Tag Archives: Database security

Is SQL Injection possible in NOSQL DB?

Are you using one of the trending NoSQL databases such as MongoDB or CouchDB? Or maybe you are thinking of using one of those but are troubled by how secure they are? We will discuss the security of the application programming interfaces (APIs) and software development kits (SDKs) of NoSQL databases, while also diving into the application code consuming these databases and providing some examples and advice on the risks and mitigations.

NoSQL Databases Still Have Risks

NoSQL, which stands for Not Only SQL, is a common term for nonrelational databases. Among popular NoSQL databases you will find the aforementioned MongoDB and CouchDB, along with Redis, Cassandra and more. NoSQL databases have become increasingly popular thanks to their benefits in particular use cases, especially in big data and real-time Web usages where performance, scalability and flexibility are key.

Top 10 Tips to secure most used NOSQL Database

Good Reads and practical examples.

Advertisement

Just One command & hacker stole 100 million users from the Capital One’s network

Abstract

One command executed in the firewall hack allowed the intruder to gain credentials for an administrator account known as “*****WAF-Role.” This in turn enabled access to bank data stored under contract by a cloud computing company that went unnamed in court documents, but was identified as Amazon Web Services by the NYT and Bloomberg. Other commands allowed the attacker to enumerate Capital One folders stored on AWS and to copy their contents. IP addresses and other evidence ultimately indicated that Thompson was the person who exploited the vulnerability and posted the data to Github, Martini said.

Thompson allegedly used Tor and a VPN from IPredator in an attempt to cover her tracks. At the same time, Martini said that much of the evidence tying her to the intrusion came directly from things she posted to social media or put in direct messages. A June 26 Slack posting and another post the next day to an unnamed service, for instance, both referred to the WAF-Role account.

Reads more in

https://arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/

CyberSecurity: It is time for you to think about cyber insurance.

It is the fact & everybody accepts that cyber breach is inevitable & sooner or later, Every business would face the heat. With the given situation in digital security problems, Businesses are starting looking into mitigating risk, recovery plan on security breaches. Cyber insurance is a new business not quite popular as of now but business sees value in insuring their digital rights & assets.

So, What is Cyber Insurance?

Cyber insurance is a growing segment of the insurance market. It helps companies avoid incurring huge losses from database security breaches. There are many clauses in the cyber insurance & it is similar to any other insurance. The more you pay the more you get.

Cyber insurance can include first-party and third-party coverage. The first-party coverage mitigates the expenses your company incurs, which can include legal fees, system repairs, lost income and public relations

How does cyber insurance work?

Most insurance companies will ask how your systems are already protected from viruses and hackers, and some will also do onsite audits. Clients are expected to understand the risks of a security breach and to recognize scams such as phishing emails.

Cyber insurance could cover following major components:

  • Privacy and security liability
  • Hardware repairs and downtime
  • Ransomware settlement
  • Media/web content liability

Read more about this on this article

https://www.businessnewsdaily.com/1723-cyberinsurance-everything-you-need-to-know.html

Database Security: Important security 10 tips for MongoDB

Overview

MongoDB is one of the growing & most adaptive cross-platform document-oriented database program solutions in the market. And, it is a widely used alternative to Relation database. As the popularity of MongoDB going up, The more it is prone to the attackers. In general, Hackers target most used software because in one go they can target multiple organizations with less effort.

Common Database Security modules: At the high level, Database Security professionals check following practices & process:

  • Access control
  • Auditing
  • Authentication
  • Encryption
  • Backups
  • Keep tracking database activities. Auditing.

NOTE: There are many practices to secure the database & each section listed above needs to have a process around. If there isn’t any process around each of them then it would be really hard to investigate the issue when an incident/data breach happens. 

MongoDB Security Top 10 Security guidelines to follow:

1 Enable SSL: Enable security authentication in MongoDB configuration file (mongod.conf)

2 – Strong Password: Do not put Weak password because MongoDB does not provide lockout solution & hackers can try to figure it out the password in many attempts.

3 – Roles based access: Authorize user by the roles. Do not make everyone admin & keep admin access secure & do not share with everyone.

4 User access control: Check excessive privileges given to users. And, check what role a user has & what access should be given to the user.

5 – Secure Replica Set: Add replication key file (MongoDB-key file). This will make sure only who has a replica key can join replica set & also encrypt the transaction between replica sets.

6Regular Backup: Make backup regularly. Keep an updated copy of the data in backup storage.

7Avoid default Configuration: Avoid using standard ports to run MongoDB server in production. Hackers generally scan the servers with standard ports.

8Disable public access: Opening MongoDB host to the public isn’t a good practice. if your application & MongoDB instance running on the same instance, then disable public access to that machine.

9 Avoid default MongoDB Ports: Firewall rules are enabled on MongoDB server & scanning of MongoDB ports are not permitted.

10Do the security Testing: Run the penetration testing & use tools like NMAP & Telnet to check the connection to your MongoDB server

Reference

https://docs.mongodb.com/manual/administration/security-checklist/