Transcript Slide 0
Integrated Data Environments for Natural Resource Management NCAI Exchange Network Tribal User Meeting 9-10 April 2008 Considerations for Tribal Database Application Security Bill Farr President ResourceVue, LLC T: 801-458-5900, [email protected] © 2008 ResourceVue, LLC, All Rights reserved NCAI Tribal Data Types Examples etc… Haz Waste Departmental Unique Data Tracking Land Use, Air Water Resources Departmental Data Tracking Air EPA EN Node Clients Land Water GIS Assets Assets Ag Tribal Business Applications Contract, Grant Management Program Management Tribal Common Processes Finance etc… NCAI 9 Apr 2008 2 NCAI IT and Data Architectures Databases typically run on servers that have basic protection Client Server SW Code IIS Internet Explorer Firewall IIS and Oracle can reside on the same server, where IIS communicates with the Oracle database through port 1521 Web Web Services Client connects to IIS server over the Web and through a firewall using port 443 NCAI 9 Apr 2008 DB (Oracle) Users are authenticated using PKI certificates and strong passwords 3 NCAI Threats to Database Applications 80% of malicious activity on data comes from the inside… (Forester) Typical database application threats are: – SQL Injection – Inference – Web page hi-jacks Result: Unauthorized access to data NCAI 9 Apr 2008 4 NCAI Threats to Database Applications SQL Injection “…SQL injection attacks allow a malicious activity to execute arbitrary SQL code on the server. The attack is issued by including a string delimiter (') in an input field and following it with SQL instructions. If the server does not properly validate input, the instructions may be executed against the database. “ Malicious DB query NCAI 9 Apr 2008 5 NCAI Threats to Database Applications Inference – Inference occurs when users are able to piece together information at one security level to determine a fact that should be protected at a higher security level. Level 2 Level 1 Inference Allotment Ownership Tribal Member Name NCAI 9 Apr 2008 6 NCAI Threats to Database Applications Web page Hi-jacks A web page hi jack occurs when a malicious person tries to capture a URL/page name without going though any authentication. Hi-jack Malicious User Authentication NCAI 9 Apr 2008 Web page Database 7 NCAI What to ask the DB Developer What tiers/layers do you have in your application, and what security is built in? How do you handle SQL Injection attacks? How do you handle Inference attacks? How do you handle Web age Hijacks? How do you handle User Security? NCAI 9 Apr 2008 8 NCAI Example Answers What tiers/layers do you have…… Middle Layer Data Layer Web Services Internet Explorer The Internet Explorer client communicates to the IIS server through HTTPS NCAI 9 Apr 2008 IIS The IIS server passes user requests to the TVUtils object, which returns HTML and DHTML TVUtils The TVUtils object communicates with the DBUtils object using XML DBUtils DB The DBUtils object retrieves information from and updates information in the Oracle database using an OLEDB connection 9 NCAI Example Answers How do you handle SQL Injection attacks? “Our middle layer performs a format check on the DB request…” Is this request the correct format??? - NO: kick out - Yes: proceed Middle DBUtils NCAI 9 Apr 2008 Data Layer DB 10 NCAI Example Answers How do you handle Inference attacks? “1. If a user does not have the permissions they can not get to the next page, and….. 2. Error messages no display any data.” Level 2 Level 1 Inference X Allotment Ownership Tribal Member Name NCAI 9 Apr 2008 11 NCAI Example Answers How do you handle Web page Hijacks? “1. If a user does not have the permissions they can not get to the next page, and….. 2. each page checks the source of the request; if not authenticated, it throws a message: Hi-jack Malicious User Authentication NCAI 9 Apr 2008 Web page Database 12 NCAI Example Answers How do you handle User Security? “We use a multi-factored security model: •Realm: Separate data into virtual instances •Rule: Restrict DB operations to what is needed, when.. •Roles:Only allows users to perform the functions they need •Policy: Written policies on the above NCAI 9 Apr 2008 13 NCAI User Security Example ResourceVue – Super Node NCAI 9 Apr 2008 14 Mni Sose – Resourcevue Super Node NCAI Example Roll-up Queries EPA EN Mni Sose ‘Super-Node’ Node Client Rule: Only allow operations at certain hous Aggregated Multi-tribal Water Quality Environmental Data Data Services Mni Sose Coalition Portal DB DB Web Services Coalition Kickapoo Tribe 1 DB Web Services Omaha Web Services Coalition Ponca Tribe 3 DB Web Services Prairie Coalition Band Tribe 4 DB Potawatomi Web Services Realm: Separate, Secure Tribal Databases Role: Individual Member Log In Local Data Server Coalition Sac and Fox Tribe 5 DB Spreadsheet Searches Reports Documents NCAI 9 Apr 2008 Web Services Coalition Santee Tribe 6 DB Sioux Web Services Coalition Winnebago Tribe 7 DB 15 NCAI A Solution Web based – currently hosted at Mni Sose, Rapid City Member access, security, admin Multi-Tribal Partitions Program Area Apps: Water, Air, Facilities Document Library NCAI 9 Apr 2008 16 NCAI Role: Access to Water Assets Surface and Ground Water Sources Manage Baseline Data of Water Assets Monitoring Stations Manage Monitoring Stations NCAI 9 Apr 2008 17 NCAI Role: Manage of EPA Transactions Track each node client data submission history – EPA token ID, XML file (WQX) NCAI 9 Apr 2008 18 NCAI The Process - Node Client Flow Sample Process for Managing Water Quality Data Exchange 400 EPA Water Quality Engineers D A T A N N I N Reviewers G NCAI 9 Apr 2008 Set Standards S T O R E Water P Resources L Dept A 410 Receive Data Set 200 210 Manage Monitoring Stations Gather Water Quality Samples 100 Manage Baseline Data of Water Assets 110 Import Data Into Central Repository 120 130 Prepare EPA Data Exchange Format Invoke Node Client to Push Data Set to EPA 300 Review and Assess Water Quality Data 19 NCAI NCAI 9 Apr 2008 Questions….. 20 NCAI Bill Farr ResourceVue, LLC T: 801-458-5900 Email: [email protected] NCAI 9 Apr 2008 21