Starting from the database to prevent information leakage in the Social Security Industry

Starting from the database to prevent information leakage in the Social Security Industry

In response to the massive leakage of Social Security user information in 30 provinces and cities nationwide reported by the Internet today, Anhua gold analyzed the vulnerabilities in the Social Security Industry reported by wooyun, and concluded that: A large amount of information leakage is mainly caused by the SQL injection vulnerability in the software and by external hacker intrusion.

In fact, according to Anhua Gold's understanding of the social security industry, not only external hackers, at the same time, O & M personnel, third-party developers, and even business personnel of the social security system can directly connect to the database to view or modify relevant information, this results in the disclosure or tampering of Social Security data in batches.

The solution to these problems requires a systematic approach, including management system improvement, security awareness enhancement, more rigorous application code, and a safer network architecture; however, from the perspective of professional database security vendors, the security of the Social Security database itself has a huge vulnerability, especially when the Social Security Information provides Internet access, it is easy to drag the database.

Data leakage security issues are analyzed as follows:

(1) attackers of external hackers steal Social Security Information

Hacker attackers can steal data in two ways:

First, after intrusion into the network, you can directly access the database server, directly copy data files from the database, and then restore data in different regions.

The second is to use the vulnerabilities in the application system and use SQL injection to download the information of social security personnel in batches. This method is the main method in the case of leakage.

(2) system maintenance or excessive permissions of third-party developers

Responsible for database maintenance and management, and directly master the password of database DBA users. DBA is responsible for system maintenance and management, and can query all sensitive information in the database at any time. Such personnel are used by others and can log on to the database at any time to access social security information.

Third-party developers of the social security system can obtain data through Backdoor programs or directly accessing the database because they are more familiar with the system.

13 million of the Data leaked by Shaanxi Mobile is the backdoor program planted by developers.

(3) The database files are stored in plain text, causing overall leakage after being copied to the data files.

Currently, data files in mainstream databases are stored in plain text. Internal Personnel or external hacker intruders can easily exploit this vulnerability to obtain the data files or backup files of the Social Security database for remote restoration or use a dedicated data parsing tool to obtain all the social security information.

In recent years, there have been many typical leaks that steal data by directly exploiting the storage vulnerabilities at the file layer; for example, the information leakage of 8 million users in the forum is caused by hackers getting data files from the database and leaking information of more than customers in the CSDN1000, because the backup disk is used after it is obtained.

The security issues of data tampering are analyzed as follows:

(1) Illegal tampering of High-Permission maintenance personnel

During the maintenance of the social security database system, there are a large number of maintenance personnel accounts and accounts used by third-party personnel. For ease of use, DBAs often simplify the process when assigning permissions to these accounts, directly grant permissions to the DBA role, or a high-Permission role that can access sensitive social security information at any time.

Once a person who has mastered these account passwords is exploited for economic or other reasons, he or she can tamper with economic data such as his or her salary and account balance.

(2) Illegal tampering with the identity of legal maintenance personnel

Due to work needs, legal maintenance personnel should have the permission to modify the salary and account balance. Once these personnel are used, or others have obtained the passwords of legal maintenance personnel, they can still tamper with sensitive social security data.

In addition, the existing mechanism cannot accurately track who the operator is, but only knows which database account is used for data modification.

(3) misoperations by legal maintenance personnel

Due to various reasons, legal maintenance personnel may also make improper changes to the social security data, resulting in incorrect modification results.

The existing mechanism cannot accurately audit the detailed process of each behavior modification by legal maintenance personnel, such as the value before modification and the value after modification. In case of misoperations, the system may not be able to restore and correct the behavior.

Anhua gold, as a professional database security vendor, has communicated with users and vendors in the Social Security Industry many times when problems are frequently exposed in the social security industry, according to the joint discussions between the two parties, some specific solutions have been formed and applied in some provinces and cities. The following is a typical solution for local cities:

Internet regionAnhua gold proposed to provide protection by deploying database firewalls and database encryption systems. Database firewalls can prevent SQL injection, batch download, and Backdoor programs. Database Encryption, the key information of the database stored on the Internet is in the ciphertext state on the storage layer, thus preventing database theft at the file layer.

Database firewalls are different from traditional firewalls. Traditional firewalls cannot prevent SQL injection and other methods. Database firewalls are different from web firewalls. In fact, web firewalls have many application restrictions, there are many ways to bypass SQL injection, and the web firewall cannot prevent batch download and Backdoor programs.

The database firewall can precisely parse and control the communication process of the database. SQL injection itself is more thorough than web firewall can intercept. At the same time, it can establish application feature models for social security applications, establishes an abstract expression of normal social security access statements and controls the total number of returned statements. This prevents batch downloading and Backdoor programs.

The database encryption product is different from the disk encryption and file encryption. The last two technologies cannot prevent database theft after the database is started.

For maintenance DomainsAnhua gold proposes to deploy database firewalls and database audits. Database firewalls control the operations of O & M personnel (including O & M or developers, the approval control process is introduced when O & M personnel access sensitive tables in batches or modify data of special tables through methods such as Vault mode. The database audit can record the database access behavior of all personnel. It can break through the application layer restrictions and effectively associate SQL statements with the identity of business personnel to form effective tracking after a security event occurs.