Cloud and Database Security Cyber Security Cloud and Database Security
Topics Database security Wi-Fi Protection Cyber Security Types of Cyber attacks Cloud Computing Database protection on the cloud
Database Security Why do we need database security? Threats are introduced everyday and we must prevent these threats from accessing our database. Hackers and Insiders will try to compromise our data for the own personal gain. Data integrity must not be compromised We must be able to perform update, insert and delete operations without demaging the underlying infrustructure. Data must be availability at all times to users and programs who need access to them. Data must be protected and disclosed to unauthorized users or programs.
Types of Database Threats There are many threats that can occur to a database Hackers can perform SQL Injections to database A Denial of Service attack(DOS) or Malware software can be downloaded on to your PC Privilege abuse or unauthorized Application accessing our database. Simple user error and accidental deletion of a database or table
Ways to secure our database There are many ways to secure our database Access control Handled by creating user accounts and passwords Inference control Must ensure information about individuals cannot be accessed Flow control Prevents information from flowing to unauthorized users Data encryption
WI-FI Protection Change the name of your default home network. Set a strong and unique password for your WI-FI router. Consider using a password manager. Limit Use of the Administrator Account Install a firewall for your network Disable WPS. Wi-Fi Protected Setup (WPS) provides simplified mechanisms for a wireless device to join a Wi-Fi network without the need to enter the wireless network password. Monitor for unknown device connections. Use your router manufacturer’s website to monitor for unauthorized devices joining or attempting to join your network. Turn off your WI-FI network when your not using it. Regularly back up your data and Remove unnecessary services and software
Types of WI-FI Attacks KRACKs” (Key Reinstallation Attacks) also known as Man in the middle attack , is actually a group of multiple vulnerabilities that when successfully exploited, could allow attackers to intercept and steal data transmitted across a Wi-Fi network.
DOS, Phishing and Ransomware DOS attacks: A denial-of-service attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. DOS is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. Phishing Attacks. The fraudulent acquisition of confidential data by the intended recipients and the misuse of such data. The phishing attack is often done by email and the purpose of phishing attacks is to steal sensitive data such as credit card, login information or to install malicious software on the victim's machine. Ransomware: An attack a form of malicious software (i.e. malware) which encrypts documents on a PC or even across a network. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals.
Cyber Security Cyber Security: The practice of protecting systems, networks, and programs from digital attacks. Cyber security applies security preventions methods to provide confidentiality, integrity, and availability of data. Confidentiality: Aims to restrict disclosures and to grant access of information to only the authorized people. Integrity: Requires protecting data in a consistent, precise, and reliable manner. This has to guarantee that data is not altered in the course of a specific period. Availability: The data and resources should be available when people need to access it, particularly during emergencies or disasters. These cyber attacks are usually aimed at assessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes
Cloud computing Cloud computing : The on demand delivery of computing services(i.e. servers, storage, database storage, applications, networking and other IT services) through a cloud service provider via the internet. The Users pay for the resources and storage they need and depending on the cloud provider the price may be static or fixed monthly rate or dynamic which the user can be charged by the hour or by the minute. There are 3 different types of cloud deployment they are Public, Private and Hybrid cloud.
Public, Private and Hybrid Cloud Public clouds are the most common way of deploying cloud computing. The cloud resources (like servers and storage) are owned, operated by a third-party cloud service provider and delivered over the Internet. Private cloud: Consists of computing resources used exclusively by one business or organization. It can be physically located at your organization’s on-site datacenter, or it can be hosted by a third-party service provider. The private cloud services and infrastructure are always maintained on a private network, the hardware and software are dedicated solely to the organization. Hybrid cloud : Combine on-premises infrastructure, or private clouds, with public clouds so organizations can reap the advantages of both. The data and applications can move between private and public clouds for greater flexibility. The application or resource runs in the private cloud until there is a spike in demand (seasonal events like online shopping or Airline tickets), at which point the organization can “burst through” to the public cloud to tap into additional computing resources. The top 3 cloud service providers are Amazon Web Services(AWS), Microsoft Azure and Google Cloud Plattform. They all provide database security and protection. I will be focusing on AWS
Amazon Web Services Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It is a cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. You manage access to your Amazon RDS resources and your databases on a DB instance. You Run your DB instance in an Amazon Virtual Private Cloud (VPC) for the greatest possible network access control. Identity and Access Management (IAM) policies to assign permissions that determine who is allowed to manage RDS resources. It is a web service that helps you securely control access to AWS resources. You control who is authenticated (signed in) and authorized (has permissions) to use resources. You attach a permissions policy to a user or a group in your account to grant permissions for those users to create an Amazon RDS resource, such as a DB instance. Security groups to control what IP addresses or Amazon EC2 instances can connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group. Secure Socket Layer (SSL) connections with DB instances running the MySQL, Maria DB, PostgreSQL, and more.
Hackers attacking our cloud database