KEMBAR78
Database Security | PDF | Security | Computer Security
Scribd
Upload
14 views5 pages

Database Security

Uploaded by

pradeep gawas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views5 pages

Database Security

Uploaded by

pradeep gawas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Database Security

Database security refers to the process of protecting and safeguarding the


database from unauthorized access or cyber-attacks. There are different
types of database security such as encryption, authentication, backup,
application security, and physical security which should implement in your
business.

Types of Database Security


The main purpose of database security is to keep secure sensitive information of
a database and maintain the database confidentiality, integrity, and availability.
The types of database security are key techniques which are used to provide the
database security.
Database security is important to protect from cyber-attacks which can lead to
financial loss, damage of brand reputation, business continuity and customer
confidence. The main security types of database are as follows:

1. Authentication
Database authentication is the types of database security that verify the user’s
login credentials which stores in database. If user’s login credentials match in
database then user can access the database. That means the user has
authentication to login into your database.
If an authentic user has some privilege to access the data then he can’t access
the other data which are out of privilege. No unauthorized or malicious user
can’t login into your database. So, database authentication plays an important
role for ensure database security.

2. Database Encryption
Encryption is one of the most effective types of database security which
protect your database from unauthorized access during storing and transmission
over the internet.
There are different types of encryption algorithm such as AES, MD5, and
SHA1 which are used to encrypt and decrypt the all types of sensitive data.
Typically, an encryption algorithm transforms the plain text data into ciphertext
of unreadable formats within a database. So, if hackers get access your
database then they can’t use your data until the data is decrypt.
It is highly recommended to you that encrypt your sensitive data while storing
into database because it provides security and protect from cyber-attacks.

3. Backup Database
Backup is another type of database security which used to restore data in case
of data loss, data corruption, hacking, or natural disasters. It copying or
archiving the database in real time on a secondary storage.
If you configured the primary and secondary server at same place and if the
primary server is destroyed then there has a chance to destroy the secondary
server. So, you can’t run your application and your system will shut down until
you recover.

4. Physical Security
Physical database security is the protection of database server room in order to
protect from unauthorized access. Database server should be located in secured
and climate-controlled environment in a building.

5. Application security
You have to secure your application and database in order to protect from web
attacks such as SQL injection. SQL injection is the most common web attacks
where hacker control application’s database to hack sensitive information or
destroy the database.
In this technique, the attacker adds the malicious code in SQL query, via web
page input. It is occurring when an application fails to properly sanitize the SQL
statements. So, attacker can add their own malicious SQL statements to access
your database for malicious purposes.

6. Access Control
To ensure of database security you have to restrict the access of database by
unauthorized users. Only authorized user can get access the database and no
unauthorized can’t access the database. Create user accounts by DBA who will
access the database and set a role and limit what they can access in your
database.

7. Web Application Firewall


A web application firewall or WAF is an application based cyber security tool
which is the database security best practice. WAF has designed to protect
applications by filtering, monitoring and blocking HTTP malicious traffic.
This database security measure controls who can access the application and
prevent intruders from accessing the application via the internet. To secure your
application from malicious users you should use a web application firewall which
will protect your application, database.

8. Use Strong Password


This is simple but very important tips for ensure database security. As a DBA or
IT officer you should use strong password for database login and never share
your password with others.
If you use easy password such as your mobile no, employee id, date of birth
which is known to hackers and they will try to login using these passwords. As a
result, you will lose your database control.
So, create a strong password for database login using combination of letters,
numbers, special characters (minimum 10 characters in total) and change the
password regularly.
For example: T#$jk67@89m* can be a strong password for your database
login.
Common Threats and Challenges
Numerous software configurations that are not correct, weaknesses, or
patterns of carelessness or abuse can lead to a breach of security. Here are
some of the most prevalent kinds of reasons for security attacks and the
reasons.

Insider Dangers
An insider threat can be an attack on security from any three sources having
an access privilege to the database.
o A malicious insider who wants to cause harm
o An insider who is negligent and makes mistakes that expose the database to
attack. vulnerable to attacks
o An infiltrator is an outsider who acquires credentials by using a method like
phishing or accessing the database of credential information in the database
itself.
Insider dangers are among the most frequent sources of security breaches to
databases. They often occur as a consequence of the inability of employees
to have access to privileged user credentials.

Human Error
The unintentional mistakes, weak passwords or sharing passwords, and other
negligent or uninformed behaviours of users remain the root causes of
almost half (49 percent) of all data security breaches.

Database Software Vulnerabilities can be Exploited


Hackers earn their money by identifying and exploiting vulnerabilities in
software such as databases management software. The major database
software companies and open-source databases management platforms
release regular security patches to fix these weaknesses. However, failing to
implement the patches on time could increase the risk of being hacked.

SQL/NoSQL Injection Attacks


A specific threat to databases is the infusing of untrue SQL as well as other
non-SQL string attacks in queries for databases delivered by web-based apps
and HTTP headers. Companies that do not follow the safe coding practices
for web applications and conduct regular vulnerability tests are susceptible
to attacks using these.

Buffer Overflow is a way to Exploit Buffers


Buffer overflow happens when a program seeks to copy more data into the
memory block with a certain length than it can accommodate. The attackers
may make use of the extra data, which is stored in adjacent memory
addresses, to establish a basis for they can begin attacks.

DDoS (DoS/DDoS) Attacks


In a denial-of-service (DoS) attack in which the attacker overwhelms the
targeted server -- in this case, the database server with such a large volume
of requests that the server is unable to meet no longer legitimate requests
made by actual users. In most cases, the server is unstable or even fails to
function.

You might also like