Documentos de Académico
Documentos de Profesional
Documentos de Cultura
A threat is any type of situation that will badly affect the database system.
Privilege elevation:
Attackers may take advantage of database platform software vulnerabilities to convert access privileges from those of an administrator to those of an ordinary user. Vulnerabilities may be found in stored procedures, built-in functions, protocol implementations, and even SQL statements For example, a software developer at a financial institution can take benefit ofof a vulnerable function to obtain the database administrative privelege.
Sql injection:
In a SQL injection attack, one who commits crime or perpetrate typically inserts (or injects) unauthorized database statements into a vulnerable SQL data channels. The targeted data channels contain stored procedure and web application input parameters. These injected statements are then passed to the database where they are executed Using SQL injection, attackers can gain unrestricted access to the whole database system.
Denial of Service:
Denial of Service (DOS) is a general attack category in which access to network applications or data is denied to intended users. Denial of service (DOS) conditions may be generated through several techniques that are vulnerabilities. For example, DOS may be achieved by taking advantage of a database platform weaknesses to crash a server. Other common DOS techniques include data corruption, network flaws, and server resource overload (memory, CPU, etc.). Resource overload is specifically common in database environment.
Weak Authentication:
Weak authentication schemes allow attackers to assume the identity of rightful database users by stealing or otherwise obtaining login authorities/privileges. An attacker can apply any number of strategies Brute Force - The attacker repeatedly enters username/password combinations until he finds the correct one that works accurately. The brute force process may involve simple guesswork or system wise enumeration of all combinations. usually an attacker can use automated programs to accelerate the brute force process Social Engineering A scheme in which the attacker takes advantage the natural human tendency to trust in order to convince others to provide their login authorities and privileges. For example, an attacker may present himself through phone as an IT manager and request login credentials for system maintenance purposes.
Privilege Abuse:
users may abuse legal,lawful data access privileges for unauthorized purposes. For example, a user with privileges to view individual student records via a custom student application client may abuse that privilege to retrieve all student records through MS-Excel client.
excessive privileges:
When users (or applications) are granted database access privileges that exceed the requirements of their job function, these privileges may be abused for harmful purpose. For example, a college administrator whose job requires only the ability to change student information can take advantage of excessive database update privileges to change grades and marks of the students.
Conclusion:
Although databases information is vulnerable to a host of attacks, it can also be reduced by focusing on the most critical threats.