Transcript Slide 0
Integrated Data Environments for
Natural Resource Management
NCAI Exchange Network
Tribal User Meeting
9-10 April 2008
Considerations for
Tribal Database Application Security
Bill Farr
President
ResourceVue, LLC
T: 801-458-5900, [email protected]
© 2008 ResourceVue, LLC, All Rights reserved
NCAI
Tribal Data Types Examples
etc…
Haz Waste
Departmental
Unique Data Tracking
Land Use, Air
Water Resources
Departmental Data Tracking
Air
EPA EN
Node
Clients
Land
Water
GIS
Assets
Assets
Ag
Tribal Business Applications
Contract, Grant Management
Program Management
Tribal
Common Processes
Finance
etc…
NCAI 9 Apr 2008
2
NCAI
IT and Data Architectures
Databases typically run on servers that have basic
protection
Client
Server
SW
Code
IIS
Internet
Explorer
Firewall
IIS and Oracle can
reside on the same
server, where IIS
communicates with
the Oracle database
through port 1521
Web
Web
Services
Client connects to
IIS server over the
Web and through a
firewall using port
443
NCAI 9 Apr 2008
DB
(Oracle)
Users are
authenticated using
PKI certificates and
strong passwords
3
NCAI
Threats to Database Applications
80% of malicious activity on data
comes from the inside… (Forester)
Typical database application threats
are:
– SQL Injection
– Inference
– Web page hi-jacks
Result: Unauthorized access to data
NCAI 9 Apr 2008
4
NCAI
Threats to Database Applications
SQL Injection
“…SQL injection attacks allow a malicious activity to execute arbitrary SQL code
on the server. The attack is issued by including a string delimiter (') in an input
field and following it with SQL instructions. If the server does not properly validate
input, the instructions may be executed against the database. “
Malicious DB query
NCAI 9 Apr 2008
5
NCAI
Threats to Database Applications
Inference
– Inference occurs when users are able to piece together information at one
security level to determine a fact that should be protected at a higher security
level.
Level 2
Level 1
Inference
Allotment
Ownership
Tribal
Member Name
NCAI 9 Apr 2008
6
NCAI
Threats to Database Applications
Web page Hi-jacks
A web page hi jack occurs when a malicious person tries to capture a URL/page
name without going though any authentication.
Hi-jack
Malicious
User
Authentication
NCAI 9 Apr 2008
Web
page
Database
7
NCAI
What to ask the DB Developer
What tiers/layers do you have in your application, and what
security is built in?
How do you handle SQL Injection attacks?
How do you handle Inference attacks?
How do you handle Web age Hijacks?
How do you handle User Security?
NCAI 9 Apr 2008
8
NCAI
Example Answers
What tiers/layers do you have……
Middle Layer
Data Layer
Web
Services
Internet
Explorer
The Internet
Explorer client
communicates to
the IIS server
through HTTPS
NCAI 9 Apr 2008
IIS
The IIS server
passes user
requests to the
TVUtils object,
which returns
HTML and DHTML
TVUtils
The TVUtils object
communicates with
the DBUtils object
using XML
DBUtils
DB
The DBUtils object
retrieves information from
and updates information in
the Oracle database using
an OLEDB connection
9
NCAI
Example Answers
How do you handle SQL Injection attacks?
“Our middle layer performs a format check on the DB
request…”
Is this request the correct format???
- NO: kick out
- Yes: proceed
Middle
DBUtils
NCAI 9 Apr 2008
Data Layer
DB
10
NCAI
Example Answers
How do you handle Inference attacks?
“1. If a user does not have the permissions they can not get
to the next page, and…..
2. Error messages no display any data.”
Level 2
Level 1
Inference
X
Allotment
Ownership
Tribal
Member Name
NCAI 9 Apr 2008
11
NCAI
Example Answers
How do you handle Web page Hijacks?
“1. If a user does not have the permissions they can not get
to the next page, and…..
2. each page checks the source of the request; if not
authenticated, it throws a message:
Hi-jack
Malicious
User
Authentication
NCAI 9 Apr 2008
Web
page
Database
12
NCAI
Example Answers
How do you handle User Security?
“We use a multi-factored security model:
•Realm: Separate data into virtual instances
•Rule: Restrict DB operations to what is needed, when..
•Roles:Only allows users to perform the functions they need
•Policy: Written policies on the above
NCAI 9 Apr 2008
13
NCAI
User Security Example
ResourceVue – Super Node
NCAI 9 Apr 2008
14
Mni Sose – Resourcevue Super Node
NCAI
Example
Roll-up
Queries
EPA EN
Mni Sose
‘Super-Node’
Node Client
Rule: Only allow
operations
at certain hous
Aggregated
Multi-tribal
Water Quality
Environmental
Data Data
Services
Mni Sose
Coalition
Portal DB
DB
Web Services
Coalition
Kickapoo
Tribe 1 DB
Web Services
Omaha
Web Services
Coalition
Ponca
Tribe 3 DB
Web Services
Prairie
Coalition
Band
Tribe 4 DB
Potawatomi
Web Services
Realm: Separate, Secure
Tribal
Databases
Role: Individual
Member
Log In
Local Data Server
Coalition
Sac
and
Fox
Tribe
5 DB
Spreadsheet
Searches
Reports
Documents
NCAI 9 Apr 2008
Web Services
Coalition
Santee
Tribe
6 DB
Sioux
Web Services
Coalition
Winnebago
Tribe 7 DB
15
NCAI
A Solution
Web based – currently hosted at Mni Sose, Rapid City
Member access, security, admin
Multi-Tribal
Partitions
Program Area
Apps:
Water, Air, Facilities
Document Library
NCAI 9 Apr 2008
16
NCAI
Role: Access to Water Assets
Surface and Ground Water Sources
Manage Baseline
Data of Water
Assets
Monitoring Stations
Manage
Monitoring
Stations
NCAI 9 Apr 2008
17
NCAI Role: Manage of EPA Transactions
Track each node client data submission history
– EPA token ID, XML file (WQX)
NCAI 9 Apr 2008
18
NCAI
The Process - Node Client Flow
Sample Process for Managing Water Quality Data Exchange
400
EPA
Water
Quality
Engineers
D
A
T
A
N
N
I
N
Reviewers G
NCAI 9 Apr 2008
Set
Standards
S
T
O
R
E
Water
P
Resources L
Dept
A
410
Receive
Data Set
200
210
Manage
Monitoring
Stations
Gather Water
Quality
Samples
100
Manage Baseline
Data of Water
Assets
110
Import Data
Into Central
Repository
120
130
Prepare EPA
Data Exchange
Format
Invoke Node
Client to Push
Data Set to EPA
300
Review and
Assess Water
Quality Data
19
NCAI
NCAI 9 Apr 2008
Questions…..
20
NCAI
Bill Farr
ResourceVue, LLC
T: 801-458-5900
Email: [email protected]
NCAI 9 Apr 2008
21