Merlon SQLXPress Delivers New Security Protection for NonStop SQL
John Furlong > Director, Software Development – Merlon > XYPRO Technology
Data is the lifeblood of mission-critical applications, and HPE NonStop customers rely on the powerful capabilities of NonStop SQL databases to store, analyze and manage that data. Therefore, NonStop customers need to ensure that NonStop SQL databases are well-organized, using efficient queries, and running at peak-performance.
To do that, NonStop database managers need powerful database management tools and often, highly-privileged access rights. However, providing database managers unrestricted privileged access poses serious risks. With privileged access comes increased threats from malicious insiders (one of the most difficult to detect and resolve security threats), catastrophic user error and compromised credentials.
Previously, NonStop customers didn’t have a choice between database management functionality and security controls. Now, with the release of Merlon SQLXPress 3.50, you can have the most functional graphical database management solution for NonStop SQL and strong security protections.
Secure NonStop SQL Database Management
Merlon SQLXPress 3.50, released in June, is the culmination of a multi-year project to make it the most secure database management solution available for NonStop SQL, period.
SQLXPress 3.50 includes a comprehensive set of security controls, including:
- Support for Multi-factor Authentication
- Access Control
- Session Encryption
- Code Integrity
- SQL Injection Protection
Support for Multi-factor Authentication
SQLXPress requires a user to logon using either a Guardian user name, or a Safeguard alias name, together with a valid password.
The SQLXPress client logon dialog supports PCI DSS 3.2 multi-factor authentication (MFA) requirements by prompting the user for a verification code, or passphrase. Using this in conjunction with XYGATE User Authentication (XUA), which is already present on your HPE NonStop server, means you’re now up-to-date with the very latest in PCI 3.2 MFA compliance requirements.
The SQLXPress Security Administrator can configure the level of audit data that is collected by the audit subsystem.
The audit subsystem records the actions of SQLXPress users in an audit trail and contains detailed information on each user action, including: date and time, user logon name, PC device identification, SQL statement text, SQL parameter values, outcome details, and much more.
Audit trail data is extracted to an SQL database for reporting purposes. A rich set of audit reports is available, from activity summary reports down to individual actions. Reports can be filtered by time of day, user, PC, and SQL object name.
Audit data is useful for security administrators. It allows them to monitor the use of SQLXPress, and be able to answer questions like:
- Who accessed or changed data?
- When was it changed?
- From which PC was it changed?
- Who tried to perform an unauthorized command?
Audit data is also useful for troubleshooting and problem determination. To facilitate the exchange of helpful diagnostic information to other departments, like operations, the Security Administrator can grant audit report access to other users on an individual, audited basis.
Every HPE NonStop server is delivered with XYGATE Merged Audit (XMA) software. Additionally, XYPRO has developed an audit plugin which integrates the collection of SQLXPress audit data directly into the XMA database. This enables sophisticated audit reporting and alerting capabilities for all NonStop SQL activity, along with the ability to deliver this audit data to your enterprise SIEM devices.
Figure 1: Example audit details for a user action
NonStop SQL supports access control “out of the box”. SQLXPress augments these standard access control features by providing a more granular level of control over the actions users are permitted to perform, and the SQL objects they are permitted to access from within SQLXPress.
Role-based Access Control
Like all XYGATE software, SQLXPress now supports a role-based access control model:
- Roles are granted permissions to perform activities
- Users are assigned to roles
- Users acquire the permissions that have been granted to their roles
- Roles may be restricted to an “environment” (an environment is a collection of specific SQL objects)
- When a user attempts to perform an activity, an authorization check is performed
A key advantage of the role-based approach is that once the access control rules have been initially set up, on-going maintenance involves simply adding or removing users from Role Groups.
Access control configuration is easily customized to suit the needs of the organization.
Separation of Duties
SQLXPress supports the principle that the Security Administrator is responsible for the configuration and management of the SQLXPress security subsystem, including audit and access control.
There is a special Security Manager Windows client program for use only by the Security Administrator. The typical SQLXPress user is not granted access to most functions in the Security Manager client and the Security Administrator is not allowed to use the other SQLXPress client programs.
To really appreciate SQLXPress access control let’s take a look at some use cases:
Use Case 1: Command Lockdown
NonStop SQL permits the owner of an SQL object, like a table, or a view, to perform any DDL or utility operation on the object. SQLXPress access control refines this so that restrictions can be applied to individual operations.
Many commands, like Update Statistics, or Split Partition, are performed as part of the routine duties of a DBA. The DBA should have permission to perform them on an ongoing basis.
However, there are some operations like Purge Data, Drop Table, or Disable Trigger, that are not required for the normal operation of the database, and can have disastrous consequences if performed inadvertently.
SQLXPress access control allows these potentially dangerous commands to be “locked down” during normal use. When the DBA needs to perform a locked down command, the Security Administrator temporarily grants permission for the command. When the command has been completed, the security administrator revokes the permission.
Use Case 2: Data Access Restrictions
NonStop SQL permits the owner of a table to view and change the data stored in the table. SQLXPress access control can be used to limit the owner’s access to data while still permitting the owner to manage the table.
SQLXPress security controls means the owner can be prevented from changing data and can even be prevented from viewing data at all.
Use Case 3: Database Visibility Restrictions
SQL metadata is a rich source of information about the databases on the system. It includes details on table names, column names, security settings, data validation rules, and much more. Most organizations will want to limit access to SQL metadata to authorized users only.
However, with NonStop SQL/MX, SQL metadata is secured for public read access. This means that any SQL/MX user can view information about all the databases on the system. In SQL/MP, metadata is secured per catalog.
To enable database visibility restrictions, the SQLXPress access control feature allows the Security Administrator to define one or more “environments” on a system.
An environment provides a restricted view of the SQL objects on a system. Only objects that have been registered in an environment are made visible to the user.
The Security Administrator can restrict the SQL objects that are made visible to a user by assigning him a role for an environment. The user must open an environment in order to use SQLXPress, and can only work with the SQL objects that are registered in that environment.
Furthermore, a user can be granted roles for more than one environment, and even granted a different role in each of those environments. For example, user DEV.JOHN can be granted the role Senior DBA in the DEV_ATM environment, and the role Guest in the QA_ATM environment.
SQLXPress supports the use of Transport Layer Security (TLS)–also frequently referred to as SSL (Secure Sockets Layer)–to protect the data exchanged between the SQLXPress client and server components. The use of TLS provides both privacy and data integrity.
The data exchanged between the SQLXPress client and server remains private because it is encrypted using symmetric cryptography where the encryption keys are generated uniquely for each session.
The identity of the server can be authenticated using public key cryptography and data integrity is ensured because each message is protected by a message authentication code.
TLS support is available either by linking to an external DLL, or by using a proxy process.
SQLXPress is available for download over the Internet and the setup programs are digitally signed. This digital signature confirms that Merlon is the publisher of the setup program, and that it has not been tampered with since it was published.
In addition, the various SQLXPress client programs are also digitally signed so that the code cannot be tampered with after it has been installed.
SQL Injection Protection
SQL Injection is a type of cyber attack in which malicious SQL statements are injected into the entry fields of data-driven applications.
To protect against SQL Injection attacks, SQLXPress uses SQL statement templates for most of its client-generated SQL code. These templates are stored as resources in the Windows client .exe files. Since the .exe files are digitally signed, the templates are protected from tampering.
Data values entered by the user are validated, not used “as-is” to construct SQL statements. In addition, SQLXPress uses parameterized SQL statements so that user-entered data does not form part of the SQL statement text.
Additionally, SQL statements entered directly by the user are parsed in the client code and access control restrictions are applied to the SQL statement, and the objects it references.
With the most comprehensive set of features and full support of both NonStop SQL/MX and SQL/MP, Merlon SQLXPress is the leading solution for managing NonStop SQL databases. SQLXPress users describe it as “indispensable” for database administrators, software developers, technical support personnel and any other users who work with NonStop SQL databases.
However, HPE NonStop SQL databases typically store highly sensitive and private information, and, in an increasingly security-conscious world, customers also expect their database engines and database management tools to provide comprehensive security–and Merlon SQLXPress delivers.
As of March 2017, Merlon became a wholly-owned division of XYPRO, the leading provider of security solutions for the HPE NonStop platform. So it is no surprise that not only is SQLXPress the most complete database management solution for NonStop SQL, it is also the most secure.
Director, Software Development – Merlon
John Furlong is the development team leader for SQLXPress, and is responsible for the design of the Visual Query Tuner. John has over thirty years’ experience working on the HPE NonStop platform. To get in contact with the author, please email: email@example.com.