Private Information Protection Act
Renewed Private Information Protection Act took effect on 1st of January 2016 in Korea. Under this new law, personal information manager must encrypt their gathered social security number. Due date for encryption differs on the quantity of gathered security number; If less than 1 million, the due date is the end of 2016. More than 1 million, the due date is the end of 2017. If there’s a security breach after issued date, the person responsible for handling personal information will be fined or be prisoned.
How does your personal information leak?
You can seldom hear about security breach of personal information on the news. It often happens in companies or organization who are reluctant to secure clients private information. Especially in Korea, almost every social services require social security number. If one’s social number is compromised, the damage can be devastating. So the question is, how does one’s personal information leak? We can divide them into two category; by exploiting web server and fail to secure DB access control.
By exploiting web server
- Attacking the web server directly by hacking method such as SQL Injection & Web shell
- By breaking into web server using brute force attack
Fail to secure DB access control
- DB information leakage by both deliberately or accidently by inside man
- DB information leakage by hacking
How can we secure safe web environment?
Let’s look at web server security closely. It’s possible to say there are three major issues. Firstly, easy access. Service port(80, 8080, 443 etc.) have easier access points due to its purpose. It basically grants access to outer web, which makes it vulnerable to web attacks such as DoS. Secondly, lack of secure programming. Due to lack of knowledge for security, web application security can be easily breached. There are variety of web development environment these days which makes it almost impossible to procure any kind of security code. Lastly, increase of security risk due to integration. When platform merge with web environment, the risk of security breach becomes larger. Hackers will have deeper access while internal infra such as mail and DB merges with other applications.
How to secure DB access control?
To protect personal information begins with securing access control to DB server and prevent illegal leakage by reinforcing DLP system. Security market now includes not only prevention of hacking but regular audit of inner security system as well. Encryption of DB means to prevent personal without authority to gain access to DB information by switching cipher algorithm. It is also important to secure DB from personnel or process to read, write and execute file within DB server.
Source block for unknown attacks; Next generation web firewall AIWAF
Unlike most people’s understanding, IPS and firewall is not designed to secure web environment. Firewall is focused on protecting network infra, which has no control over web protocol such as HTTP or HTTPS. IPS had no defense mechanism for SSL communication and only detects on signature based method, which has to updated regularly. On the other hand, AIWAF is designed for one purpose; to secure web environment.
AIWAF(APPLICATION INSIGHT WEB APPLICATION FIREWALL) supports signature-based negative security policies and profile-based positive security policies in accordance with complete analysis of HTTP protocol and protects web services with various optional features against external hackings. Not only does AIWAF fulfill 8 category of web security by national intelligence service and Top 10 project of OWASP, it can defend against unknown threats with regular update function. On December of 2015, AIWAF V.4.0 was released including anti brute force attack to detect signature fraud. Learn more about AIWAF
Strong access control and access history at one glance; AIDFW
According to US communications company Verizon report ‘2014 Data Breach Investigation Report(DBIR)’, 97% of all data leakage accident is due to poor maintenance, 76% by vulnerable authentication management, 69% by outside man/organization and 67% by database and file server outflow. Also, 98% of all data outflow in major companies is due to exposed database server.
This means not every data outflow is due to outside hacking, but mismanagement of DB access. If the data is encrypted, you can stop this data outflow unless someone steals the encrypted data with key.
AIDFW(APPLICATION INSIGHT DB FIREWALL) is based on complete Query analysis authoring strong user authorization and access control. With profile based automated security policy, AIDFW detects and block abnormal DB access. Post audit function based on access history will secure your DB from dangers from external and internal security threats. AIDFW provides fail-over function for enhanced logging performance and large log processing module with uninterrupted web. In addition, sniffing gateway which has three times the performance of proxy way provides hybrid mode without requiring any additional tap equipment.
WEB-database log correlation and linkage analysis related to actual attacker’s IP through detection and prevention(Patent No.10-0937020) enables user tracking as well. Learn more about AIDFW