在不必要或危险的授权。如果存在,则使用REVOKE命令进行恢复。
4.3日志审计
日志可以记录用户对数据库的操作,包括登录账号,登录是否成功,操作时间以及添加、删除、修改、检查等相应操作,以方便后续查询。因此,有必要打开数据库日志功能。
日志配置数据库基准要求:
应该为数据库设置日志功能。 MySQL主要包括五种日志,分别是错误日志、查询日志、慢查询日志、更新日志和二进制日志。在MySQL命令行中,以下命令可能会起作用。
mysql>show variables like "log%";
该命令可用于显示日志的所有类型和日志的状态。一般来说,MySQL必须打开错误日志。至于其他日志功能,数据库管理员需要使用命令打开它们。
4.4其他配置
补丁安全基线要求:
数据库管理员应该确保数据库系统安装了最新的安全补丁。为了符合条件,数据库管理员可以使用以下命令查看当前的数据库版本:mysql -v 。通过与最新版本的安全性和兼容性测试,如果是最新版本则不需要更新,否则在业务和网络安全的前提下更新到最新版本。
远程访问安全基准要求:
如果网络连接被禁止,可以防止密码攻击、溢出攻击和嗅探攻击。但是,它只能适用于应用程序和数据库所在的条件相同的主机。数据库管理员可以修改MySQL配置文件/etc/mysql/my.cnf以允许远程连接。
# Instead of skip-networking the default is now to listen only on
# local host which is more compatible and is not less secure
# bind-address = 127.0.0.1
现在MySQL允许远程登录。如果数据库管理员删除了 # before the bind-address,MySQL将不允许远程连接。数据库管理员根据不同的应用场景判断是否需要打开这个功能。例如,如果需要部署应用场景,管理员应该打开远程访问功能。
访问策略安全基线要求:
数据库只能被可信的IP地址访问。为了实现这个目标,可以使用下面的命令:
mysql>grant all privileges on db.* to username@'IP/netmask';
完成此操作后,只能通过可信IP地址访问数据库。
连接号码安全基线要求:
数据库管理员应根据机器性能和业务需求设置最大连接数。为了设置这个条件,数据库管理员可以修改MySQL配置文件/etc/mysql/my.cnf中的max_connections选项。修改该选项后,重新启动MySQL服务。
5. MySQL数据库安全基线评估
根据之前对数据库安全基线检测的描述,我们已经检测到了MySQL数据库,然后我们使用了加权累加的方式来评估结果。根据数据库安全基线检测的重要性,我们做了一个浮动区间。而且根据其重要性的波动,重要程度越高,权重越高。例如,数据库安全的默认密码和弱密码比较重要,因此权重会更高。然而,警报日志和更新日志的重要程度相对较低,因此权重较低。一旦标准建立,数据库就可以得分,得分越高,数据库的安全程度就越高。这里根据重要性得分的范围为从0到9;检测结果为1或0。如果结果为1,表示数据库与该项目的数据库基线一致;如果结果为0,则意味着该数据库与该项目中的数据库基线不一致。 MySQL的检测结果如表1所示:
表1. MySQL数据库安全基线的检测结果。
| NUM | 项 | 权重 | 结果 | 分值 |
| 1 | 管理员禁令 | 7 | 1 | 7 |
| 2 | 无效账户 | 2 | 0 | 0 |
| 3 | 默认密码 | 7 | 1 | 7 |
| 4 | 弱密码 | 6 | 1 | 6 |
| 5 | 用户策略 | 5 | 0 | 0 |
| 6 | 错误日志 | 3 | 1 | 3 |
| 7 | 警告日志 | 2 | 0 | 0 |
| 8 | 慢查询日志 | 2 | 1 | 2 |
| 9 | 更新日志 | 2 | 0 | 0 |
| 10 | 二进制日志 | 2 | 0 | 0 |
| 11 | 最新补丁 | 4 | 1 | 4 |
| 12 | 远程访问 | 2 | 0 | 0 |
| 13 | 可信IP地址控制 | 6 | 0 | 0 |
| 14 | 连接 | 5 | 0 | 0 |
| 数据库一致性 | 52.7% | |||
| 检测总分/总分 | 29/55 | |||
表1显示了MySQL数据库安全基线的检测结果。检测到安全基线的每个项目。每个项目的结果是1或0。每个项目的分数是权重和结果的乘积。例如,数据库配置了错误日志的项目,所以结果是1,得分是3.但是因为数据库有无效账户,所以结果是0,得分是0。数据库检测的总分是个别得分的总分和数据库一致性的总分,数据库的一致性等于检测到的总分数/总分数* 100%。数据库的一致性可以清楚地显示数据库的安全程度。数据库的一致性越高,数据库的安全性越高。否则就需要重新配置数据库来提高数据库的安全性。使用这种检测方法和评估方法,数据库管理员将有一个很好的参考和评分标准。
六,结论
数据库管理员为了使数据库的每个项目都合理,必须参照相关的标准要求,这样不但可以有效地降低数据库系统的风险,大大降低安全系统的成本,提高数据库的安全性,也为数据库管理员的数据库管理提供了很好的参考,减少了人为错误的可能性。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
