Cyber Threats and Vulnerabilities of Database Application
In the contemporary business environment, private and public organizations are increasing using database applications to store employee and customer records. Similar to private organizations that produce goods and services, increasing number of healthcare organizations are also taking the advantages of the associated benefits of the database to store employee and patient's records. (Goodrich, & Tamassia, 2011). While there are different types of database applications tailored to serve different industries, the iTrust database has been developed for a healthcare industry. The iTrust is a cloud-based healthcare database application that assists medical providers storing and managing medical records of patients and health providers.
Similar to a traditional database that contains a number of tables to store medical records, iTrust also has tables to store medical records, the iTrust also serves as the patient-centric application used to maintain an EHR (electronic health record) that combines medical information from different sources assisting in presenting the history of patients records. Despite the benefits that iTrust provides to healthcare organizations, the iTrust faces different security risks from web spoofing, insider threats, and coding errors leading to SQL injections. (Anderson, 2008).
The objective of this document is to analyze and assess the security vulnerabilities and threats of the iTrust database application. The paper identifies the Cross-Site Scripting, SQL injection, Session Hijacking, Response Splitting, and natural disasters as the threats facing the iTrust database application.
1. Analysis and Assessment of iTrust Security Threats and Vulnerabilities
Response Spitting
A response spitting is an HTTP header injection vulnerabilities, which can be used to create Cross-Site Scripting for iTrust database attack. In other words, the response spitting is the type of iTrust database vulnerability that allows an attacker injecting the custom strings on the web HTTP header. The attacker can use the combination of response spitting and other attack vectors to steal session data and cookies as well as other sensitive information. The response spitting can also be used to intercept a web server and cause persistence defacement of the browser. (Sfetcu, 2014).
Cross-Site Scripting (XSS)
The XSS (Cross-Site Scripting) is a type of iTrust database vulnerability that enables attackers injecting client-side scripts into a web application. The XSS allows an attacker injecting codes that look trustworthy and trick the user into clicking the code to perform operations or obtain the copy of the cookie. The motive of XSS vulnerabilities is to bypass the access control letting attackers penetrating into the database applications. In the United States, the XSS accounts for approximately 84% of iTrust database vulnerabilities, and the effects can range from petty security risks to large security risks depending on the sensitivity of data. The following example reveals the strategies an attacker can employ to get access to the Patient ID, pid using the XSS:
Patient ID:
The above code can cause a problem in the system because it can be presented as a malicious URL, then use the social engineering tricks to lure victims into clicking the malicious URL.
Session Hijacking: Use strong random numbers for session IDs
The session hijacking is an example of iTrust vulnerabilities that involves cookie hijacking to exploit a valid computer session. Typically, the attacker uses a session hijacking to gain unauthorized access to services or sensitive information in the database systems. Particularly, an attacker can use the session hijacking to authenticate a remote server to access saved cookies. A session fixation is one of the methods of session hijacking where an attacker sends an email link containing a particular session ID and wait for the user to log in to collect information. The attacker can also use the session side-jacking using packet sniffing to penetrate into network traffic between two or more parties to steal sensitive information. The strategy allows an attacker to intercept data submitted in the server. An attacker can also use malware to penetrate into the iTrust database to steal the cookies files without the knowledge of users.
SQL Injection
"A SQL injection attack is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters." (Smith, Shin, & Williams, 2008 p 51). The SQL injection vulnerabilities occur when there is no input validation to prevent SQL injection. Typically, the SQL injection can destroy the iTrust database because the attacker can inject SQL commands via web page input to alter the SQL statements to compromise the security protocols of the database. A smart input in the iTrust database that can lead to SQL injection is as follows:
Patient Id:
108 or 1=1
Server Result
SELECT * FROM Patients WHERE PatientId = 108 or 1=1
The SQL is the same as the...
getParameter ("patientName");
try {
Data data = connection.createData ( ... );
ResultSet results = data.executeQuery ( query );
Natural Disasters
Natural disasters such as flooding, landslide, tornados, hurricanes, and volcanic eruption can cause immense damages to database systems consequently, lead to a loss of data. If an organization stores their entire data in the central database without implementing an appropriate backup technique, a disaster can lead to a loss of entire data making the business operations becoming standstill. The issues can lead to loss of customer, loss of reputation, and financial loss.
Recovery
When natural disasters have led to a security breach, an organization is required to implement a recovery planning to recover the lost data. However, the time and costs for recovery can be challenging for an organization if the planning is not planned before the disaster. In the process of recovery, the affected organization may not recover all data because the recovery planning is not integrated into the iTrust database management.
Offsite Data Recovery (Cold, Warm, Hot)
After the natural disaster, an organization is required to recover data from cold, warm, and hot sites. The example of hot sites are servers as well as live site running in case of disaster. All these sites are the critical sites for an organization business operation. However, a warm site is a site that allows a pre-installation of hardware and pre-configuration of bandwidth that to restore data for business operations. An example of cold sites is network connectivity center and data center. However, an organization business operations can be in standstill if cold, warm, and hot sites are located in the same locations with the location of the iTrust database during a natural disaster.
Insider Threats
A disgruntled employee and other malicious employees can cause a damage to the iTrust database application. Moreover, an employee within the organization may steal sensitive information from the database for monetary gains.
2. Identification of Security Measures to address Threats and Vulnerabilities.
Context-sensitive Encoding
A strategy to address the threats from response splitting is to perform a context-sensitive encoding. The benefit of context encoding is to improve bug reporting. A bug is an error in the system development, and an attacker can take the advantages of bugs to penetrate the database and steal sensitive information. Thus, a context encoding assists in detecting the bugs and improving bug reporting. A context-sensitive encoding is also very important in program optimization. (Bidgoli, 2006).
Use of Parameterized SQL statement
The primary defense against the SQL injection is to use the parameterized SQL queries. The parameterized SQL queries prevent an attacker to change the intent of the queries in the database. Moreover, a developer can blacklist characters or words that can be used for SQL input to prevent SQL injection attacks. The primary benefit of parameterized statements is to protect the iTrust database from SQL injections.
Example of parameterized SQL statement is as follows:
INSERT INTO PATIENT (name, cost) VALUES (?, ?)
The above statement is immune against the SQL injection.
Another example of parameterized SQL statement is as follows:
txtPatientId = getRequestString ("PatientId");
txtSQL = "SELECT * FROM Patients WHERE PatientId = @0";
db.Execute (txtSQL, txtPatientId);
In the above code, @ marker serves as parameter to protect SQL from SQL injection.
Stored Procedure
The stored procedure using no dynamic SQL is another strategy to prevent SQL injection. One of the benefits of using stored procedure is to prevent the database against SQL injection. Stored procedure consists of a logical set of SQL queries used to perform specific tasks. Typically, the stored statements are considered secured because they handle the SQL more correctly than ordinary SQL statements that may provoke the SQL injections.
The following SQL statements are the example of secured SQL statements.
Secure Usage
1 -- Execute Immediate - named parameter
2 sqlStmt: = 'SELECT cus_id FROM customers WHERE cus_email =: email';
3 EXECUTE IMMEDIATE cus_email;
Recovery
The backup method storing data offsite is the strategy to guide against the natural disaster that can lead to a loss of data. An organization should back up all their data and store them offsite should in the case of natural disaster, the organization will turn to backup data and…
