Security analysis of MSSQL and MySQL

Databases are the basis of E-commerce, finance, and ERP systems, and often hold important business partners and customer information. Electronic data from most businesses, organizations, and government departments are kept in various databases, where they keep personal data and sensitive financial data. But databases are often not as secure as operating systems and networks. Data is the lifeblood of an organization, so it is critical to choose a secure database. I'm on my machine. Using the Admin account defaults to install MSSQL and MySQL to test their security in the same situation. My system is configured as follows: Operating system Microsoft Windows Version5.0, Sp4,ftp Services and IIS services are installed, ASP and PHP are supported. The system has only one administrator account Admin,guest account is not disabled. I. Internal security analysis of the system 1.mysql database permissions control problem MySQL's rights control is based on MySQL, the database, called Authorization form, including six table Columns_priv,db,func,host,tables_priv and user. First use the DESC user command to view the structure of the very important user table to query for content, and now you can view his permission settings. Use the command select Host,user,password,delete_priv,update_priv,drop_priv from user; This command looks at several more dangerous permissions, showing the results below:mysql> select Host,user,password,delete_priv,update_priv,drop_priv from user; +-----------+------+------------------+-------------+-------------+-----------+ | Host | user | password | Delete_priv | Update_priv | Drop_priv | +-----------+------+------------------+-------------+-------------+-----------+ | localhost | Root |0e4941f53f6fa106 | Y | Y | Y | | % | Root | | Y | Y | Y | | localhost | | | Y | Y | Y | | % | | | N | N | N | +-----------+------+------------------+-------------+-------------+-----------+ 4 rows in Set (0.00 sec) The first means that the use of root in the local password login, with delete records, modify records, delete tables and other permissions, good, this is safe. The second means that in any host use root without password login, with delete records, modify records, delete tables and other permissions. The third means that anonymous landing on this machine, with delete records, modify records, delete tables and other permissions. The last bar indicates that any host can log on anonymously, but without any permissions. Obviously, the second, three, four are unsafe! The second article, needless to say, in terms of the third, even if you are local guest permissions, but you can log into the MySQL database, and have full permissions. This way, you can do whatever you want with the database. WORKAROUND: If you do not need remote maintenance, delete the second delete from user where host= "%" and user= "root", or add a strong password to it. Delete the third article, delete from user where host= "localhost" and user= "", 2.mysql installation directory permissions issues MySQL defaults to C:\mysql, but the C disk defaults to everyone Full control, Because of the inheritance of permissions, C:\mysql is completely controlled by everyone, which is obviously unsafe. Because malicious users can delete important data files. WORKAROUND: Reset the access rights to the MySQL directory. Or install MySQL to another directory, if you move MySQL distribution to D:\mysql, you must use D:\mysql\bin\mysqld--basedir D:\mysql to start mysqld, or even modify its configuration file. 3.mssql Database Permissions control problem the permission control of the MSSQL database is based on the syslogins table of Master Library, the account with all permissions is SA, the other has Sysadmin,db_owner and other rights account. However, the default password for the highest privilege account SA for the MSSQL database is empty, so that if not noticed during installation, the data will be a devastating disaster. Malicious attackers can modify, delete all data, and more importantly, the MSSQL account can use the extension to execute system commands. WORKAROUND: Check all login accounts periodically to see if there are any passwords that do not meet the requirements. Use master Select Name,password frThe OM syslogins where password is null command checks for the existence of a null password account. Remove storage extensions as much as possible to prevent local users from using storage extensions to execute malicious commands. Use the Master sp_dropextendedproc xp_cmdshell command to remove the xp_cmdshell extension. 4.mssql installation directory Permissions issues like MySQL, MSSQL is installed to everyone Full Control C disk, due to access control issues, it is best to install to D disk and other non-system disk to carry out strict control of permissions. Furthermore, because the MSSQL database is tightly integrated with the system, the system administrator can also manipulate the database by selecting Windows Authentication without a database password. Therefore, it is possible for ordinary users to improve their privileges through system vulnerabilities and destroy the database. Workaround: In addition to strict access restrictions, periodically check the SQL Server logs for suspicious logon events or use the DOS command findstr/c: "Log on" D:\Microsoft SQL Server\mssql\log\*.*. The security of MSSQL is closely linked to the security of Windows systems, and any vulnerability that can be compromised is another security threat. Summary, in the system internal security, MySQL and MSSQL have not reached satisfactory degree, account security, access rights are not controlled very well. But the MSSQL has detailed log can check the landing situation, than MySQL to be higher than a chip. If you make a reasonable setup, MySQL will be more secure, because for MSSQL, as long as the system permissions can have database permissions. Two. External network security Analysis 1. Database service detection for security, MySQL services can be run in the network, but if your machine has an extranet interface, MySQL will automatically be bound to the external network, exposed to the Internet, and the system will be in TCP 3306 port monitoring, very easy to be detected by the port scanning Tool, Data security is not guaranteed. If default, MSSQL turns on TCP's 1433 port listening. Although MSSQL can artificially change the listening port, it is easy to know what TCP/IP ports are used by SQL Server through Microsoft's undisclosed 1434-port UDP probes. Sending a 1-byte packet to the UDP1434 port, the detected system returns the installed MSSQL service information, including host name, instance name, version, pipe name, and port used. This port is used by Microsoft itself, and unlike the default 1433 port, 1434 cannot be changed. A typical return message is as follows: SerVername; sky;instancename;sky;isclustered; No; Version;8.00.194;tcp;3341;np;\\sky\pipe\mssql$xht310\sql\query; You can find the TCP port of MSSQL changed to 3341, open the door for attackers! As long as a little socket programming knowledge, it is easy to write scanning MSSQL Services program, and, because of the use of UDP port, the general filtering is difficult to prevent. Workaround: Install the firewall, or use the Windows 2000 system IPSec to restrict the network connection to the IP packet security. Restrictions on IP connectivity, only to ensure that their own IP access, deny other IP port connectivity, the security threats from the network to effectively control. Importantly, the port should also be filtered, including most TCP and UDP ports, because only IP restrictions, it is possible that a malicious attacker would first attack the host trusted by the database server, after the control as a springboard to the database server attacks. 2. Database Password Detection Password attacks include two kinds, crack passwords and network monitoring. Cracking passwords is using tools to constantly connect to the database to guess passwords, including dictionary attacks, violent attacks and a half-violent half-dictionary attack between the two. Usually the attackers first use dictionary attack method, without success in turn use half violent half dictionary attack, violent attack. When the network speed is good enough, the computer operation ability is strong enough, such password attack harm is quite big. Network monitoring is the control of a network device, which runs a listening tool to capture the password information transmitted over the network. Network monitoring can be divided into two types, one is external monitoring, the listening tool software to the network attached to the device or to the computer can control network connection devices, where the network connection devices, such as gateway servers, such as routers and so on. Another is from the internal monitoring, for insecure LAN, the data is broadcast by the way, as long as the network card is set to promiscuous mode can receive the original does not belong to their own packets, of course, may include information such as passwords. Solution: For password cracking, as long as the password set to strong enough, and the same IP address Non-stop connection requests to screen. But for listening, if the network transmission is not encrypted, all the network transmission is plaintext, including passwords, database content, etc., no matter how complex passwords are not helpful, this is a great security threat. Therefore, in the case of conditions, it is best to use SSL to encrypt the protocol, of course, you need a certificate to support. and, for network monitoring should be found in time, if the network packet loss rate suddenly increased, then there is reason to suspect that the network was listening. 3. Scripting Security script security itself is a very complex questionQuestions, enough to write a professional long analysis of the article, and I am not very knowledgeable about the script, Mix,envymask,pskey,angel they are more crazy, haha. Script security is mainly caused by the lack of strict inspection of the submitted data, and the more dangerous symbols are ";", "", "#", "--", "$", "\" etc. This problem was initially considered to be a problem with Asp+sql server, but it soon found that the impact was very large, and then someone went on to find out in php+mysql that the problem would still exist, that San had an in-depth analysis of PHP, and interested in finding his articles in security focus. The script does not seem to be a very effective solution, only rely on the programmer's personal qualities ... Summary, whether MySQL, or MSSQL, in the external network, are under considerable threat. In contrast, MSSQL is threatened even more, in the last 2 years, MSSQL exposed several remote overflow vulnerabilities. If the configuration is good, I think MySQL is more secure than MSSQL, because the new overflow vulnerabilities can be broken at any time, and can execute system commands SQL injection attack is also very scary. Well, limited to space, this article ends here. Responsible Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) Text: Security analysis of MSSQL and MySQL back to network security home