Downloaded 243 times
More Related Content
DB security
- 1.
- 2. Introduction Most DBMS didnot have a secure mechanisms for authentication and encryption until recently. DBA is required to have an additional skill-that of implementing security policies that protect one of the most valuable assets of company-its data. Database Security is degree to which all data is fully protected from tampering and unauthorized acts.
- 3.
- 4. Three Key Objectives Confidentiality Dataconfidentiality Privacy Integrity Data integrity System integrity Availability
- 5. Confidentiality Addresses two aspects Firstaspect is prevention of unauthorized individuals from accessing secret information. Second aspect is process of safe guarding confidential information and disclosing secret information only to authorized individuals by means of classifying information
- 6.
- 7. Integrity Consistent and validdata Data is considered to have integrity if it is accurate and has been tampered with intentionally or accidentally.
- 8. Degradation of dataintegrity Invalid data Redundant Data (lead to inconsistency and data anomalies) Inconsistent data (redundant data resides in several places, is not identical) Data Anomalies (occurs when one occurrence of the repeated data is changed and the other occurrences are not)
- 9. Degradation of dataintegrity Data read inconsistency (data changes that are made by the user are visible to others before changes are committed; indicates user does not always read the last committed data) Data non concurrency
- 10. Availability System should beavailable to individuals who are authorized to access the information.
- 11. Database security accesspoints A security access point is place where database security must be protected and applied. People (secure data within the DB against violations caused by people) Applications (when granting security privileges to applications, be cautious, permissions shouldn’t too loose/too restrictive) Network
- 12. Database security accesspoints OS (gateway to data, security credentials must be verified) DBMS Data Files (make use of encryption and permissions to protect data files belonging to database) Data
- 13. Data Integrity violationprocess Security Access points Are unprotected Data Integrity Violation Process of security gap resulting in security breach
- 14. Data Integrity violationprocess Security gaps are points at which security is missing, and thus system is vulnerable. Vulnerability is state in which an object can potentially be affected by a force or another object or even a situation but not necessarily is or will be. Threat is defined as security risk that has high possibility of becoming a system breach.
- 15.
- 16. Database Security Levels VIEWdatabase object is stored query that returns columns and rows from selected tables. Data provided by view object is protected by database system functionality that allows schema owners to grant or revoke privileges. Data files in which data resides are protected by database and that protection is enforced by OS file permissions. Finally database is secured by DBMS (through accounts and password mechanism, privileges, permissions to few)
- 17. Menaces to Databases SecurityVulnerability Security Threat (security violation that can happen any time because of security vulnerability) Security Risk (A known security gap that company intentionally leaves open)
- 18. Types of Vulnerabilities Susceptibleto attack Intruders, attackers exploit in our environment to start their attacks. Hackers usually explore the weak points of a system until they gain entry through gap in protection.
- 19. Types of Vulnerabilities Installationand configuration (results from default installation/configuration which is known publicly and we don’t enforce any security measures) User mistakes (due to carelessness in implementing procedures) Software (found in commercial softwares, patches not applied) Design and implementation (due to improper software analysis, design as well as coding deficiencies)
- 20. Types of Threats People(people intentionally/unitentionally inflict damage, e.g. hackers,terrorists) Malicious code (software code that is intentionally written to damage the components, e.g. viruses) Natural disasters Technological disasters (malfunction in equipment, e.g. network failure, hardware failure)
- 21.
- 22. Types of Risks People(loss of people who are vital components of DB, e.g. due to resignation) Hardware (results in hardware unavailability, down due to failure, malfunction) Data (data loss, corruption) Confidence (loss of public confidence in data produced by company)
- 23. Asset Types andtheir values Physical Assets (hardware, cars) Logical Assets (purchased softwares, OS, DB) Intangible Assets (business reputation, confidence) Human Assets (human skills, knowledge)
- 24. Security Methods People a.Security policies& procedures b.Process of identification and authentication c. Training courses on importance of security d.Physical limits on access to hardware and documents
- 25. Security Methods Applications a.Authentication ofusers who access b.Business rules c. Single sign on ( signing on once for different applications)
- 26.
- 27. Security Methods OS a.Authentication b.Intrusion Detection c.Password Policy d.User Accounts
- 28. Security Methods DBMS a.Authentication b.Audit Mechanisms c.Database resource limits d.Password Policy
- 29. Security Methods Data Files a.FilePermissions b.Access Monitoring Data a.Validation b.Data access c. Encryption d.Data constraints
- 30. Database Security Methodology Identification(investigation of resources reqd., policies to be adopted) Assessment (analysis of vulnerabilities, threats and risks) Design (blueprint of adopted security model) Implementation (code developed, tools purchased) Evaluation (testing system against attacks, failures, disasters) Auditing