Excessive and Unused Privileges

When someone is granted database privileges that exceed the requirements of their job function, these privileges can be abused. For example, a bank employee whose job requires the ability to change only accountholder contact information may take advantage of excessive database privileges and increase the account balance of a colleague’s savings account. Further, when someone leaves an organization, often his or her access rights to sensitive data do not change. And, if these workers depart on bad terms, they can use their old privileges to steal high value data or inflict damage.

How do users end up with excessive privileges? Usually, it’s because privilege control mechanisms for job roles have not been well defined or maintained. As a result, users may be granted generic or default access privileges that far exceed their specific job requirements. This creates unnecessary risk.

Mitigation

  • User Rights Management

Aggregate Access Rights: Scan databases for both granted and privileged user rights and extract details such as the actual access right (e.g. SELECT, DELETE, CONNECT, etc), who granted them, who received those rights, and objects to which rights have been granted. Aggregating user rights into a single repository helps streamline the reporting and analysis of user access to sensitive data.

Enrich Access Rights Information with User Details and Data Sensitivity: Adding information related to user roles and their database behavior adds considerable value to user rights analysis and helps zero-in on the abuse of privileges. Collect and append contextual details to user rights information including the user name, department, database object sensitivity, and last time accessed. This allows you to focus your analysis on the access rights that represent the highest business risk.

Identify and Remove Excessive Rights and Dormant Users: Identify users that have too many privileges and users who don’t use their privileges. This helps determine if user access rights are appropriately defined, find separation of duties issues, and remove excessive rights that are not required for users to do their job. Hackers use access rights to impersonate users and go after sensitive data stores. Therefore, reducing excessive rights helps protect against malware compromise.

Review and Approve/Reject Individual User Rights: Perform an organized review of user rights to determine if they are appropriate. Reviewers should approve or reject rights, or assign them to another for review, and administrators can report on the review process. Conducting organized user rights reviews meets regulatory requirements and reduces risk by ensuring that user privileges are granted on a need-to-know basis.

  • Monitoring and Blocking

Real-Time Alerting and Blocking: Monitor all database access activity and usage patterns in real time to detect data leakage, unauthorized SQL transactions, and protocol and system attacks. When attempts to access unauthorized data occur, generate alerts or terminate the user session. Use a solution that leverages policies – both pre-defined and custom – that inspect database traffic to identify patterns that correspond to known attacks, such as DoS attacks, and unauthorized activities. Security policies are useful for not only detecting excessive privilege abuse by malicious, compromised, or dormant users, but also for preventing most of the other top ten database threats.

Detect Unusual Access Activity: Establish a comprehensive profile of each database user’s normal activity. These baselines provide the basis for detecting DoS, malware, SQL injection, and anomalous activities. If any user initiates an action that does not fit their profile, log the event, generate an alert or block the user. Creating activity-based user profiles increases the likelihood of detecting inappropriate access to sensitive data.