Running Head: DATABASE SECURITY REQUEST FOR PROPOSAL (RFP)

Project 5: Database Security Request for Proposal (RFP)

Francis Quarshie

University of Maryland Global Campus

CST 620: Prevention of Cyber Attack Methodologies

Professor: Loye Ray

29/03/2021
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 2

OVERVIEW

Crest Military hospital (CMH) located in Virginia is recognized throughout the health

industry to be prodigious in healthcare administration. The hospital facility provides premium

healthcare services to the Military, Federal agencies, corporate agencies and the general public.

Crest Military hospital have consultants in every medical and clinical field with its core values

being reliability, integrity, trustworthiness, benevolence and Legal/ethical compliance. Crest

Military hospital is segregated into an organizational structure with each structure playing a

significant role in operation of the healthcare facility. The organizational structures are namely,

The board of directors, administration, information services, therapeutic services, diagnostic

service and the supporting services. The board of directors and the administration consist of the

Chief executive officer (CEO), Vice President, Executive Assistant and heads of departments.

The board of directors and the administration superintend the budgeting and financing of the

healthcare facility, the formation of facility policies and procedures and public relation. The

information services are in charge of all the facility admissions, taking patient information,

billing, keeping of medical records, information systems, human resources. The information

services are responsible for the documentation and the processing information of the patient that

visits the healthcare facility. The therapeutic services offer respiratory therapy, medical

psychology, physical therapy, nursing and dispensary. The therapeutic services provide treatment

for patient that visit Crest Military hospital. Diagnostic services consisting of the medical

laboratory and medical imaging establish the cause of sickness. Support services consisting of

central supply, housekeeping and preservation correspondingly deliver support for the whole

facility.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 3

Data is the lifeline of every organization therefore it is only prudent to ensure the safety

of data and prevent it from ending up in wrong hands. The information department of Crest

military hospital is in custody of client information’s such as Names, date of birth, social security

numbers, photographs, addresses, telephone numbers, contact information, treatment date,

medical record numbers, admission dates, discharge dates and signatures. These information are

regarded as sensitive therefor the loss of any of the above can be devastating to the healthcare

facility, hence the need to ensure the confidentiality, integrity and security of these information.

Task Context Requirement

Crest military hospital requests an effectual, user-friendly and reliable database

management system to enhance its efficient healthcare delivery. The database management

system is required for handling information based on the large number of crest military hospitals

large number of patients, doctors and staff. As a result of this data processing becomes

imperative. Delicate patient health information will be stored on the database system mandatory

to conform with the Health Insurance Portability and Accountability Act (HIPPA). The Health

Insurance Portability Accountability Act (HIPPA) is a federal law that required the national

standard to protect sensitive patient health information from being disclosed deprived of the

patient’s consensus or knowledge. Information’s such as prescriptions for patients, last visit,

evaluation and diagnosis of patients should be accessible. The health facility administration must

be able to access the statistics about the health facility such as the number of patients and the

number of staff. Patient can book appointment online and at the same time access their lab

reports or result online.

DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 4

Database security concepts, database security involves a collection of security controls

intended to safeguard the database management system. Protecting data against unlawful,

unintentional and unauthorized access is paramount to this database. Database security concepts

comprises of authentication, backups, encryption and access control. Authentication is the

process by which identifications are offered and proved to permit access.

Database Security Standards

The RFP necessitates a regulation to develop a prerequisite for the database and security,

there is the need to match international standards. The purpose of this is to guarantee the

reliability and efficiency of the database. The RFP will implement the Common Criteria (CC)

international standard developed by the United States, Canada, France, Germany, the

Netherlands and the United Kingdom. The common criteria for Information Technology Security

Evaluation are a framework or set of principles to analyze the security of a computer systems,

(US-CERT, 2013). Common Criteria security evaluation is obligatory and must be complied with

Common Criteria benchmarks to guarantee the credentials are acknowledged globally. CC will

be used to assess the safety and fresh relation database management system (RDBMS), this

analysis will establish the potency of the of the RDBMS as to it withstanding confidentiality,

integrity and accessibility of protected health information regulatory by the HIPPA. Evaluation

assurance levels (EALs) are the levels of functional and assurance requirement defined under the

Common Criteria, the seven EALs are EAL1 functionally tested, EAL2 structurally tested, EAL3

Methodically tested and checked, EAL4 methodically designed, tested and reviewed, EAL5 semi

formally designed and tested, EAL6 semi formally verified designed and tested, EAL7 formally

verified designed and tested. The higher level EALs are stronger and more used for high risk and

high value assets, (Mead, 2013).

DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 5

Business continuity plan plays a significant role in an RFP, a business continuity is a

proactive plan to avoid and mitigate hazards linked with a disruption of operation. It details steps

to be taken afore, during and after an event to sustain the financially viable of the institution.

When business is interrupted it can cost money, loss of revenue, plus extra expenses meaning

there is going to be loss of profit. Planning precarious functions and infrastructure with several

disaster possibilities in mind can increase resilience.

Defense Models

Defense models that apply to the database management systems are defense-in-depth,

compartmentalization, accountability and least privilege. Defense-in-depth security strategy is a

process in which series of security mechanisms and controls are thoughtfully layered throughout

a computer network to protect the confidentiality, integrity and availability of the network and

the data within. Some of these defense-in-depth principles are strong passwords which are

critical multifactor authentication for any account of value using a phrase with multiple sub-

networks developed around business needs. Firewalls which also control the network traffic

through access or deny rules such as black or whitelisting IP addresses, MAC addresses and

ports. Intrusion prevention or detection systems (IPS/IDS) detects malicious network traffic by

sending an alert. Compartmentalization limits the access to information to persons or other

entities on a need-to-know basis to perform or ruin certain tasks. The basis of this defense model

is that fewer people know the details of a mission or task and the likelihood or risk that

information will be compromised or fall into the hands of the opposition is decreased.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 6

Accountability ensures that all actions conducted by the user account cannot be disputed

as to which account executed those actions. Every user activity is monitored. Least privilege

provides additional controls within a specific document. It only provides the user minimum

levels of access or permissions needed to perform his or her job functions. These models are not

limited to human access but can be extended to applications, systems or connected devices that

require permissions to perform a required task.

Enclave computing segments the internal network to make one of those sections secure

(Northcutt, 2016). The purpose is to limit internal access to a portion of the network. The use of

internal firewalls and VPNs will add security to the data between departments in the Crest

Military Hospital and help identify where an attack happens while the VPNs will be used to

enforce standing policies. The internal firewalls will be placed between departments in the Crest

Military Hospital to monitor and control incoming and outgoing network traffic based on

predetermined rules. This would help add security to the data and identify areas of attack. In

addition, Virtual Private Networks (VPNs) will be used to administer privacy, anonymity and

security to users by allowing only authorized hosts to connect to other hosts. Since the database

would store a significant amount of personally identifiable information and protected health

information enclave computing would be a prerequisite incorporated during the application’s

execution.

The main database environment has to do with the hardware, network, applications and

electronic media used to update the database. The security of the database would be ensured

through the security mechanisms mentioned above. Data security policy within the IT

department would be changed and updated on a needed basis from time to time. These policies

would be enforced by the software which then interacts with the end user. The IT department in
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 7

the hospital is where the database exists, and the IT technicians are the main ones responsible for

updating and maintaining the database. All employees are required to double authenticate and

create strong passwords that expire every 30 days and also go through data security training and

Health Insurance Portability and Accountability Act of 1996 (HIPAA) training during their first

week of employment.

System Structure Requirements Statements

The entire database system should ensure all patients data are confidential at all times.

Information from patients, doctors, nurses, medical staff and pharmacist must be often updated.

The flexibility of the database would allow patients and other users view, modify and update the

database. All the updates will run on a secure network with all data being encrypted. Through the

integrating access across multiple various systems, communication and information flow will be

enhanced. The architecture of the system needs to fall in with current OS and other systems used

in the Crest Military Hospital. Integrating the system will also save time and money and allow

systems communicating, identify schedules, inventories, staff functions and resume availability

(Arredondo, 2014). System integration requires scalability and flexibility, so it puts less strain on

the system in order to ensure top performance and a high level of reliability, also, certified cloud

and on-premises integrations, real time data availability and monitoring, common authentication

across all platforms and the mastering user access index which will prevent having several files

for the same patient or user.

All users would undergo training on data theft, data extrusion, data exportation, data

leakage, social engineering, phishing techniques used by hackers because data can be stolen by
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 8

malicious hackers or even by employees. Also, all removable devices used by employees must be

approved by the IT department. Additionally, social engineering or phishing attacks are data

exfiltration tactics used to manipulate and trick someone into opening a malicious script which

can then infect the entire hospitals network. E-mails that contain malware scripts will be

designed to look like it had been sent from a high-ranking hospital executive which can impact a

number of users. To curb this, the database needs to be able to reject any software downloads or

uploads not approved by the IT department.

Operating System Security Components

Operating systems (OSs) are prone to several threats including viruses, malware,

spoofing and denial of service. The three main aspects of OS security are confidentiality or

prevention of theft, integrity or prevention of damage and availability, or prevention of service

denial (Heiser, 2008) Hardware components and software referenced in the proposed system

shall be employed throughout the product presentation. These resources shall provide for the

security of all data in the Crest Military Hospital’s database systems through encryption and shall

only be accessed by authorized personnel. This concept, the trusting computing refers to

technologies and proposals for resolving computer security problems through hardware

manufacturers and software vendors while trusted computing base (TSB) refers to all computer

system’s hardware, firmware and software components that combine to provide the system with

a secure environment.

Technologies and proposals shall be provided to resolve computer security problems

through hardware enhancements and associated software modifications (Rouse, 2007). This shall
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 9

include the following: memory curtaining which would prevent programs from inappropriately

reading from or writing to each other’s memory. Securing inputs/output (I/O) that is addresses

threats from spyware such as keyloggers and programs that capture the contents of a display.

Sealed storage which allows computers to secure store encryption keys and other critical data

and remote attestation that detects unauthorized to software by generating encrypted certificates

for all applications on a PC. In order to be effective, these measures must be supported by

advances and refinements in the software and operating systems (OSs) that the PCs use.

Concerning operating system security, there are some requirements for vendors. These

protections rings protect data and functionality from faults and malicious behavior through these

series of concentric rings, with the innermost ring, 0, being the kernel. Ring 1 is the other OS

components which maintain programs that work with the ports of the computer I/O, ring 2

contains drivers and protocols while ring 3 consists of user-level programs and applications

(Stewart, et al., 2015, p. 320.). We require that database management software to include drivers

and protocols which should not be allowed to access the kernel or other OS components directly

without going through the reference monitor. Not meeting this requirement could create an

insecure environment. In order to provide the level of security necessary, a trusted platform

module (TPM) would be incorporated. A trusted platform module is a crypto processor chip used

to provide hardware based cryptographic keys for hard drive encryption. Not only is this

regarded as more secure, but because of the hardware backed keys, if the hardware is encrypted,

the only way to decrypt it is to be connected to the same system with the same TPM (Stewart, et

al., 2015, p. 303-304). Therefore, our vendors are required to use protected and trusted

computing base, which includes implementing trusted platform modules, with whole-disk

encryption where the user would be required to input a password or USB token to authenticate.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 10

Multiple Independent Level of Security (MILS)

Multiple Independent Levels of Security is the high assurance security architecture

implemented for a database based on concepts of separation and controlled information flow.

These concepts are implemented by separation mechanisms which supports both untrusted and

trustworthy components ensuring a total security solution which is tamperproof. The three cyber

security models being considered are the Biba Integrity Model, Bell-LaPadula Model and the

Chinese Wall Model. Elaboration on each of these models are as follows; Bell-LaPadula Model

focuses on data confidentiality and controlled access to classified information. The fundamental

modes of access are read only, write only or read and write and this is a simple security model.

The users in one level are not allowed access to information above their permission level.

Additionally, this method of management assumes that all data assigned with a classification and

will never change. This security model is the chosen system of the Crest Military Hospital

because the database has high classification markings and is built on the concept of a state

machine with a set of allowable states in the computer system. This database being developed

must meet the requirement such as the presence of safety features, kernel separation and

middleware services. Based on the presence of safety features, there should not be application

errors which might result in data breach and also the application should allow for concurrent

usage of the application. The kernel separation isolates data to make sure a partition cannot

access resources in other partitions, also periods processing to make sure there is time

partitioning in the database system to be developed. The middleware services MILS requirement

states that there must be a well-set message routing router to ensure data security.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 11

Biba Integrity Model is a set of access control rules designed to ensure data integrity

through the system. It also ensures that there are no unauthorized users making modifications to

data or programs. It uses subjects and objects with a “no write up” and “no read down” policy

which ensures the maintenance of internal and external consistency of data and programs. A

scenario in this case is the hospitals’ the board of directors passing along directions (data) to the

clinical services, practice director and financial department and then to the manager down to the

nurses, medical assistants, front desk receptionists and care coordinators since that would

preserve the integrity of the board of directors’ orders/data and the hierarchy of levels. The

developer must ensure that the system meets the Biba model objectives.

Chinese Wall Model also known as the Brewer and Nash security model concentrates on

confidentiality and implements dynamically changing access approvals. For this system to be

developed, it must meet and achieve these model objectives at every level; at the lowest level

information should be stored as objects and also at the intermediate level group of related

business by data set. Finally at the lowest level group business by conflict-of-interest class. In

each of the level there must be accessibility set and conflict resolutions for the write and read

access. (Brewer and Nash, 2013).

Insecure Handling of Data

The system being developed must not allow the quality, confidentiality and integrity of

the data to be harmed or even cause complete destruction. Protecting data is only getting tougher

as attackers have become more sophisticated with their attacks; with some of them being hard to

distinguish from a normal users’ request. The security software being installed should have the

function of identifying the host against predetermined characteristics while the network access
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 12

control software should be able to determine if the host has the latest OS patch and employs

antivirus security software with the latest updates. In an increasingly insecure world of data

protection, unvalidated hosts should be redirected to a Virtual Local Access Network.

Access control, there are hundreds of employees working here at the Crest Military

Hospital and there’s a need to put technical safeguards that require access control to allow only

the authorized to access electronically protected health data. These controls include unique user

IDs, access card readers, emergency access procedure, automatic log off, auditing and reports to

track employee access to restricted business locations, proprietary areas, encryption and

decryption. This system minimizes risk by limiting the amount of information an employee has

to access and it is controlled by the system administrator in the IT department. The motive for

these precautions put in place is to reduce the threat of hackers, unauthorized person or persons

gaining access to administrative, client and patients records to cause harm which can be

damaging to our patents and the reputation of our hospital. The mandatory access control (MAC)

model is the chosen model by the hospital, as it grants users access based on an information

clearance, this policy accesses rights based on regulations from a central authority.

Authentication, all workers here at Crest Military Hospital are issued common access

cards (CACs) for identification and access purposes. These CACs are smart cards that verify a

cardholder’s identity prior to allowing access to protected resources. These CACs carry

employee’s information such as their names, social security number, employee ID, digital

certificates, biometric data, digital signature and encryption certificates. To gain access the card

must be inserted into the workstation and the employees must type in a password. All that is

needed in the database system is for it to be able to support CAC and Active Identity devices.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 13

Direct object access, all files in the system are encrypted and cannot be accessed directly. All the

information or data on the database are labelled according to its corresponding security level.

The system is designed with high security to log access each time a direct object reference is

made from an untrusted source. Hackers can easily predict file names and their locations once

they have a sample and so all URLs generated must be masked by the Globally Unique Identifier

in order for their credentials to remain unrevealed.

Test Plan and Remediation Results

Workflow applications must be well equipped to curb errors and information leakage

correctly. If there is an exposure of sensitive information, it could lead to the network being

attacked. Cyber attackers take advantage of error messages as they as they use it to leak private-

related information. The web application error handling is not often strong enough to survive a

penetration test. An attacker can be able to exploit and access unauthorized functionality or

worse create, modify or destroy data that has failed in an unknown state. Insecure data handling

can lead to separation of data quality and data integrity which leads to data loss. The main threat

to data confidentiality of the website is insecure indexing. The indexing website exposes files

which are not to be accessible by the public and also leaks information about the existence of

such files and their content. In this process the leaked information is being stored and can be

retrieved by a determined attacker. The attacker does not thwart the search engine, and this

makes it difficult to distinguish the attackers’ queries from a legitimate user.

Cross-site scripting (XSS) is a client-side code injection attack on trusted websites. The

attacker executes malicious scripts in the web browser of the victim by including malicious code

in a web page or web application. For example, a victim using a web application (e.g., e-mail or
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 14

an e-commerce site) is logged in and if a malicious code is present while he/she is logged in, that

code sends the session information to the attacker’s email account. This helps the attacker tap

into the user’s session and also log in while the victim still uses the application. So basically, the

web page or web application becomes a vehicle to deliver malicious scripts to the user’s browser.

To keep yourself safe from XSS, you must sanitize your input. Your application code should

never output data received as input directly to the browser without checking it for malicious

code. Everyone involved in building the web application must be aware of the risks associated

with XSS vulnerabilities. All other user input should not be trusted and input from authenticated

internal users should be treated the same way public input are treated. Also, an appropriate

encoding technique must be used along with sanitizing HTML because this would allow the user

input to escape or encode it because it would break valid tags. In addition, to mitigate the

consequences of a possible XSS vulnerability, a content security policy (CSP) must be used

because it lets you declare the dynamic resources that are allowed to load depending on the

request source.

There are also SQL injection attacks which allows an attacker to interfere with the queries that

an application makes to its database. It generally allows an attacker to view data that they are

normally able to retrieve, and this might include data belonging to other users or any other data

the application is able to access. Also, in many cases, the attacker can delete or modify this data,

causing persistent damage to the applications content or behavior. A successful attack can result

in unauthorized access to sensitive data, such as passwords, credit card details or personal user

information. Many high-profile data breaches have been a result of SQL injection attacks leading

to reputational damage and regulatory fines. To help prevent these attacks; avoid placing user

provided input directly into SQL statements, also encrypt private or confidential data being
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 15

stored in the database. Data permissions and privileges must be limited alongside avoiding the

display of database errors directly to the user.

Insecure configuration management deals with when a configuration is just plain wrong,

either from the start or after changes has been made that compromise the security of the

application or system. This makes guessing passwords, bypassing login pages and finding well-

known setup vulnerabilities a breeze. This faulty configuration can then end up getting used

everywhere in the company and thus these are some ways of preventing insecure configuration;

by limiting access to administrator interfaces; by disabling the use of default accounts and

passwords; by regularly patching and updating software to help protect public applications and

systems from malware and last but not the least using automation to your advantage through

regularly running scans and performing audits to find things like missing patches,

misconfigurations, use of default accounts and unnecessary services.

Basically, authentication is an approved list of users and a list of what they are allowed to

have access to. Many people gain access to systems via a password or token ID. Authentication

and session management involves verifying a user credentials and managing their active

sessions. Broken authentication and session management is an umbrella for several

vulnerabilities that attackers exploit to impersonate legitimate users online. Attackers use either

avenue to masquerade as a user, hijacked session IDs or stolen login credentials. For instance, it

takes just one stolen permission to infiltrate and damage your company’s viability (OWASP,

2017). These broken authentication attacks are also highly preventable through these

precautionary measures; the control of session length by tailoring the session length to the type

of user and the application being used. Rotate and invalidated session IDs allows users to be
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 16

issued with a new session ID after login. Password policies like multi-factor authentication

(MFA) and a non-permit of weak passwords must be tightened.

Conclusion

The proposal demonstrated a new medical healthcare database management system. The

upgrade and installation of a new hardware and software would help keep the system up to date

with defense requirements and security measures that can detect intrusion and possible attacks.

Through agreement the operating system and database software are expected to be supplied

through encrypted methods only and will only be accessible by authorized employees and staff.

The test plan and remediation results show that this is a necessity or else insecure data handling

can lead to loss of data, loss of data integrity and can lead to complete loss. For these reasons, a

new database system must be implemented immediately.

DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 17

Reference

Arredondo, R. (2014, June 20). Making the Case for Healthcare Enterprise Integration-Sierra-

Cedar. Retrieved March 29, 2021, from https://www.sierra-

cedar.com/2014/04/04/making-the-case-for-healthcare-enterprise-integration.

Biba, K. (1975). Integrity consideration for secure computing systems. MTR-3153. Retrieved

August 4, 2016, from http://seclab.cs.ucdavis.edu/projects/history/papers/biba75.pdf

Brewer, D. F. & Nash, M. J. (2013). The Chinese wall security policy. Gamma Secure Systems

Limited. Retrieved from http://www.gammassal.co.uk/research/chinesewall.php

Cross site scripting. (n.d.). Retrieved from acutenix.com

Mead, N. (2013). US-Cert. The Common Criteria. Retrieved March 29, 2021, from

https://www.us-cert.gov/bsi/articles/best-practices-engineering/the-common-criteria

Northcutt, S. (2016). Security Laboratory. Retrieved March 29, 2021, from

https://digitalguardian.com/blog/what-data-exfiltration

OWASP. (2017). Error handling. Retrieved from

https://www.owasp.org/index.php/Error_Handling

United States Computer Emergency Readiness Team (US-CERT). (2013). The Common criteria.

The United States Computer Emergency Readiness Team. Retrieved from

https://www.us-cert.gov/bsi/articles/best-practices/requirement-engineering/the-common-

criteria
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 18