Database Links Security
by Roshen Chandran, CISSP | Discuss this article »»
Database links (DBLinks in Oracle) are a technique for one database to connect to a remote database and execute queries. The originating database uses an account in the remote destination database to connect. This connection thus uses a username and password of an account in the destination database. The connection has the privileges of the account that’s used in the destination database.
Insecurities with Database Links
Database links introduce several insecurities for the destination database:
- If the originating database is insecure and compromised, the database link could be used by an unauthorized user
- If the originating database is compromised, the user name and password of the database link connection could be compromised
- An adversary who gains access to a database link can execute queries with the privileges of the DBLink account
Best Practices for Database Links
Database links can be made secure through a combination of technical and process controls:
- Use Private Database links, instead of Public links. This restricts access to the DBLink to the owner of the DBLink.
- Use accounts with minimal privileges to access the database link.
- If the DBLink requires read access to some tables, and update access to some other tables, split this into two DBLinks with different accounts – one with Read, and the other with Update privileges
- Ensure that the DBLink password is stored encrypted in the originating database
- Ensure that the DBLink connection is encrypted in transit, by using, say SSL.
- Restrict the IP addresses from which the DB Link connection may originate.
- Evaluate the need for database links and authorize them only when they are essential
- Verify the level of privileges required for the database link - give the minimal set of privileges required to function
- Assign different accounts for database links from different sources - this allows better auditing and tracking
- Insist that the originating database server adhere to security best practices - remember security is only as strong as the weakest link, and the originating database should be secure
- Perform periodic audits of the originating database to ensure that it complies with the best practices for database security, and that the database links adhere to the technical controls specified above
- Database Links: A Definition in Plain English, Lewis Cunningham, http://it.toolbox.com/blogs/oracle-guide/database-links-a-definition-in-plain-english-7023
- Database Links, Pete Finnigan’s Oracle Security Forum, http://www.petefinnigan.com/forum/yabb/YaBB.cgi?board=ora_sec;action=display;num=1181549741
- A Simple Oracle Host Based Scanner, Pete Finnigan, http://www.securityfocus.com/infocus/1522
- Public DBLinks or Not?, AskTom, http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:5991749853476
- Guidelines for Securing the Network, Keeping your Database Secure http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/guidelines.htm#i1009371
- Oracle Database Listener Security Guide, http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle_Listener_TNS_Security.pdf
- Database Links, Ask Tom, http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:456820211101