2011年6月29日 上午 11:16
This may not be the most appropriate place for my question, but here it goes - I am considering building an Windows Forms application that uses a hosted database in a commercial web hosting firm.
Could you please make me aware of the security risks involved. I have asked the question before below but did not get replies concerning security...
2011年6月29日 下午 02:32
Your question is not 0-1 answer. The best way to deal with it is to Threat Model the scenario you've mentioned. Frankly, the fact that the database is outside your company DMZ should be considered only one more risk source, but your might have a lot more to be analysed.
Fistly, let's divide your app in four elements:
1 - Process - Windows App
2 - Store - Database
3 - Data flow - Data Requisition
4 - Data flow - Data Response
Now, making use of STRIDE, we can figure out the threats. More info about STRIDE http://msdn.microsoft.com/en-us/magazine/cc163519.aspx
Element S T R I D E
1 X X X X X X
2 X X X
3,4 X X X
Now, you must employ an analysis for each element, detailing the threat, assigning the risk level, and the coutermeasure/mitigation.
As an example, considering the following threat:
- Threat - Information disclosure is when the information can be read by an unauthorized party.
- Detail - Consider the information in the data flow and what protections it needs. Is it over a network or IPC?
- Countermeasure - Confidentiality mitigations are dependant on the nature of the data flow Consider ACLs and encryption. Over the network, data can only be protected by encryption.
The information above is in the Threat Modeling Analysis Tool. http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx
Fabricio Braz (PhD)
- 已編輯 Fabrício Braz 2011年6月29日 下午 02:37 layout
2011年7月1日 上午 01:46
Thank you very much for introducing the STRIDE concept to me.
The STRIDE may be good for analyzing threats, but I am wondering what are those threats and what can I do about them?
For example, my application will be sending requests to the server and get data back. I don't know the format a query result will be in, probably plain text?
Is there a book that details this information and show me how to do that?
2011年9月5日 下午 08:49
Apart from what Fabrício Braz explained, you should consider following secure coding practices.
Since your data is hosted in commercial hosting firm, you should consider using strong Encryption for encrypting critical data. So in case the hosting firm database gets leaked out , no one should be able to decrypt your critical data.
Thanks & Regards,
My Blogs: http://www.sunilyadav.net Follow Me : http://www.twitter.com/yadavsunil
- 已提議為解答 SDL TeamModerator 2011年9月22日 下午 08:06
2011年9月5日 下午 08:53
Thanks for your reply.
The idea is good, but does SQL Server provide a seamless way to do this?
2011年12月21日 下午 01:57
Here is an article about encryption in SQL Server: http://msdn.microsoft.com/en-us/library/cc278098(v=sql.100).aspx
And I would also like to point out that not only the data on SQL Server should be encrypted, but also the communication betweeen the database and your client.
Dimitri C. - Please mark the replies as answers if they help! Thanks.
2011年12月24日 下午 09:59Dimitri C, thanks for your feedback.