KEMBAR78
Database security in database management.pptx
Uploaded byFarhanaMariyam1
PPTX, PDF167 views

Database security in database management.pptx

This document discusses database security. It defines database security as protecting the confidentiality, integrity, and availability of a database. It explains why database security is important to prevent compromised intellectual property, damage to brand reputation, and lack of business continuity from data breaches. The concepts of database security include secrecy/confidentiality, integrity, and availability. Threats include insider threats, human error, SQL/NoSQL injection attacks. Security controls include authorization, encryption, authentication, logical controls like firewalls. The document also discusses database security requirements, abstraction, privileges, and advantages of data encryption.

Download to read offline
Database security By – Harsh Kumar 210BBA009
What is Database Security? Database: It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats. Def. Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected.
Why need of Database Security? • Compromised intellectual property: Your intellectual property—trade secrets, inventions, proprietary practices—may be critical to your ability to maintain a competitive advantage in your market. If that intellectual property is stolen or exposed, your competitive advantage may be difficult or impossible to maintain or recover. • Damage to brand reputation: Customers or partners may be unwilling to buy your products or services (or do business with your company) if they don’t feel they can trust you to protect your data or theirs. • Business continuity (or lack thereof): Some business cannot continue to operate until a breach is resolved.
Concepts of Database Security • Secrecy or Confidentiality • Integrity • Availability Three are 3 main aspects:
Secrecy/ Confidential It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data.
Integrity Protecting the database from authorized users. Ensures that what users are trying to do is correct. For example, an employee should be able to modify his or her own information.
Availability • Database must have not unplanned downtime. • To ensure this ,following steps should be taken. • Restrict the amount of the storage space given to each user in the database. • Limit the number of concurrent sessions made available to each database user. • Back up the data at periodic intervals to ensure data recovery in case of application users.
Threats and challenges • Insider threats An insider threat is a security threat from any one of three sources with privileged access to the database: •A malicious insider who intends to do harm •A negligent insider who makes errors that make the database vulnerable to attack An infiltrator—an outsider who somehow obtains credentials via a scheme such as phishing or by gaining access to the credential database itself. Human error • Accidents, weak passwords, password sharing, and other unwise or uninformed user behaviors continue to be the cause of nearly half (49%) of all reported data breaches. • Human error Accidents, weak passwords, password sharing, and other unwise or uninformed user behaviors continue to be the cause of nearly half (49%) of all reported data breaches. • SQL/NoSQL injection attacks A database-specific threat, these involve the insertion of arbitrary SQL or non-SQL attack strings into database queries served by web applications or HTTP headers. Organizations that don’t follow secure web application coding practices and perform regular vulnerability testing are open to these attacks.
Database Security Requirements Protection from Improper Access Protection from Inference Integrity of the Database User Authentication Multilevel Protection Confinement Management and Protection of Sensitive Data
Security Controls Authorization- privileges, views. Encryption - public key / private key, secure sockets. Authentication – passwords. Logical - firewalls, net proxies.
Firewalls Firewall is dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically, it is a piece of software that monitors all traffic that goes from your system to another via the Internet or network and Vice Versa. Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases.
Abstraction • It enables to encrypt sensitive data, such as credit card numbers, stored in table columns. • Encrypted data is decrypted for a database user who has access to the data. • Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen.
Advantages of Data Encryption As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen. You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user. Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part. Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database.
Privileges in Database • Select: allows read access to relation, or the ability to query using the view • Insert: the ability to insert tuples • Update: the ability to update using the SQL update statement • Delete: the ability to delete tuples.
THANK YOU

More Related Content

PPTX
Access Controls
byprimeteacher32
 
PDF
Database security
byMurchana Borah
 
PDF
Threat Modeling for IoT Systems
byDenim Group
 
PPT
Security Management Practices
byamiable_indian
 
PDF
Password Management
byRick Chin
 
PDF
Computer forensic
bySinggih Prasetya
 
PPTX
Backup tools
byuniversity of Gujrat, pakistan
 
PPTX
Intrusion detection system
byAkhil Kumar
 
Access Controls
byprimeteacher32
 
Database security
byMurchana Borah
 
Threat Modeling for IoT Systems
byDenim Group
 
Security Management Practices
byamiable_indian
 
Password Management
byRick Chin
 
Computer forensic
bySinggih Prasetya
 
Backup tools
byuniversity of Gujrat, pakistan
 
Intrusion detection system
byAkhil Kumar
 

What's hot

PDF
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
PPTX
Data security
byAbdulBasit938
 
PPTX
Database security
byArpana shree
 
PPTX
Fundamentals of Servers, server storage and server security.
byAakash Panchal
 
PPTX
Cloud with Cyber Security
byNiki Upadhyay
 
PPT
Dmz
byأحلام انصارى
 
PPTX
Network security
byNandini Raj
 
PPT
Information Security Principles - Access Control
byidingolay
 
PPTX
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
PPTX
Data security
byForeSolutions
 
PPT
3. security architecture and models
by7wounders
 
PPTX
Intrusion Detection System(IDS)
byshraddha_b
 
PPTX
Digital forensics
byRoberto Ellis
 
PPTX
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
byPace IT at Edmonds Community College
 
PPTX
Router forensics
byTaruna Chauhan
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPTX
Sensitive data
byS.M. Towhidul Islam
 
PDF
DATA LOSS PREVENTION OVERVIEW
bySylvain Martinez
 
PPT
Digital forensics
byNicholas Davis
 
PPTX
What is zero trust model (ztm)
byAhmed Banafa
 
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
Data security
byAbdulBasit938
 
Database security
byArpana shree
 
Fundamentals of Servers, server storage and server security.
byAakash Panchal
 
Cloud with Cyber Security
byNiki Upadhyay
 
Dmz
byأحلام انصارى
 
Network security
byNandini Raj
 
Information Security Principles - Access Control
byidingolay
 
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
Data security
byForeSolutions
 
3. security architecture and models
by7wounders
 
Intrusion Detection System(IDS)
byshraddha_b
 
Digital forensics
byRoberto Ellis
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
byPace IT at Edmonds Community College
 
Router forensics
byTaruna Chauhan
 
Introduction to information security
byjayashri kolekar
 
Sensitive data
byS.M. Towhidul Islam
 
DATA LOSS PREVENTION OVERVIEW
bySylvain Martinez
 
Digital forensics
byNicholas Davis
 
What is zero trust model (ztm)
byAhmed Banafa
 

Similar to Database security in database management.pptx

PPTX
203135 Muhammad Usama.pptx
bymuhammadusama257191
 
PPTX
Database security
byMaryamAsghar9
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
PPTX
Database security presentation for Vims.pptx
byvimbaimapfumo25
 
PPTX
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
PPTX
Database Security Management
byAhsin Yousaf
 
PPTX
Database security
bySoftware Engineering
 
PPTX
Database Security Presentation Why database Security is important
byKamruzzamansohel2
 
PDF
uu (2).pdf
byuzairAsif268
 
PDF
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
PDF
Database security presentation in easy way
byArsalanMaqsood1
 
PPTX
Database security
byafzaalkhalid1
 
PPTX
DBMS SECURITY
byWasim Raza
 
PPT
Database Security
byRabiaIftikhar10
 
PPT
Dstca
byajay vj
 
PDF
Data security and Integrity
byZaid Shabbir
 
PPTX
basic to advance network security concepts
byamansinght675
 
PPT
DB security
byERSHUBHAM TIWARI
 
PDF
5db-security.pdf
byHODCA1
 
PPTX
Security of the database
byPratik Tamgadge
 
203135 Muhammad Usama.pptx
bymuhammadusama257191
 
Database security
byMaryamAsghar9
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
Database security presentation for Vims.pptx
byvimbaimapfumo25
 
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
Database Security Management
byAhsin Yousaf
 
Database security
bySoftware Engineering
 
Database Security Presentation Why database Security is important
byKamruzzamansohel2
 
uu (2).pdf
byuzairAsif268
 
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
Database security presentation in easy way
byArsalanMaqsood1
 
Database security
byafzaalkhalid1
 
DBMS SECURITY
byWasim Raza
 
Database Security
byRabiaIftikhar10
 
Dstca
byajay vj
 
Data security and Integrity
byZaid Shabbir
 
basic to advance network security concepts
byamansinght675
 
DB security
byERSHUBHAM TIWARI
 
5db-security.pdf
byHODCA1
 
Security of the database
byPratik Tamgadge
 

More from FarhanaMariyam1

PDF
ANOVA one or Two way classified data for RM
byFarhanaMariyam1
 
PPT
Artificial Intelligence for Business.ppt
byFarhanaMariyam1
 
PPTX
Machine Learning for Begineers First .pptx
byFarhanaMariyam1
 
PPTX
Ethical hacking for Business or Management.pptx
byFarhanaMariyam1
 
PPT
OS Unit IV.ppt
byFarhanaMariyam1
 
PPTX
CAO.pptx
byFarhanaMariyam1
 
PPT
Computer Architecture & Organization.ppt
byFarhanaMariyam1
 
PPTX
MANAGEMENT QUIZ.pptx
byFarhanaMariyam1
 
PPTX
Lecture 4 MIS.pptx
byFarhanaMariyam1
 
PPTX
Lecture 3 MIS.pptx
byFarhanaMariyam1
 
PPTX
Lecture 2 MIS.pptx
byFarhanaMariyam1
 
PPTX
Lecture 1 MIS.pptx
byFarhanaMariyam1
 
DOCX
cloud computing Syllabus.docx
byFarhanaMariyam1
 
PPTX
IS.pptx
byFarhanaMariyam1
 
PPTX
Lecture 3 GORE.pptx
byFarhanaMariyam1
 
ANOVA one or Two way classified data for RM
byFarhanaMariyam1
 
Artificial Intelligence for Business.ppt
byFarhanaMariyam1
 
Machine Learning for Begineers First .pptx
byFarhanaMariyam1
 
Ethical hacking for Business or Management.pptx
byFarhanaMariyam1
 
OS Unit IV.ppt
byFarhanaMariyam1
 
CAO.pptx
byFarhanaMariyam1
 
Computer Architecture & Organization.ppt
byFarhanaMariyam1
 
MANAGEMENT QUIZ.pptx
byFarhanaMariyam1
 
Lecture 4 MIS.pptx
byFarhanaMariyam1
 
Lecture 3 MIS.pptx
byFarhanaMariyam1
 
Lecture 2 MIS.pptx
byFarhanaMariyam1
 
Lecture 1 MIS.pptx
byFarhanaMariyam1
 
cloud computing Syllabus.docx
byFarhanaMariyam1
 
IS.pptx
byFarhanaMariyam1
 
Lecture 3 GORE.pptx
byFarhanaMariyam1
 

Recently uploaded

PPTX
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
PPTX
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
PDF
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
PPTX
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
PPTX
DECARBONAZING REFINING INDUSTRY rev2.pptx
bygonzalezolabarriaped
 
PDF
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
PPTX
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
PDF
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
PDF
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
PDF
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
PPTX
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
PPTX
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PDF
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
PPTX
AUV DESIGN and DEVELOPMENT FOR DEEP SEA MINING ( POLYMETALLIC NODULES) in MRC...
byArijit Biswas
 
PPTX
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
PDF
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
DECARBONAZING REFINING INDUSTRY rev2.pptx
bygonzalezolabarriaped
 
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
AUV DESIGN and DEVELOPMENT FOR DEEP SEA MINING ( POLYMETALLIC NODULES) in MRC...
byArijit Biswas
 
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
In this document
Powered by AI

Introduction to the topic of database security presented by Harsh Kumar, setting the foundation.

Defines database security; emphasizes protecting confidentiality, integrity, and availability.

Highlights the need for database security to protect intellectual property, brand reputation, and ensure business continuity.

Introduces three main aspects of database security: Secrecy (Confidentiality), Integrity, and Availability.

Explains the importance of secrecy in database security and how encryption protects unauthorized access.

Describes integrity, ensuring that authorized users make correct changes to their data.

Discusses the importance of database availability and measures to prevent downtime.

Identifies insider threats, human errors, and SQL/NoSQL injection attacks as major database security challenges.

Lists essential security requirements for databases, including proper access control and sensitive data protection.

Outlines various security controls: Authorization, Encryption, Authentication, and Logical protections.

Explains firewalls’ role in monitoring and protecting against database-specific attacks.

Discusses how abstraction helps encrypt sensitive data and protect it from unauthorized access.

Highlights the benefits of data encryption for security, transparency, and ease of user access.

Describes various database privileges: SELECT, INSERT, UPDATE, and DELETE, for managing access.

Thank you note, concluding the presentation on database security.

Database security in database management.pptx

  • 1.
    Database security By –Harsh Kumar 210BBA009
  • 2.
    What is Database Security? Database:It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats. Def. Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected.
  • 3.
    Why need ofDatabase Security? • Compromised intellectual property: Your intellectual property—trade secrets, inventions, proprietary practices—may be critical to your ability to maintain a competitive advantage in your market. If that intellectual property is stolen or exposed, your competitive advantage may be difficult or impossible to maintain or recover. • Damage to brand reputation: Customers or partners may be unwilling to buy your products or services (or do business with your company) if they don’t feel they can trust you to protect your data or theirs. • Business continuity (or lack thereof): Some business cannot continue to operate until a breach is resolved.
  • 4.
    Concepts of DatabaseSecurity • Secrecy or Confidentiality • Integrity • Availability Three are 3 main aspects:
  • 5.
    Secrecy/ Confidential It is protectingthe database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data.
  • 6.
    Integrity Protecting the databasefrom authorized users. Ensures that what users are trying to do is correct. For example, an employee should be able to modify his or her own information.
  • 7.
    Availability • Database musthave not unplanned downtime. • To ensure this ,following steps should be taken. • Restrict the amount of the storage space given to each user in the database. • Limit the number of concurrent sessions made available to each database user. • Back up the data at periodic intervals to ensure data recovery in case of application users.
  • 8.
    Threats and challenges •Insider threats An insider threat is a security threat from any one of three sources with privileged access to the database: •A malicious insider who intends to do harm •A negligent insider who makes errors that make the database vulnerable to attack An infiltrator—an outsider who somehow obtains credentials via a scheme such as phishing or by gaining access to the credential database itself. Human error • Accidents, weak passwords, password sharing, and other unwise or uninformed user behaviors continue to be the cause of nearly half (49%) of all reported data breaches. • Human error Accidents, weak passwords, password sharing, and other unwise or uninformed user behaviors continue to be the cause of nearly half (49%) of all reported data breaches. • SQL/NoSQL injection attacks A database-specific threat, these involve the insertion of arbitrary SQL or non-SQL attack strings into database queries served by web applications or HTTP headers. Organizations that don’t follow secure web application coding practices and perform regular vulnerability testing are open to these attacks.
  • 9.
    Database Security Requirements Protectionfrom Improper Access Protection from Inference Integrity of the Database User Authentication Multilevel Protection Confinement Management and Protection of Sensitive Data
  • 10.
    Security Controls Authorization- privileges,views. Encryption - public key / private key, secure sockets. Authentication – passwords. Logical - firewalls, net proxies.
  • 11.
    Firewalls Firewall is dedicatedsoftware on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically, it is a piece of software that monitors all traffic that goes from your system to another via the Internet or network and Vice Versa. Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases.
  • 12.
    Abstraction • It enablesto encrypt sensitive data, such as credit card numbers, stored in table columns. • Encrypted data is decrypted for a database user who has access to the data. • Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen.
  • 13.
    Advantages of Data Encryption As asecurity administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen. You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user. Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part. Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database.
  • 14.
    Privileges in Database •Select: allows read access to relation, or the ability to query using the view • Insert: the ability to insert tuples • Update: the ability to update using the SQL update statement • Delete: the ability to delete tuples.
  • 15.