Cloud Platform Database Security series (a) brute force

Enterprises, individuals and developers in various industries want to realize IT operations outsourcing in a low cost way, realize fast data sharing through Internet cloud Server, and fully enjoy the convenience of cloud computing, which is the charm of cloud.

For fast-growing cloud applications, businesses and individual users alike face a problem that can be overlooked when it comes to instant, anywhere, and on-demand cloud services: enterprise-critical data and personal privacy data are kept in a database on the cloud platform, which could be a huge loss if the data assets are lost.

The status of brute force attack under cloud Platform

Brute force attacks are one of the most important threats to cloud users, with the daily security operations of a cloud-based platform as an example, and the number of hackers who hack cloud tenants up to hundreds of millions of times per week. Is the trend map of the cloud tenant's brute force attack: attack Trend graph:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6C/08/wKiom1U98VbC7mVoAADiu5p1Qyw291.jpg "title=" 20150106-1.jpg "alt=" Wkiom1u98vbc7mvoaadiu5p1qyw291.jpg "/>

We can see that from the beginning of June to the end of July, the number of tenants of a cloud platform was attacked by brute force on average 500 million times a week. In these 500 million attacks, the target distribution is as follows (7.21-7.27 data):

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6C/04/wKioL1U98sqy_9xBAACCJeLTECA595.jpg "title=" 20150106-2.jpg "alt=" Wkiol1u98sqy_9xbaaccjelteca595.jpg "/>

Second, the analysis of the causes and ways of the attack of database brute force

With the increase of application time, a large number of important data have been stored in the database, and the attack on the target of database has accounted for nearly 40%. The brute force of the database is the process of guessing the password of the super-tube account of the database through the dictionary and other methods. Administrator account and password is the key to connect to the database, once the password is successfully "burst", the security of the database will no longer exist.

The main reason for the success of the database is that cloud tenants, especially many enterprise users, after employing software vendors to complete Web application development, do not have the expertise to understand what operations are left in the database account, brute force attempts not only the Administrator password and operations account, as well as many of the database itself exists default account , with Oracle as an example, the default passwords for each version can be combined to reach more than 700, and these accounts can be targeted for brute force.

Again because the account password in the database is encrypted storage, and each database encryption algorithm is different, if the use of professional tools such as An Huaqin and database leakage, cloud tenants themselves can not find the weak password in the database, which makes it difficult to prevent the brute force of the database.

From the database is analyzed by brute force, each cloud server has intranet and extranet two IP, a cloud tenant to buy multiple cloud servers can simulate intranet environment (such as: vLan) mutual access, the network IP can be accessed through the Internet. In general, the application server accesses the database server by accessing the intranet IP, and the database maintenance is operated from the Internet via an extranet IP. Automated brute force hack tool one way is to scan directly to an extranet IP address, discover that a default port is serving the database, and then guess through the account password. Another way is to attack the application server first, then use the application as a springboard to scan the database account password. In the Cloud Platform intranet environment, the network access between cloud tenants is also likely to occur password guessing, but believe that the cloud Platform's own platform and network domain security partition mechanism has blocked this illegal access path.

Third, the database to prevent violence to crack the defensive means

Cloud tenants want to prevent the database from being hacked, An Huaqin and database security experts have three recommendations: one is to increase the password strength of the database account, the second is to modify the database login failure processing method, the third is the use of database firewall to implement the active defense of the database.

Of course, the default account for some types of databases is also required to lock or increase the password strength of the account.

The number of password digits shown in the table below is the time relationship with the automated tool brute force:

Account password Length	Crack time
3 Guests	3-5 seconds
4 guests	4 minutes
5 Guests	About 1 days

For the database password brute force crack problem, Anwarking database leakage can help cloud tenants find weak password and default account password, recommended password modified to more than 8, if the core database recommended password modified to more than 10 bits, preferably with uppercase and lowercase letters, numbers and special characters. Anwarking database leakage can also be found in the database login failure handling security settings, such as the maximum number of login errors and the lockout time after the failure, according to repair recommendations for artificial reinforcement.

Using automated brute force hack tools to guess database accounts through Internet IP and compromised application server IP, even if the guesswork is unsuccessful, this illegal login attempt consumes database resources and can lead to database outages in severe cases. Therefore, An Huaqin and database security experts recommend using a database firewall for proactive defense prior to the database. The security measures that can be implemented by the database firewall are: Only allow the legitimate operation and application IP address to access the database, the other IP addresses are disabled for database access, and the IP address and port number of the original database are hidden by using the serial proxy of the database firewall. The Brute force tool is unable to know the location of the real database and is blocked by the database firewall automation.

This article is from the Database security blog, so be sure to keep this source http://schina.blog.51cto.com/9734953/1639294

Cloud Platform Database Security series (a) brute force