Cloud security: Five lessons from Yahoo password attacks

A news incident last week attracted media attention, with nearly 450,000 passwords from 450,000 yahoo services called ' Yahoo Voice ' hacked. The comment on the incident said that hackers mainly through SQL injection (SQL injection) technology is the hacker from the database to information and then release the information of the main technology adopted.

Even if it is an original article that has been modified, you can find an error if you do a check. Technology is the same, as every more in-depth discussion can find new problems. In fact, every time the company is attacked the data security, but the attacks are still endless. What we can do is to protect the data more and to take more precautions against the companies we find affected as their highest priority event to ensure data security. It has to be said that these events will have a certain impact on the overall shake of cloud computing, enterprises will be adopted in the enterprise, because these events so that the CIO's mind increased the fear of cloud security, uncertainty and suspicion.

The next thing, however, is that each enterprise should adopt the best practices and guidelines, and when companies are ready to adopt hybrid cloud computing, such one-off events should not prevent them from adopting the path of hybrid computing.

In other words, this event is not really due to the adoption of the cloud or a multi-user model, but rather the failure to comply with the error caused by choosing the appropriate cloud age, which is one of the best practices for negative example. It also implies the importance of the presence of cloud brokers or cloud technology mediator coordinators who have a wealth of knowledge and experience in enterprise computing algorithm data management, and the key significance of ensuring that companies choose to adopt cloud computing in a secure way.

Lessons learned from Yahoo password attacks

1. Do not follow the security framework
&NBSP during the development process
No matter how the technology has changed, the basic principles and coding for development are unchanged. Most of the time SaaS providers are under a lot of pressure to market time, and market time is sometimes just enough to make them work around the basics of basic security, but that's not right. If you accept input from the user, you usually need to be validated before the input is made. The lack of confirmation of input can cause the underlying attacks like cross-site scripting or SQL injection. In a multiuser world, the risk of SQL injection is increased many times, because hackers can often enter the system as a legitimate user by creating a virtual account and then start attacking other users ' data.

Earlier in an article in 2010, I elaborated on the SQL injection in SaaS, when it comes to developing sAAS or multiple user applications, I think the input validation is still valid for the process.

2. Do not encrypt at the database level

Overall, critical data encryption is one of the most important security aspects of securing any database security, and this is especially important for multiuser databases. However, most companies take the method of encrypting at the virtual machine or path volume level, which means that the entire hard drive will not be useful to hackers even if it is actually stolen.
Although this is a very useful feature, this level of encryption is still not useful when hackers legitimately enter the virtual machine where the database is located. Therefore, further, the user encrypted database-level encryption is further provided, for example, only users who have access to read-Allow operations can browse the data of this database, and will increase the level of security.

In my earlier article, "Protecting data quietly on a public cloud," I've compared the choice between medium-commodity middleware and RDBMS (relational databases) in protecting data. , it is clear that the combination of these two approaches makes the multiuser database highly secure.

3. Exposing too much metadata

How many times do you have a database table that stores credit card information and names it as a ' credit card ' or is placed as a PIN or password in a user's database in a credit card password bar? Although in the past, the best way to design a database is to prompt the correct column names, and the use of metadata like database-level comments, they may also be harmful to sensitive data in today's world.

generally recommends avoiding not putting too much metadata in sensitive columns and keeping them as part of supporting primary files, not all. There is no rule to store credit card information in a table named ' Temp_t1 ' and your application map Temp_t1 is indeed a table containing credit card information.

4. Do not use the best features in the best security features for the database

today, in the absence of a consolidated database, most software vendors will feel pressured to make their products run without a consolidated database in their operating products. But it also gives them a broader marketing capability. While this is more important than business prospects, because of this limitation, we have seen products that are using powerful RDBMS (relational database) systems only as a pure data store without using their best security features.

In my earlier article, "Using Oracle virtual Private databases to implement multi-user," I have elaborated on the best features-like Oracle's VPD functionality ——。 If you provide a lot of security features, unless you make sure that your application is set up in the right environment, if and when you use it properly, because some data is not visible to users, unless the application is set to the appropriate environment. Similarly, these functions can also be used to make some of the items that are not directly accessible to a confirmed column while being directly consulted, pretending to become invisible. Similarly, sophisticated data audits provide many auditing capabilities to counter database security attacks.

Similarly, if database-level security is properly applied, we can take advantage of the use of role tasks, permission confirmations, and privileges. In this way--in the case of the storage process, the database connection is only given an instruction of ' execute ' privilege, the database performs the connection, and there is no entry directly to the ' readout ' of the base table. These design patterns will further protect the data effectively.

This also points to the fact that the product vendor should focus on the unique security features of the database, such as Oracle, SQL Server, and DB2 databases, in addition to setting application-level security permissions, should also be implemented in their design to add this recommendation more similar functionality. It is worth mentioning that the need for porting applications to multiple databases should not reduce the security requirements of applications.

5. Do not cover up camouflage data

Camouflage data is about the meaning of converting the real data from the most recent form into a different format to store. This is a little bit different from encryption, because such data is usually readable, but if you don't know the decryption algorithm format, the data displayed is wrong and meaningless. The traditional camouflage is only done when the production data is entered into a test or a development machine, and when the production data is entered into an overseas development site.

However, we have not seen too many examples of real production data that use camouflage techniques to protect security information, and are not widely used in markets.

The golden rule is that a social security number is usually defined as a separate column with 9 characteristics that is stored continuously in the column, if the same number is stored in 3 different columns in the digital rollover, then the application reverses them and forms a reasonable social security number, What will happen? will be able to greatly improve the security index password? This is just an example where the same rules can be applied to credit cards or passwords or PIN codes, so only the application knows how to extract its meaning from a disguised, sensitive data into real data that no one else knows.

To sum up, as indicated at the beginning of the article, when new services are increasingly being applied to public networks in a short time, there will inevitably be more and more instances of security attacks. However, companies do not need to worry about these things because they do not use cloud or multi-user mode. Enterprises should take the best and most suitable for the enterprise's own design model, the article also mentioned the use of database classification protection technology, segmented database access mode, and the database for subsection calls, coupled with a reasonable confirmation program, will completely block future data attacks.