Preventing SQL injection attacks: Prospects for network administrators

Attacks against Web applications-SQL injection is well known, and security experts have been very cautious about the method used by more and more hackers for a long time. SQL injection is a type of attack in which malicious Structured Query Language (SQL) code is manually added to the input box of Web forms to try to obtain resource access permissions or change data security.

The only condition required is that the network port 80 is open. Even if a firewall is set up, this port is also one of the few channels that allow traffic. The recent SQL Injection case is a server attack from Heartland Payment Systems, it makes network administrators aware of the severity of SQL Injection threats and begins to review their defense measures against this attack.

The main method to defend against SQL injection attacks is to use parameterized storage programs. When these programs are used, they will send requests to the database in the form of parameters and user-defined subroutines, which replaces the command method that requires users to directly provide numerical values. The advantages of SQL parameters are not only reflected in the security of input, but also greatly reduce the success rate of SQL injection attacks.

Database development is not within the network administrator's responsibility, but you should firmly believe that only data security on the network can be guaranteed to follow the best practices.

Although it is necessary to use the storage program, it is not enough to do so. In order to defend against potential attackers, a deep defense strategy is essential. Otherwise, developers will be asked to provide front-line security, which is a challenge for many organizations from past experiences. There is no doubt that database administrators and application developers should follow best practices, but let's take a look at what you can do as a network administrator to provide additional protection for database resources.

Applications and database servers obviously require reinforcement and regular patching. However, because SQL injection attacks target specific Web applications, such as ASP, JSP, and PHP, instead of operating systems running on Web servers and SQL injection attacks, SQL injection attacks cannot be solved by system patches and upgrades.

Both static and sensitive information transmitted in the network must be encrypted, but the greatest contribution may be to the number of additional Web application firewalls or some application layer firewall variants used as additional defense.

The protection scope of Web application firewall is beyond the traditional network firewall and intrusion detection/intrusion defense systems. Many Web application firewalls, such as those developed by Imperva and Barracuda Networks, it can help defend against SQL injection attacks, cross-site scripting attacks, and other attacks against application logic vulnerabilities or software technical vulnerabilities. The latest Web application firewall can identify evasion techniques developed by attackers using SQL injection ). For example, some injection commands are partially encoded to disrupt attacks.

The application layer firewall you selected should allow you to create filters to intercept, analyze, or modify traffic only to the network. A large number of requests do not need to be analyzed. filters generally do not need to remove strings frequently used in SQL injection attacks, such as -- and @ version. All these requests can be logged and their original IP addresses can also be closed. Better firewalls can "Learn" what is normal traffic and abnormal traffic for your specific network, and adopt corresponding processing methods.

When an exception is detected, WAF can shut down potential attack processes. In addition, SQL injection attacks are usually initiated through URL query strings. Regular checks on the log files of the Web server can detect abnormal query operations that may cause injection attacks.

As a network administrator, it is very important to ensure that the permissions of any account used by Web applications must be set to the lowest level. Strict access restrictions will reduce the loss caused by successful attacks. Do not use a user name with administrative permissions. For example, use "sysadmin" on the server layer or use "db_owner" on the database layer to connect to the Web application.

For example, Microsoft recommends that you assign a domain account to the service when installing SQL Server to restrict users from accessing only necessary resources. In this way, even if an attacker breaks the defense line of an organization, the attacker is restricted by the control set for accessing the SQL server.

Because SQL injection attacks take advantage of poorly written code, the only way to completely prevent SQL injection attacks is to solve your application code vulnerabilities. However, as a network administrator, you can add additional defense layers to make it more difficult for potential attackers to conquer.