Are databases hosted by third parties necessarily insecure?

Discussion in 'Computer Security' started by Mellow Crow, May 9, 2005.

  1. Mellow Crow

    Mellow Crow Guest

    Newbie question (s).

    I may be building a web site for someone that might have to hold
    private/senstive data.

    A possible solution is to use MySQL, with a Secure Connection (SSL?). Many
    commercial web hosting companies (third parties) offer MySQL and SSL
    hosting.

    Does having my Clients database reside on a third party server violate a
    fundamental rule of security: you must control physical access to your
    computer?

    Or can a reasonable level of security be achieved by hosting through a
    trusted web host??
     
    Mellow Crow, May 9, 2005
    #1
    1. Advertising

  2. Mellow Crow wrote:

    > Newbie question (s).
    >
    > I may be building a web site for someone that might have to hold
    > private/senstive data.
    >
    > A possible solution is to use MySQL, with a Secure Connection (SSL?). Many
    > commercial web hosting companies (third parties) offer MySQL and SSL
    > hosting.
    >
    > Does having my Clients database reside on a third party server violate a
    > fundamental rule of security: you must control physical access to your
    > computer?
    >
    > Or can a reasonable level of security be achieved by hosting through a
    > trusted web host??


    Honestly, my opinion on this is I would not house sensitive data on a third
    party system. I just would not do it. It does not matter what the database
    (or applications) are. Would the third party sign an agreement to be liable
    should they get hacked and you lose your data? When they even tell you they
    were hacked or just "sweep it under the rug"? They are way to many problems
    when it comes to sensitive data and third parties. Remember only a couple
    of states have laws requiring clients getting notified due to a computer
    hack...

    In short, private/sensitive data should reside on your system not someone
    else's...

    Michael
    --
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html

    Protect your rights
    http://www.eff.org/
    http://www.publicknowledge.org/
     
    Michael Pelletier, May 9, 2005
    #2
    1. Advertising

  3. Mellow Crow

    Mellow Crow Guest

    Michael Pelletier wrote:

    > Honestly, my opinion on this is I would not house sensitive data on a
    > third party system. I just would not do it. It does not matter what
    > the database (or applications) are.


    Some example problems:
    > Would the third party sign an
    > agreement to be liable should they get hacked and you lose your data?
    > When they even tell you they were hacked or just "sweep it under the
    > rug"?


    Your prompting me to think of other cases: The certainly wouldn't tell you
    if they (someone in the employ) hacked into their own server.

    > [There] are way to many problems when it comes to sensitive data
    > and third parties.


    Thanks Michael. That matches with my thinking.
     
    Mellow Crow, May 9, 2005
    #3
  4. Mellow Crow

    Ken Ward Guest

    On Mon, 09 May 2005 00:16:50 GMT, "Mellow Crow" <>
    wrote:

    >Newbie question (s).
    >
    >I may be building a web site for someone that might have to hold
    >private/senstive data.
    >
    >A possible solution is to use MySQL, with a Secure Connection (SSL?). Many
    >commercial web hosting companies (third parties) offer MySQL and SSL
    >hosting.
    >
    >Does having my Clients database reside on a third party server violate a
    >fundamental rule of security: you must control physical access to your
    >computer?
    >
    >Or can a reasonable level of security be achieved by hosting through a
    >trusted web host??
    >
    >
    >
    >

    In a sense it depends, as does everything in the security field, on
    how much you are prepared to pay and your risk profile. What you are
    proposing is similar to the IBM e-business model that they are
    marketing (and other big names, but I'm most familiar with the IBM
    model). What you may lose in not physically owning your site can be
    compensated for by the other services IBM can provide. It's your
    choice how you spend your dollars & the security that it buys.

    There is no set of fundamental rules in security that will
    automatically break your application if not followed. Each rule is a
    strong suggestion of good practice, but each rule has exceptions. It
    is the security proponents (often difficult) job to assess the risk of
    each business model against this and against the costs to determine a
    most effective solution.
     
    Ken Ward, May 10, 2005
    #4
  5. Mellow Crow

    Winged Guest

    Mellow Crow wrote:
    > Newbie question (s).
    >
    > I may be building a web site for someone that might have to hold
    > private/senstive data.
    >
    > A possible solution is to use MySQL, with a Secure Connection (SSL?). Many
    > commercial web hosting companies (third parties) offer MySQL and SSL
    > hosting.
    >
    > Does having my Clients database reside on a third party server violate a
    > fundamental rule of security: you must control physical access to your
    > computer?
    >
    > Or can a reasonable level of security be achieved by hosting through a
    > trusted web host??
    >
    >
    >
    >
    >

    No, you can have secure data hosted on 3rd party site however connection
    should be restricted host should be configured to only communicate with
    the web front end, and the application (web host) should be tested
    extensively with something like spi dynamics web inspect to ensure
    applications are not susceptible to buffer overruns, etc.

    The web host and data hosts should be behind a secure firewall with
    ports only opened to where required. All DB pipes need to be specific
    to/from db/web host with ports aliased to odd ports.

    You should add a secure socket inside the ssh or vpn shell and store
    data within the DB with a high security single key algorithm. The key
    needs only to reside with the data relay host. Keyed connectors need to
    be used between the web host and relay host and between the relay host
    and the db. There are several tools that can facilitate this type of
    connector,

    Ideally you use a data relay host behind the web server that is only
    exposed to the web server and the db host. No live sensitive data
    should be stored on the exposed web host. The web host would only have
    the specific port exposed required for transaction (typically 443). By
    keeping the transient data off the exposed host and on the relay host
    only as long as transmission is confirmed and checked (checksum
    encrypted data and provide checksum in reply, you can expect reasonable
    data surety.

    Additionally contract with DB host provider should ensure systems remain
    patched with only required services run on the specific host in
    question. Communication restrictions should be ensured, specify backup
    intervals and system uptime and disclosure.

    MS SQL can be operated securely, but the most dangerous piece of this
    scenario is the actual web host that is directly exposed. It is not
    something that should be set up by an amature. It requires someone to
    stay on top of server, ensure patches are placed on system
    appropriately, and that applications work after the system is patched.
    Communication restrictions should not only be placed via the web
    application, but within the OS itself. Like all of the other servers,
    configured with only the absolute minimum required services running.

    You will probably want to open specific administrative pipes to the DB
    server, but you will want to keep the pipes at a minimum. because you
    are running relayed keyed pipes compromise of the web host will reduce
    the likelihood that a hacker can break through to the db store.
    Administrative consoles must be kept secure. By testing you applications
    to ensure things like buffer overruns can not corrupt your data chain
    you reduce the likelihood the data store can be compromised. Encrypting
    the data store you reduce the likelihood that the db managers can
    compromise the data as an inside job or tape loss.

    While this sounds complex, it is not that difficult to implement, and
    does not create significant latency. We have servers doing over 10000
    transactions per minute with no significant issues although we host our
    own db server which lives in it's own DMZ segment. By performing the
    data encryption on the data relay server and redundant data check (web
    server checks data first time, relay server also ensures data lengths
    are appropriate.

    The last piece required is IDS to alarm Admins if certain activities are
    occurring. And someone who is competent, should review IDS logs,
    firewall logs, configuration, and server logs daily.

    Simple!

    Winged
     
    Winged, May 10, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Insecure Firefox setting?

    , Mar 26, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    403
    Parko
    Mar 26, 2005
  2. Proteus

    where can i telnet or do insecure http form?

    Proteus, Nov 29, 2005, in forum: Computer Security
    Replies:
    6
    Views:
    3,636
    Ken K
    Nov 30, 2005
  3. Au79
    Replies:
    1
    Views:
    486
  4. Have A Nice Cup of Tea

    Déjà Vu as Third Parties Ship IE Patches

    Have A Nice Cup of Tea, Mar 29, 2006, in forum: NZ Computing
    Replies:
    2
    Views:
    304
    Gordon
    Mar 31, 2006
  5. hillarycu
    Replies:
    0
    Views:
    652
    hillarycu
    Mar 13, 2008
Loading...

Share This Page