Equipment failure

Great strides have been made in recent years toward improving the reliability of computer hardware, but we’re still a long way from perfect hardware that will never fail. Anything with moving parts is subject to wear and tear. As a consequence, such devices fail more often than do devices that have no moving parts. Hard drives, CD-ROM drives, and DVD-ROM drives all depend on mechanical movement and, thus, are possible points of failure. So are cooling fans and even on/off switches. Cables and connectors — such as USB ports and audio or video jacks that are frequently inserted and extracted — are also liable to fail before the nonmoving parts do.

Even devices without moving parts, such as solid state drives or processor chips can fail due to overheating or carrying electrical current for too long. Also, anything can fail if it’s physically abused (dropped, shaken, or drenched with coffee, for example).

You can do several things to minimize, if not eliminate, problems caused by equipment failure. Here are a few ideas:

• Check the specifications of components with moving parts, such as hard drives and DVD-ROM drives, and pick components with a high mean time between failures (MTBF).

  Do some comparison shopping. You’ll find a range of values. When you’re shopping for a hard drive, for example, the number of gigabytes per dollar shouldn’t be the only thing you look at.

• Make sure that your computer system has adequate cooling. It’s especially important that the processor chips have sufficient cooling, because they generate enormous amounts of heat.
• Buy memory chips with a high MTBF.
• Control the environment where your computer is located. Make sure that the computer gets adequate ventilation and is never subjected to high temperatures. If you cannot control the ambient temperature, turn the system off when the weather gets too hot. Humans can tolerate extreme heat better than computers can.
• Isolate your system from shock and vibration.
• Establish a policy that prohibits liquids such as coffee, or even water, from being anywhere near the computer.
• Restrict access to the computer so that only those people who agree to your protection rules can come near it.

Platform instability

What’s a platform? A platform is the system your database application is running on. It includes the operating system, the basic input/output subsystem (BIOS), the processor, the memory, and all the ancillary and peripheral devices that make up a functioning computer system.

Platform instability is a fancy way of saying that you cannot count on your platform to operate the way it is supposed to. Sometimes, this instability is due to an equipment failure or an impending equipment failure. At other times, instability is due to an incompatibility introduced when one or another element in the system is changed.

Because of the danger of platform instability, many database administrators (DBAs) are extremely reluctant to upgrade when a new release of the operating system or a larger, higher-capacity hard drive becomes available. The person who coined the phrase “If it ain’t broke, don’t fix it” must have been a database administrator. Any change in a happily functioning system is liable to cause platform instability, so DBAs resist such changes fiercely, allowing them grudgingly only when it becomes clear that important work cannot be performed without the upgrade.

So how do you protect against platform instability, aside from forbidding any changes in the platform? Here are a few things you can do to protect yourself:

• Install the upgrade when nothing important is running and nothing important is scheduled to be run for several days. (Yes, this means coming in on the weekend.)
• Change only one thing at a time, and deal with any issues that arise before making another change that could interact with the first change.
• Warn users before you make a configuration change so that they can protect themselves from any possible adverse consequences.
• If you can afford to do so, bring up the new environment on a parallel system, and switch over your production work only when it’s clear that the new system has stabilized.
• Make sure everything is backed up before making any configuration change.

Database design flaws

The design of robust, reliable, and high-performing databases is a topic that goes beyond SQL and is worthy of a book in its own right. I recommend my Database Development For Dummies (published by Wiley). Many problems that show up long after a database has been placed in service can be traced back to faulty design at the beginning. It’s important to get database design right from the start. Give the design phase of every development project the time and consideration it deserves.

Data-entry errors

It’s really hard to draw valid conclusions from information retrieved from a database if faulty data was entered in the database to begin with. Book 1, Chapter 5 describes how to enter data into a database with SQL’s INSERT statement, and how to modify the data in an existing database record with the UPDATE statement. If a person is entering a series of such statements, keyboarding errors are a real possibility. Even if you’re entering records through a form that does validation checks on what you enter, mistypes are still a concern. Entered data can be valid but nonetheless incorrect. Although 0 through 9 are all valid decimal digits, if a field is supposed to contain 7, 6 is just as wrong as Tuesday. The best defense against data-entry errors is to have someone other than the person who entered the data check it against the source document.

Operator error

People make mistakes. You can try to minimize the impact of such mistakes by making sure that only intelligent, highly trained, and well-meaning people can get their hands on the database, but even the most intelligent, highly trained, and well-meaning people make mistakes from time to time, and sometimes those mistakes destroy data or alter it in a way that makes it unusable.

Your best defense against such an eventuality is a robust and active backup policy, which I discuss in “Backing Up Your System,” later in this chapter.

Striping

A key concept of RAID architecture is striping — spreading data in chunks across multiple disks. One chunk is placed on the first disk, the next chunk is placed on the next disk, and so on. After a chunk is placed on the last disk in the array, the next chunk goes on the first disk, and the cycle starts over. In this way, the data is evenly spread across all the disks in the array, and no single disk contains anything meaningful. In a five-disk array, for example, each disk holds one fifth of the data. If the chunks are words in a text file, one disk holds every fifth word in the document. You need all of the disks to put the text back together again in readable form.

Figure 1-1 illustrates the idea of striping.

In Figure 1-1, chunks 1, 2, 3, and 4 constitute one stripe; chunks 5, 6, 7, and 8 constitute the next stripe, and so on. A stripe is made up of contiguous chunks on the logical drive, but physically, each chunk is on a different hard drive.

RAID levels

There are several levels of RAID, each with its own advantages and disadvantages. Depending on your requirements, you may decide to use one RAID level for some of your data and another RAID level for data that has different characteristics.

When deciding which RAID level is appropriate for a given database and its associated applications, performance, fault tolerance, and cost are the main considerations. Table 1-1 shows the comparison of these metrics in the most commonly used RAID levels.

In the following sections, I briefly discuss these RAID levels.

Preparation for the worst

On September 11, 2001, a terrorist attack destroyed the twin towers of the World Trade Center in lower Manhattan. Along with the lives of thousands of people, the financial hub of the American economy was snuffed out. Virtually all of America’s major financial institutions, including the New York Board of Trade (NYBOT), had their center of operations in the World Trade Center. The lives that were lost that day were gone for good. Within hours, however, the NYBOT was up and running again, hardly missing a beat. This was possible because the NYBOT had prepared for the worst. It had implemented the most effective (and most expensive) form of backup. It continuously sent its information offsite to a hot site in Queens. (A hot site, as compared to one at a lower “temperature,” is always powered up and on standby, ready to take over if the need arises.) The hot site was close enough so that employees who had evacuated the World Trade Center could get to it quickly and start the recovery effort, yet far enough away that it wasn’t affected by the disaster.

Many companies and government entities can justify the investment in the level of backup employed by the NYBOT. That investment was made because analysis showed that downtime would cost the NYBOT and its clients close to $4 million a day. For enterprises in which downtime isn’t so costly, a lesser investment in backup is justified, but if loss of your data or programs would cause you any pain at all, some level of backup is called for. This backup may be no more than copying your active work onto a thumb drive every night after work and taking it home with you. It could mean putting removable hard disks in a fireproof safe in another building. It could mean distributing copies of your data to remote sites over your corporate network.

In choosing a backup method, think carefully about what your threats are; what losses are possible; what the consequences of those losses are; and what investment in backup is justified in light of those threats, losses, and consequences.

Full or incremental backup

Perhaps only 1MB or 2MB of data that you’re actively working with would cause pain if you were to lose them. Alternatively, you may have a critical database in the terabyte (TB) range. In the first case, it won’t take much time for you to back up the entire database and remove the backup copy to a safe place. On the other hand, you probably don’t want to back up a 10TB database completely several times a day or even once a day.

The size of your database, the speed of your backup procedure, and the cost of your backup medium dictate whether you implement a full backup procedure or back up only the changes that have been made since the last backup. Backing up only the changes is called incremental backup. When a failure occurs, you can go back to your last full backup and then restore all the incremental backups that followed it one by one.

Frequency

A big question about backup is “How often should I do it?” I answer that question with another question: “How much pain are you willing to endure if you were to suddenly and unexpectedly lose your data?” If you don’t mind redoing a couple of hours of work, there’s no point in backing up more frequently than every couple of hours. Many organizations perform backups at night, after the workers have gone home for the day. These organizations run the risk of losing no more than a day’s work.

Think carefully about your total situation and what effect data loss could have on you; then choose an appropriate backup interval.

Be sure to adhere to your backup schedule without fail. Long intervals without a failure shouldn’t weaken your resolve to maintain your schedule. You’re defending against the unexpected.

Backup maintenance

When your latest backup is sent to offsite storage or your hot site, don’t recycle the backup media from the previous backup immediately. Sometimes, problems in the data aren’t noticed right away, and several backup generations can be made before anyone recognizes that the data is corrupted.

One good discipline, if you’re backing up on a daily basis, is to keep a whole week of daily backups, as well as a month’s worth of weekly backups and a year’s worth of monthly backups. That should cover most possibilities.

The important point is to maintain the number of backups you need for as long as you need them to ensure that you will be able to continue operating, with minimum downtime, regardless of what might happen.

Another thing you should do is restore a backup occasionally, just to see whether you recover all the data that you backed up. I once went into a company (which shall remain nameless) as a database consultant. The employees very proudly showed me their backup disks and the fireproof safe they kept those disks in. There was only one problem: The backup disks were all empty! The employee who dutifully did the backups every night didn’t have a full understanding of the backup procedure and was actually recording nothing. Luckily, I asked the employee to do a test restore, and the problem was discovered before the company had to do a restoration for real.

Viruses

A virus is a self-replicating piece of software that spreads by attaching itself to other programs or to documents. When a human launches the host program or performs some other action on it, the virus is activated. After it’s activated, the virus can propagate by copying itself to other programs. The virus’s payload can perform other actions, such as erasing disk files; crashing the computer; displaying mocking messages on the user’s screen; or commandeering system resources to perform a computation for, and send results back to, the attacker who originated the virus.

Initially, virus writers created and released viruses to show off their knowledge and skill to their peers. They would cause their viruses to display a message on a computer screen, along with their signatures. Nowadays, viruses have evolved in a much more destructive direction. Criminal enterprises, political groups, and even national governments release viruses that can steal critical data, resulting in millions of dollars in losses. Aside from data theft, considerable damage can be done by modifying or destroying data.

At any given time, hundreds of viruses of varying virulence are circulating on the Internet. If one happens to infect your computer, you may experience an annoyance or a disaster. Consider these options to protect yourself:

• Never connect your computer to the Internet. This technique is very effective. It’s a viable idea if none of the work you intend to do on that computer relies on the Internet’s resources, and the computer never exchanges files with any computers that are connected to the Internet.
• Install antivirus software on your computer, and keep it up to date by maintaining a subscription. New viruses are emerging all the time. To thwart them, you need the latest antivirus protection.
• Make sure users are aware of virus threats and know how to recognize suspicious emails. Awareness is an important defense against viruses. Caution users not to open email attachments from unknown sources and to be careful about visiting websites of unknown character. Set their browser settings at a high security level.
• Disable USB ports so that thumb drives cannot be connected. Some of the most serious security breaches have been caused by viruses or worms placed on a system with a thumb drive.

Even if you take all the preceding recommended actions, your computer still may become infected with a virus. Be on the lookout for any change in the way your computer operates. A sudden slowdown in performance could be a sign that a virus has taken over your system, which is now doing the bidding of some unknown attacker rather than doing what you want it to do.

Trojan horses

In an ancient legend recounting the war between the Greeks and the city of Troy, after a 10-year siege, the Greek commander, Odysseus, thought of a trick to beat the Trojans. He ordered a huge wooden horse to be built, knowing that the Trojans considered the horse to be the symbol of their city, and hid 30 soldiers inside it. Then he loaded the rest of his army onto ships and sailed away. The Trojans were jubilant, figuring the Greeks had finally given up. They pulled the horse within the walls of their city as a trophy of war. That night, the Greek soldiers climbed out of the horse and opened the city gates to the waiting Greek army, which had sailed back under cover of darkness. Troy was conquered and destroyed, never again to challenge the Greeks.

Today, malware creators can create a different kind of Trojan horse: a program that has some useful purpose but that has a secret payload. When the program is activated inside the target computer, it does what the malware writer wants rather than what the computer owner wants. It may steal data and send it out over the computer’s Internet connection, or it may have some other destructive effect. Making the useful purpose of the program seem desirable is a form of social engineering.

It always pays to bear Trojan horses in mind. If you do download a program from the web or even from a CD-ROM or DVD, make sure that you’re getting it from a reputable source.

I know that you would never be tempted to download pornographic images from the web, but you may know someone who could be so tempted. Be aware that a very high percentage of such material contains malicious Trojan horses that can do a lot of damage.

Worms

Worms are similar to viruses in some respects and different in others. The defining characteristic of a virus is that it spreads by attaching itself to other programs. The defining characteristic of a worm is that it spreads via networks. Both viruses and worms are self-replicating, but viruses typically need some action by a human to become active, whereas worms have no such limitation. They can enter an unsuspecting computer via a network connection at any time of day or night without any action by a human.

Worms can take over thousands of computers in a matter of hours, as an exponentially expanding wave of infection flows out from a single infected computer. An infected computer can send a copy of the worm to every address in the computer’s email address book, for example. Each of those computers, which are now infected too, sends the worm on to all the computers in their respective address books. It doesn’t take long for the infection to spread around the world. The worm clogs communication channels as bandwidth is consumed by thousands of copies of the worm, which are sent from one computer to another. Depending on the worm’s payload, infected computers may start performing a computation (such as password cracking) for the originator of the worm, or they may start erasing files or causing other damage.

You can do a few things to protect yourself from being infected or, failing that, from passing on the infection:

• Employ all patches from the vendors of your software as soon as possible. Worms generally take advantage of some weakness in your operating system or some other program on your computer. As soon as such a vulnerability becomes known, the software vendor responsible for that program will develop a modification of the program called a patch. The patch closes the window of vulnerability without degrading the performance of the software.
• Harden your system to prevent bad stuff from getting in. This precaution may involve closing ports that are normally open.
• Block arbitrary outbound connections. When you do so, if your computer does get infected, it won’t pass on the infection.

If everyone did these things, worms would fizzle out before they got very far.

Denial-of-service attacks

Worms need not actively perform computations or cause damage to the systems they infect. Instead, they can lie dormant, in stealth mode, waiting for a specific time and date or some other trigger to occur. At the appointed time, thousands of infected computers, now under the control of a malicious cracker, can simultaneously launch what is referred to as a denial-of-service attack on some target website. The thousands of incoming messages from the worms completely overwhelm the ability of the target site to handle the traffic, preventing legitimate messages from getting through and bringing the website down.

SQL injection attacks

SQL injection attacks, like denial-of-service attacks, are attacks carried out on websites. If your website takes input from site visitors, such as their names and contact information, you could be vulnerable to an SQL injection attack. The information that visitors enter goes into an SQL database on your server. Everything is fine as long as people enter the information that they are supposed to enter in the appropriate text boxes. Attackers, however, will attempt to take control of your database and all the information in it by entering things that are not appropriate for the text boxes in which they enter data.

Finding vulnerabilities on your site

SQL injection vulnerabilities are relatively easy to spot when you can examine the source code of an application. Look for cases in which the code places user input directly or indirectly in dynamic SQL statements. Often, however, you don’t have access to the source code of a web-based application that you’re testing for such vulnerabilities. In such cases, you must infer the presence of a vulnerability from the responses you get from inputs that you send to the application. This is exactly what an attacker does. To test for vulnerabilities, you would approach a site the same way that an attacker would.

TESTING BY INFERENCE

From the way that a database application responds to inputs, you can infer things about the details of that application. Based on these inferences, you can try additional inputs that may enable you to penetrate the system.

The first order of business is discovering which inputs the system considers to be legal. You can determine this by making reasonable entries, such as numbers in a numeric field and character strings in a text field. Assuming that you don’t hit the jackpot by making an actual valid entry, the system should return a generic error message. When you know the normal response to a legal but incorrect entry, you can probe further by making entries that are illegal and unexpected. If you receive an error message for one of these entries that’s different from the message you received for a legal but incorrect input, you’ve made progress. Often, you can infer what to do next, based on how one error message differs from another.

USING VULNERABILITY TESTING TOOLS

Some developers try to protect their sites from SQL injection attacks by using a drop-down menu to restrict data entry to legal values. Others place size limits on what can be entered in a data-entry field. These measures prevent a legitimate user from accidentally entering invalid data but don’t inconvenience an attacker. This client-side functionality can be bypassed easily, and you can send what you want to the database back end. Readily available tools can even assist you in this endeavor, such as add-ons to the Mozilla Firefox browser that expand its capabilities. Many tools are available to help you scan your site for vulnerabilities. Here are a few of these tools:

• Web Developer: Web Developer is a Firefox add-on that you can download from https://addons.mozilla.org/en-US/firefox/addon/60. This add-on has a lot of functionality that doesn’t relate directly to website security. You can display the contents of all the cookies that the site being tested has set, for example. You can display the contents of the associated cascading style sheet and even edit it. More helpful to both website testers and attackers, you can view the source code behind a form, display details on entry fields, display hidden fields, show passwords, convert GET to POST or POST to GET, and remove the maximum length restriction on a data-entry field. You can also change a drop-down list to a field in which you can enter what you want.
• Tamper Data: Tamper Data, another Firefox add-on, was so dangerous that it was withdrawn from the Firefox site. It is doubtless still available from less reputable sources. With it, you can view and modify headers and POST parameters on HTTP and HTTPS requests. It also gives you information about the server responding to your requests.

• SQL Inject Me: The SQL Inject Me Firefox add-on has also been withdrawn from the Firefox site. It actually makes injection attacks on the active page in your browser.

  Be careful when using this tool, because there are severe criminal penalties for computer crime, which your actions could be construed to be.

  If you have permission to test a site for vulnerabilities, however — preferably in writing — you can use SQL Inject Me to discover weaknesses in a site. When you use this add-on with Web Developer and Tamper Data, you can get a clear idea of a site’s weaknesses.

  SQL Inject Me hammers a website with a barrage of illegal inputs that have been known to compromise susceptible applications. Each such input constitutes a test. Out of several tens of thousands of tests, if even one fails, the application has a problem that could be exploited by a bad actor. It would be a good idea to address this issue now rather than after the proverbial horse has trotted out of the barn door.

• HP WebInspect: Whereas the Firefox add-ons described in this list are available for free download, you can buy commercial products to test your websites for vulnerabilities. HP WebInspect is one such product. It scans a website and provides more extensive information about vulnerabilities than SQL Inject Me does — and appears to find more of them, too. You can generate a variety of reports giving the results of a scan, explanations of the vulnerabilities, and suggestions for eliminating those vulnerabilities.

  Figure 1-2 shows the HP WebInspect screen after a scan has finished. The website shown is a sample site that deliberately displays a variety of vulnerabilities. Contact Hewlett-Packard at www.hp.com for prices for HP WebInspect.

• IBM Security AppScan: IBM provides a family of security products to accommodate the needs of organizations of different sizes. These products come with 12 months of support and consequently are pretty spendy. In addition to identifying SQL injection attacks, IBM Rational AppScan discovers and identifies problems such as cross-site scripting and even predictable login credentials — “weak” logins that are too easily predicted by hackers. Figure 1-3 shows the result of a scan of a test site deliberately salted with vulnerabilities.
• HP Scrawlr: HP Scrawlr is a free scan tool from Hewlett-Packard that does only a cursory scan of a website. It catches only a small fraction of the vulnerabilities revealed by its “big brother” product HP WebInspect or by IBM Rational AppScan. However, if it does detect a vulnerability in your site, you would be wise to address it immediately.

Much more can be said about SQL injection attacks than I have room to cover here. My objective with this brief overview is to alert you to the potential damage to your organization from a successful attack. As with other types of malware, you have defenses against SQL injection attacks. Make sure, however, that your site is created and maintained by experienced and security-conscious web database developers. Testing for vulnerabilities is a must for anything that will be exposed to the world on the web. A lot of people can build database applications that function well, but not nearly as many know how to protect those applications well. Many programmers have never even heard of SQL injection attacks. These attacks generally aren’t covered in computer science classes.

Phishing scams

Experienced fisherfolk will get a bite sooner or later, if they cast their lures into a lake enough times. Phishing is like fishing, but in this case, the victims are people rather than fish. Scammers send out emails to thousands or even millions of people, purporting to be from a legitimate bank or business such as eBay, saying that your account has shown unusual activity and you must update your information. These messages can look very legitimate. After you enter your financial information, the scammer has access to your bank or business account and can transfer your funds to his offshore account in a country that doesn’t monitor financial transactions. The next time you access your account, you receive an unpleasant surprise.

The best defense against a phishing attack is to never respond to an email with sensitive information. Even though the email sends you to a site that looks for all the world like the official website of your bank, it’s a fake, specifically designed to induce you to surrender your account information and, along with it, all the money in the account.

Zombie spambots

Zombie spambots are similar to the worms that engage in denial-of-service attacks, but instead of launching an attack on a single website, they spew unsolicited advertising messages to lists of email addresses that the spammers have acquired. Instead of being from a single, relatively easy-to-trace source, the spam is produced by thousands of computers that have been taken over by worms to mindlessly pump out spam to their address lists. If you happen to be one of the people whose computer has been taken over, you see an unexplained drop in performance, as a significant fraction of your computational capacity and Internet bandwidth is dedicated to sending spam to unlucky recipients around the world. Such distributed spam attacks are devilishly difficult to trace to their source.

Network-layer firewalls

Communication on the Internet consists of packets of data that conform to the TCP/IP protocol. A network-layer firewall is a packet filter, operating on a low level, that resides on a computer situated between the Internet and a local area network (LAN), in what is called the DMZ (demilitarized zone). The computer that’s running the firewall in the DMZ doesn’t contain any sensitive information. Its sole purpose is to protect the LAN. Rules set up by the network administrator (or default values) determine which packets are allowed to pass from the Internet to the LAN and which are rejected.

Application-layer firewalls

An application-layer firewall operates at a higher (more abstract) level than the network-layer firewall. It can inspect the contents of network traffic and block traffic that the firewall administrator deems to be inappropriate, such as traffic from known-malicious websites, recognized viruses, or attempts to exploit known vulnerabilities in software running on the LAN.

Antivirus software

Considering the hundreds of viruses and worms circulating in the wild, up-to-date antivirus software is a necessity for any computer directly or indirectly connected to the Internet. Even computers that aren’t connected to the Internet are susceptible to infection if they can receive software from CD-ROMs, DVDs, or flash (thumb) drives. Be sure to buy a subscription to one of the popular antivirus programs, such as McAfee or Norton, and then keep the subscription current with regular downloads of updates.

Vulnerabilities, exploits, and patches

Antivirus software can protect you from viruses, worms, and other malware that crackers have created to serve their own nefarious purposes. Such software, however, can’t protect you from malware that hasn’t yet been released into the wild and detected by the antivirus software vendors.

Existing software may have vulnerabilities that haven’t yet been exploited by malware developers. New software is almost certain to contain vulnerabilities just waiting to be exploited. When exploits for these vulnerabilities appear, all computers are at risk until the vulnerabilities have been patched.

Sometimes, exploits (called zero-day exploits) are released into the wild on the same day that the vulnerability becomes known. In such cases, the time between the release of the exploit and the release of the patch that shuts it down is a period during which there is no effective defense against the exploit.

When a patch does become available, install it immediately on all susceptible machines. An ongoing problem is the huge number of naive users who are unaware of either the danger (and the associated patch) or who don’t realize the importance of hardening their systems against attack. By remaining vulnerable, they endanger not only their own systems, but also others that could be attacked if their machine is compromised.

Education

One of the best defenses against malicious attacks on your systems is for all users to be educated about the threats and the countermeasures available to eliminate those threats. Regular training on security should be part of every organization’s defensive arsenal.

Alertness

If you ever sit down at your computer and see something that just strikes you as odd, beware. You could be seeing evidence that your computer has been compromised. Run some checks. If you don’t know what checks to run, ask someone who does know for help. The problem could be nothing, but then again, maybe a stranger is sucking value out of your system. It doesn’t hurt to be a little paranoid.