Finding Sensitive Data in and Around Microsoft SQL Server

Total Page:16

File Type:pdf, Size:1020Kb

Finding Sensitive Data in and Around Microsoft SQL Server Technical White Paper Finding Sensitive Data In and Around the Microsoft SQL Server Database Finding Sensitive Data In and Around the Microsoft SQL Server Database Vormetric, Inc. 888.267.3732 408.433.6000 [email protected] www.vormetric.com Technical White Paper Page | 1 Finding Sensitive Data In and Around the Microsoft SQL Server Database Audience This technical document is intended to provide insight into where sensitive data resides in and around a Microsoft® SQL Server® database for the Microsoft® Windows® operating system. The information and concepts in this document apply to all versions of SQL Server (2000, 2005, 2008, 2008 R2, 2012). It also assumes some knowledge of Vormetric’s data encryp- tion and key management technology and its associated vocabulary. Overview At first blush, simply encrypting the database itself would be sufficient to secure data at rest in inside of the Microsoft SQL Server (SQL Server) database software running on Windows server platforms. However, enterprises storing sensitive data in a SQL Server database need to consider the locations around the database where sensitive data relating to SQL Server might reside, even outside the direct control of the Database Administrators (DBAs). For example, it is well within the realm of possibility that a SQL Server database could encounter an error that would cause it to send information containing sensi- tive data into a trace file or the alert log. What follows is a description of the SQL Server database along with a table that includes a list of all types of files and sub- types, along with the function these files provide and why it makes sense to consider protecting these files. This material assumes sufficient understanding of SQL Server databases so that terms like “Transaction Logs”, “tablespaces” or “scripts” are understood. Figure 1: Detailed List of Files Associated with a Microsoft SQL Server. Technical White Paper Page | 2 Finding Sensitive Data In and Around the Microsoft SQL Server Database Type Sub-Type Function Why Protect This Data (if any) In general, transaction logs contain information Transaction logs contain copies about every change made to the database. This of sensitive data. includes Data Manipulation Language (DML) changes like INSERTs, UPDATEs or DELETEs, as well as Data Definition Language (DDL) or structural changes like table DROPs, CREATEs, Transaction ALTERs and so on. Logs Online Contains current database transaction. Sensitive data resides in the online transaction logs. Archive When a transaction log fills or is closed, it is copied Sensitive data resides in the to the archive location. If a database recovery is archive transaction logs. required due to a database failure or other recovery operation, archive logs are used. Master The database that records all of the system level This system can contain very information for a SQL Server system. sensitive security informa- tion about your data in the user databases and should be protected. Model The template for all databases that are created on This database does not typi- the instance of SQL Server. cally contain sensitive data that needs to be protected but can also be encrypted without any impact to the system. The database used by SQL Server Agent for sched- This database contains informa- msdb uling alerts and jobs, and for recording operators. tion on backup and restore and msdb also contains history tables such as the may contain information such as backup and restore history tables. backup location. Not as critical as other system databases but System may also need to be encrypted. Databases A read-only database that contains copies of all Resource system objects that ship with SQL Server 2005 or later versions. tempdb A workspace for holding temporary or intermediate Temporary data could poten- result sets. This database is re-created every time tially contain any data that is an instance of SQL Server is started. When the accessed in the user tables and server instance is shut down, any data in tempdb should be protected. is deleted permanently. A database that exists only if the server is confi- The transactional replication Distribution gured as a replication distributor. This database will contain the same sensitive stores metadata and history data for all types of information that resides in the replication, and transactions for transactional user databases. replication. Backups of a SQL Server Database are used for re- Backups of the SQL Server data- Backups covery purposes in the event of a database failure. base contain the same sensitive information that resides inside of the database. Technical White Paper Page | 3 Finding Sensitive Data In and Around the Microsoft SQL Server Database Sub-Type Why Protect This Data Type (if any) Function SQL Server uses diagnostic logs to report Diagnostic Sensitive data can appear in diagnostic logs errors and users can use them to provide Logs when SQL Server is reporting an error. information about what the database is doing when retrieving their data. Used to execute functions against the Passwords for database users in clear text database. Could be a one-time job or are sensitive information. Scripts repeating function. Scripts may contain passwords since connecting to the data- base requires a password. Could be any kind of output resulting Reports from a SQL script or reporting tool out- putted to a file (pdf, html page). In general, they are files either in inter- nal-SQL Server format or other format that are used to load data into or extract data from a database If this unstructured data originates with the production database it may contain sensitive Easily readable via both the conventional Conventional data. Export import program and any string search Exports/ command. Imports Extraction, Files can be in any of a variety of formats Transform & and are typically used to extract data Load (ETL) from a production database, transforming files the data to meet operational needs, and loading into the target system (a data warehouse or database). Summary When planning to secure sensitive data in a SQL Server database, enterprises need to consider that sensitive data directly related to the database may reside in unanticipated locations outside of the database itself. Robust data security includes considering how to secure sensitive data surrounding the SQL Server database and not simply focusing on sensitive data inside of the database. About Vormetric Vormetric is the leader in enterprise encryption and key management for physical, virtual and cloud environments. The Vormetric Data Security product line provides a single, manageable and scalable solution to manage any key and encrypt any file, any database, any application, anywhere it resides— without sacrificing application performance and avoiding key management complexity. For more information, please call: (888) 267-3732 or visit: www.vormetric.com. Copyright © 2012 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Inc. in the U.S.A. and certain other countries. All other trademarks or registered trademarks, product names, and company names or logos cited are the property of their respective owners. .
Recommended publications
  • SQL Server Protection Whitepaper
    SQL Server Protection Whitepaper Contents 1. Introduction ..................................................................................................................................... 2 Documentation .................................................................................................................................................................. 2 Licensing ............................................................................................................................................................................... 2 The benefits of using the SQL Server Add-on ....................................................................................................... 2 Requirements ...................................................................................................................................................................... 2 2. SQL Protection overview ................................................................................................................ 3 User databases ................................................................................................................................................................... 3 System databases .............................................................................................................................................................. 4 Transaction logs ................................................................................................................................................................
    [Show full text]
  • Damage Management in Database Management Systems
    The Pennsylvania State University The Graduate School Department of Information Sciences and Technology Damage Management in Database Management Systems A Dissertation in Information Sciences and Technology by Kun Bai °c 2010 Kun Bai Submitted in Partial Ful¯llment of the Requirements for the Degree of Doctor of Philosophy May 2010 The dissertation of Kun Bai was reviewed and approved1 by the following: Peng Liu Associate Professor of Information Sciences and Technology Dissertation Adviser Chair of Committee Chao-Hsien Chu Professor of Information Sciences and Technology Thomas La Porta Distinguished Professor of Computer Science and Engineering Sencun Zhu Assistant Professor of Computer Science and Engineering Frederico Fonseca Associate Professor of Information Sciences and Technology Associate Dean, College of Information Sciences and Technology 1Signatures on ¯le in the Graduate School. iii Abstract In the past two decades there have been many advances in the ¯eld of computer security. However, since vulnerabilities cannot be completely removed from a system, successful attacks often occur and cause damage to the system. Despite numerous tech- nological advances in both security software and hardware, there are many challenging problems that still limit e®ectiveness and practicality of existing security measures. As Web applications gain popularity in today's world, surviving Database Man- agement System (DBMS) from an attack is becoming even more crucial than before because of the increasingly critical role that DBMS is playing in business/life/mission- critical applications. Although signi¯cant progress has been achieved to protect the DBMS, such as the existing database security techniques (e.g., access control, integrity constraint and failure recovery, etc.,), the buniness/life/mission-critical applications still can be hit due to some new threats towards the back-end DBMS.
    [Show full text]
  • ACID, Transactions
    ECE 650 Systems Programming & Engineering Spring 2018 Database Transaction Processing Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Transaction Processing Systems • Systems with large DB’s; many concurrent users – As a result, many concurrent database transactions – E.g. Reservation systems, banking, credit card processing, stock markets, supermarket checkout • Need high availability and fast response time • Concepts – Concurrency control and recovery – Transactions and transaction processing – ACID properties (desirable for transactions) – Schedules of transactions and recoverability – Serializability – Transactions in SQL 2 Single-User vs. Multi-User • DBMS can be single-user or multi-user – How many users can use the system concurrently? – Most DBMSs are multi-user (e.g. airline reservation system) • Recall our concurrency lectures (similar issues here) – Multiprogramming – Interleaved execution of multiple processes – Parallel processing (if multiple processor cores or HW threads) A A B B C CPU1 D CPU2 t1 t2 t3 t4 time Interleaved concurrency is model we will assume 3 Transactions • Transaction is logical unit of database processing – Contains ≥ 1 access operation – Operations: insertion, deletion, modification, retrieval • E.g. things that happen as part of the queries we’ve learned • Specifying database operations of a transaction: – Can be embedded in an application program – Can be specified interactively via a query language like SQL – May mark transaction boundaries by enclosing operations with: • “begin transaction” and “end transaction” • Read-only transaction: – No database update operations; only retrieval operations 4 Database Model for Transactions • Database represented as collection of named data items – Size of data item is its “granularity” – E.g. May be field of a record (row) in a database – E.g.
    [Show full text]
  • How to Conduct Transaction Log Analysis for Web Searching And
    Search Log Analysis: What is it; what’s been done; how to do it Bernard J. Jansen School of Information Sciences and Technology The Pennsylvania State University 329F IST Building University Park, Pennsylvania 16802 Email: [email protected] Abstract The use of data stored in transaction logs of Web search engines, Intranets, and Web sites can provide valuable insight into understanding the information-searching process of online searchers. This understanding can enlighten information system design, interface development, and devising the information architecture for content collections. This article presents a review and foundation for conducting Web search transaction log analysis. A methodology is outlined consisting of three stages, which are collection, preparation, and analysis. The three stages of the methodology are presented in detail with discussions of goals, metrics, and processes at each stage. Critical terms in transaction log analysis for Web searching are defined. The strengths and limitations of transaction log analysis as a research method are presented. An application to log client-side interactions that supplements transaction logs is reported on, and the application is made available for use by the research community. Suggestions are provided on ways to leverage the strengths of, while addressing the limitations of, transaction log analysis for Web searching research. Finally, a complete flat text transaction log from a commercial search engine is available as supplementary material with this manuscript. Introduction Researchers have used transaction logs for analyzing a variety of Web systems (Croft, Cook, & Wilder, 1995; Jansen, Spink, & Saracevic, 2000; Jones, Cunningham, & McNab, 1998; Wang, 1 of 42 Berry, & Yang, 2003). Web search engine companies use transaction logs (also referred to as search logs) to research searching trends and effects of system improvements (c.f., Google at http://www.google.com/press/zeitgeist.html or Yahoo! at http://buzz.yahoo.com/buzz_log/?fr=fp- buzz-morebuzz).
    [Show full text]
  • Cohesity Dataplatform Protecting Individual MS SQL Databases Solution Guide
    Cohesity DataPlatform Protecting Individual MS SQL Databases Solution Guide Abstract This solution guide outlines the workflow for creating backups with Microsoft SQL Server databases and Cohesity Data Platform. Table of Contents About this Guide..................................................................................................................................................................2 Intended Audience..............................................................................................................................................2 Configuration Overview.....................................................................................................................................................2 Feature Overview.................................................................................................................................................................2 Installing Cohesity Windows Agent..............................................................................................................................2 Downloading Cohesity Agent.........................................................................................................................2 Select Coheisty Windows Agent Type.........................................................................................................3 Install the Cohesity Agent.................................................................................................................................3 Cohesity Agent Setup........................................................................................................................................4
    [Show full text]
  • Django-Transaction-Hooks Documentation Release 0.2.1.Dev1
    django-transaction-hooks Documentation Release 0.2.1.dev1 Carl Meyer December 12, 2016 Contents 1 Prerequisites 3 2 Installation 5 3 Setup 7 3.1 Using the mixin.............................................7 4 Usage 9 4.1 Notes...................................................9 5 Contributing 13 i ii django-transaction-hooks Documentation, Release 0.2.1.dev1 A better alternative to the transaction signals Django will never have. Sometimes you need to fire off an action related to the current database transaction, but only if the transaction success- fully commits. Examples: a Celery task, an email notification, or a cache invalidation. Doing this correctly while accounting for savepoints that might be individually rolled back, closed/dropped connec- tions, and idiosyncrasies of various databases, is non-trivial. Transaction signals just make it easier to do it wrong. django-transaction-hooks does the heavy lifting so you don’t have to. Contents 1 django-transaction-hooks Documentation, Release 0.2.1.dev1 2 Contents CHAPTER 1 Prerequisites django-transaction-hooks supports Django 1.6.x through 1.8.x on Python 2.6, 2.7, 3.2, 3.3 and 3.4. django-transaction-hooks has been merged into Django 1.9 and is now a built-in feature, so this third-party library should not be used with Django 1.9+. SQLite3, PostgreSQL (+ PostGIS), and MySQL are currently the only databases with built-in support; you can exper- iment with whether it works for your favorite database backend with just a few lines of code. 3 django-transaction-hooks Documentation, Release 0.2.1.dev1 4 Chapter 1.
    [Show full text]
  • Transactions.Pdf
    BIT 4514: Database Technology for Business Fall 2019 Database transactions 1 1 Database transactions • A database transaction is any (possibly multi-step) action that reads from and/or writes to a database – It may consist of a single SQL statement or a collection of related SQL statements ex: Adding a new lunch to the class database – requires two related INSERT statements 2 2 Transactions (cont.) • A successful transaction is one in which all of the SQL statements are completed successfully – A consistent database state is one in which all data integrity constraints are satisfied – A successful transaction changes the database from one consistent state to another 3 3 1 Transaction management • Improper or incomplete transactions can have a devastating effect on database integrity Ex: INSERT only items into the Lunch_item table • If a DBMS supports transaction management, it will roll back an inconsistent database (i.e., the result of an unsuccessful transaction) to a previous consistent state. 4 4 Properties of a transaction • Atomicity • Consistency • Isolation • Durability • Every transaction MUST exhibit these four properties 5 5 Properties of a transaction • Atomicity – The "all or nothing" property – All transaction operations must be completed i.e. a transaction is treated as a single, indivisible, logical unit of work • Consistency – When a transaction is completed, the database must be in a consistent state 6 6 2 Properties of a transaction • Isolation – Data used during the execution of a transaction cannot be used by a second
    [Show full text]
  • Database Systems 09 Transaction Processing
    1 SCIENCE PASSION TECHNOLOGY Database Systems 09 Transaction Processing Matthias Boehm Graz University of Technology, Austria Computer Science and Biomedical Engineering Institute of Interactive Systems and Data Science BMVIT endowed chair for Data Management Last update: May 13, 2019 2 Announcements/Org . #1 Video Recording . Since lecture 03, video/audio recording . Link in TeachCenter & TUbe . #2 Exercises . Exercise 1 graded, feedback in TC in next days 77.4% . Exercise 2 still open until May 14 11.50pm (incl. 7 late days, no submission is a mistake) 53.7% . Exercise 3 published and introduced today . #3 CS Talks x4 (Jun 17 2019, 5pm, Aula Alte Technik) . Claudia Wagner (University Koblenz‐Landau, Leibnitz Institute for the Social Sciences) . Title: Minorities in Social and Information Networks . Dinner opportunity for interested female students! INF.01014UF Databases / 706.004 Databases 1 – 09 Transaction Processing Matthias Boehm, Graz University of Technology, SS 2019 3 Announcements/Org, cont. #4 Infineon Summer School 2019 Sensor Systems . Where: Infineon Technologies Austria, Villach Carinthia, Austria . Who: BSc, MSc, PhD students from different fields including business informatics, computer science, and electrical engineering . When: Aug 26 through 30, 2019 . Application deadline: Jun 16, 2019 . #5 Poll: Date of Final Exam . We’ll move Exercise 4 to Jun 25 . Current date: Jun 24, 6pm . Alternatives: Jun 27, 4pm / 7.30pm, or week starting Jul 8 (Erasmus?) INF.01014UF Databases / 706.004 Databases 1 – 09 Transaction Processing Matthias Boehm, Graz University of Technology, SS 2019 4 Transaction (TX) Processing User 2 User 1 User 3 read/write TXs #1 Multiple users Correctness? DBS DBMS #2 Various failures Deadlocks (TX, system, media) Constraint Reliability? violations DBs Network Crash/power failure Disk failure failure .
    [Show full text]
  • Destiny® System Backups
    Destiny® system backups Establishing a backup and restore plan for Destiny Overview It is important to establish a backup and restore plan for your Destiny installation. The plan must be validated and monitored to ensure that your data is sufficiently backed up and can be recovered in the event of hardware failure or other disaster. IMPORTANT Follett recommends deploying a comprehensive backup solution and testing and monitoring all backup processes. There are tradeoff decisions to be made in the backup strategy that will be shaped by your organization’s risk tolerance, technology constraints, and ability to absorb data loss or downtime. This document provides an overview of standard backup and restore for the Destiny system. IMPORTANT This content does not cover high-availability configurations such as clustered servers or log shipping. Please contact Follett School Solutions, Inc. Technical Support should you have any questions about backing up your Destiny installation. For details, see Destiny® system backups. Backing up Destiny: an overview SQL database The heart of the Destiny data resides in the SQL database. These are the main components of SQL data to be backed up: The Destiny SQL database. This database contains the main Destiny data. Proper SQL backup configuration of this database is essential. NOTE If your installation is a consortium, you will have to ensure a proper backup of multiple SQL databases (one per member). The Destiny SQL transaction log. The Master SQL database. This system database is useful when restoring to a replacement server. It is not necessary to back up the tempdb database. This is a SQL Server work area and is recreated automatically.
    [Show full text]
  • Infosphere MDM Collaboration Server: Installation Guide
    IBM InfoSphere Master Data Management Collaboration Server Version 11.6 Fix Pack 15 Installation Guide IBM Note Before using this information and the product that it supports, read the information in “Notices” on page 159. Edition Notice This edition applies to version 11.6 of IBM® InfoSphere® Master Data Management and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright International Business Machines Corporation 2000, 2020. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Chapter 1. Planning to install.................................................................................1 Installation scenarios.................................................................................................................................. 1 Installation and configuration worksheets................................................................................................. 3 Installation directory worksheet............................................................................................................3 IBM Db2 data source worksheet............................................................................................................4 Oracle data source worksheet............................................................................................................... 5 WebSphere Application Server installation worksheet.........................................................................6
    [Show full text]
  • Database Management Systems Introduction Transaction ACID
    Introduction What is Concurrent Process (CP)? • Multiple users access databases and use computer Database Management systems simultaneously. • Example: Airline reservation system. Systems œ An airline reservation system is used by hundreds of travel agents and reservation clerks concurrently. Transaction, Concurrency and Why Concurrent Process? Recovery • Better transaction throughput and response time • Better utilization of resource Adapted from Lecture notes by Goldberg @ Berkeley Transaction ACID Properties of transaction • What is Transaction? • Atomicity: Transaction is either performed in its entirety or not performed at all, this should be DBMS‘ • A sequence of many actions which are responsibility considered to be one atomic unit of work. • Consistency: Transaction must take the database • Basic operations a transaction can include from one consistent state to another if it is executed in —actions“: isolation. It is user‘s responsibility to insure consistency œ Reads, writes • Isolation: Transaction should appear as though it is œ Special actions: commit, abort being executed in isolation from other transactions • Durability: Changes applied to the database by a committed transaction must persist, even if the system fail before all changes reflected on disk Concurrent Transactions Schedules • What is Schedules œ A schedule S of n transactions T1,T2,…Tn is an ordering of the B B operations of the transactions subject to the constraint that, for each transaction Ti that participates in S, the operations of Ti in Smust CPU2 A appear in the same order in which they occur in Ti. CPU A 1 œ Example: Sa: r1(A),r2(A),w1(A),w2(A), a1,c2; CPU1 T1 T2 time Read(A) Read(A) t1 t2 t1 t2 Write(A) interleaved processing parallel processing Write(A) Abort T1 Commit T2 1 Oops, something‘s wrong Another example • Reserving a seat for a flight • Problems can occur when concurrent transactions execute in an uncontrolled manner.
    [Show full text]
  • Data Definition Language (Ddl)
    DATA DEFINITION LANGUAGE (DDL) CREATE CREATE SCHEMA AUTHORISATION Authentication: process the DBMS uses to verify that only registered users access the database - If using an enterprise RDBMS, you must be authenticated by the RDBMS - To be authenticated, you must log on to the RDBMS using an ID and password created by the database administrator - Every user ID is associated with a database schema Schema: a logical group of database objects that are related to each other - A schema belongs to a single user or application - A single database can hold multiple schemas that belong to different users or applications - Enforce a level of security by allowing each user to only see the tables that belong to them Syntax: CREATE SCHEMA AUTHORIZATION {creator}; - Command must be issued by the user who owns the schema o Eg. If you log on as JONES, you can only use CREATE SCHEMA AUTHORIZATION JONES; CREATE TABLE Syntax: CREATE TABLE table_name ( column1 data type [constraint], column2 data type [constraint], PRIMARY KEY(column1, column2), FOREIGN KEY(column2) REFERENCES table_name2; ); CREATE TABLE AS You can create a new table based on selected columns and rows of an existing table. The new table will copy the attribute names, data characteristics and rows of the original table. Example of creating a new table from components of another table: CREATE TABLE project AS SELECT emp_proj_code AS proj_code emp_proj_name AS proj_name emp_proj_desc AS proj_description emp_proj_date AS proj_start_date emp_proj_man AS proj_manager FROM employee; 3 CONSTRAINTS There are 2 types of constraints: - Column constraint – created with the column definition o Applies to a single column o Syntactically clearer and more meaningful o Can be expressed as a table constraint - Table constraint – created when you use the CONTRAINT keyword o Can apply to multiple columns in a table o Can be given a meaningful name and therefore modified by referencing its name o Cannot be expressed as a column constraint NOT NULL This constraint can only be a column constraint and cannot be named.
    [Show full text]