Can you briefly explain privilege escalation as it relates to databases? How can I determine if my organization...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
has a privilege escalation problem?
A privilege escalation attack occurs when a user is able to gain additional access to a system beyond what he or she has been authorized to have by exploiting a vulnerability in that system. Databases can have the same issues that other software has with privilege escalation: If a database function or other part of the database has a vulnerability, a user may be able to exploit the vulnerability to gain access to an account with higher privileges.
One of the biggest threats posed by privilege escalation in a database is the potential for an unauthorized user to gain access to sensitive data stored in the database, but this could also happen on a file system. Perhaps more worrisome is that some databases allow users with elevated privileges to run native programs on the operating system under the privilege of the database. A privilege escalation vulnerability could allow an attacker to fully take over the system hosting the database by running commands on the operating system.
To confirm whether your organization has a privilege escalation problem, you should first determine if databases (or other systems or applications) are running with the minimal privileges necessary for the database to operate (this will likely require assistance from DBAs who have knowledge of application privilege schemas), and then verify that users are given the minimum access necessary to do their jobs; this should also be addressed in a database security policy. To determine what operating system privileges a database is using, look at a process listing and see what user ID the database's processes are running under. If databases are found to be running with root, administrator or other privileged accounts, there is potential for a privilege escalation problem. Couple that problem with a user who has privileges to execute software or a vulnerability that allows the user to execute software from the database, and such a problem poses a serious threat.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.