Can you briefly explain privilege escalation as it relates to databases? How can I determine if my organization...
has a privilege escalation problem?
A privilege escalation attack occurs when a user is able to gain additional access to a system beyond what he or she has been authorized to have by exploiting a vulnerability in that system. Databases can have the same issues that other software has with privilege escalation: If a database function or other part of the database has a vulnerability, a user may be able to exploit the vulnerability to gain access to an account with higher privileges.
One of the biggest threats posed by privilege escalation in a database is the potential for an unauthorized user to gain access to sensitive data stored in the database, but this could also happen on a file system. Perhaps more worrisome is that some databases allow users with elevated privileges to run native programs on the operating system under the privilege of the database. A privilege escalation vulnerability could allow an attacker to fully take over the system hosting the database by running commands on the operating system.
To confirm whether your organization has a privilege escalation problem, you should first determine if databases (or other systems or applications) are running with the minimal privileges necessary for the database to operate (this will likely require assistance from DBAs who have knowledge of application privilege schemas), and then verify that users are given the minimum access necessary to do their jobs; this should also be addressed in a database security policy. To determine what operating system privileges a database is using, look at a process listing and see what user ID the database's processes are running under. If databases are found to be running with root, administrator or other privileged accounts, there is potential for a privilege escalation problem. Couple that problem with a user who has privileges to execute software or a vulnerability that allows the user to execute software from the database, and such a problem poses a serious threat.
Dig Deeper on Database Security Management
Related Q&A from Nick Lewis
Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this ...continue reading
ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and ...continue reading
Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.