Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Slides:



Advertisements
Similar presentations
Chapter 20 Oracle Secure Backup.
Advertisements

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 2 Overview of Database Administrator (DBA) Tools.
Oracle 10g Database Administrator: Implementation and Administration
Chapter 9 Auditing Database Activities
System Administration Accounts privileges, users and roles
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Administering User Security
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Database Security Managing Users and Security Models.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Profiles, Password Policies, Privileges, and Roles
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
MISSION CRITICAL COMPUTING Moving Data and Other Planning Considerations.
I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
IT Database Administration SECTION 01. Starting Up and Shutting Down the Database Database Administration Facilities – A number of tools are available.
Managing users and security Akhtar Ali. Aims Understand and manage profiles Understand and manage users Understand and manage privileges Understand and.
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Introduction to Oracle. Oracle History 1979 Oracle Release client/server relational database 1989 Oracle Oracle 8 (object relational) 1999.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Database Role Activity. DB Role and Privileges Worksheet.
Controlling User Access Fresher Learning Program January, 2012.
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Week 2 Lecture 1 Creating an Oracle Instance. Learning Objectives  Learn the steps for creating a database  Understand the prerequisites for creating.
Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.
IST 318 Database Administration Lecture 9 Database Security.
Chapter 13Introduction to Oracle9i: SQL1 Chapter 13 User Creation and Management.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
Chapter 6 Virtual Private Databases
7 Copyright © 2007, Oracle. All rights reserved. Administering User Security.
Intro To Oracle :part 1 1.Save your Memory Usage & Performance. 2.Oracle Login ways. 3.Adding Database to DB Trees. 4.How to Create your own user(schema).
Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga.
Database Systems Slide 1 Database Systems Lecture 4 Database Security - Concept Manual : Chapter 20 - Database Security Manual : Chapters 5,10 - SQL Reference.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
15 Copyright © Oracle Corporation, All rights reserved. Managing Users.
19 Copyright © 2008, Oracle. All rights reserved. Security.
6 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
SQL Database Management
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Chapter 5 : Designing Windows Server-Level Security Processes
Designing Database Solutions for SQL Server
Database Security OER- Unit 1-Authentication
Operating System Security
Managing Privileges.
Presentation transcript:

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users

Database Security & Auditing: Protecting Data Integrity & Accessibility2 Objectives Explain the importance of administration documentation Outline the concept of operating system authentication Create users and logins using both Oracle10g and SQL Server Remove a user from Oracle10g and SQL servers

Database Security & Auditing: Protecting Data Integrity & Accessibility3 Objectives (continued) Modify an existing user using both Oracle10g and SQL servers List all default users on Oracle10g and SQL servers Explain the concept of a remote user List the risks of database links

Database Security & Auditing: Protecting Data Integrity & Accessibility4 Objectives (continued) List the security risks of linked servers List the security risks of remote servers Describe best practices for user administration

Database Security & Auditing: Protecting Data Integrity & Accessibility5 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail –Ensure administration consistency What to document: –Administration policies, staff and management –Security procedures –Procedure implementation scripts or programs –Predefined roles description

Database Security & Auditing: Protecting Data Integrity & Accessibility6 Documentation of User Administration (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility7 Documentation of User Administration (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility8 Operating System Authentication Many databases (including Microsoft SQL Server 2000) depend on OS to authenticate users Reasons: –Once an intruder is inside the OS, it is easier to access the database –Centralize administration of users Users must be authenticated at each level

Database Security & Auditing: Protecting Data Integrity & Accessibility9 Operating System Authentication (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility10 Creating Users Must be a standardized, well-documented, and securely managed process In Oracle10g, use the CREATE USER statement: –Part of the a Data Definition Language (DDL) –Account can own different objects

Database Security & Auditing: Protecting Data Integrity & Accessibility11 Creating an Oracle10g User IDENTIFIED clause –Tells Oracle how to authenticate a user account –BY PASSWORD option: encrypts and stores an assigned password in the database –EXTERNALLY option: user is authenticated by the OS –GLOBALLY AS option: depends on authentication through centralized user management method

Database Security & Auditing: Protecting Data Integrity & Accessibility12 Creating an Oracle10g User (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility13 Creating an Oracle10g User (continued) DEFAULT TABLESPACE clause: specifies default storage for the user TEMPORARY TABLESPACE clause QUOTA clause: tells Oracle 10g how much storage space a user is allowed for a specified tablespace PROFILE clause: indicates the profile used for limiting database resources and enforcing password policies

Database Security & Auditing: Protecting Data Integrity & Accessibility14 Creating an Oracle10g User (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility15 Creating an Oracle10g User (continued) PASSWORD EXPIRE clause: tells Oracle to expire the user password and prompts the user to enter a new password ACCOUNT clause: enable or disable account ALTER USER: modifies a user account Oracle Enterprise Manager: GUI administration tool

Database Security & Auditing: Protecting Data Integrity & Accessibility16 Creating an Oracle10g User (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility17 Creating an Oracle10g User (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility18 Creating an Oracle10g User Using External (Operating System) Authentication Depends on an external party to authenticate the user Steps: –Verify account belongs to ORA_DBA group –Set the Windows registry string OSAUTH_PREFIX_DOMAIN to FALSE –View setting of the OS_AUTHENT_PREFIX initialization parameter –Change OS_AUTHENT_PREFIX to NULL

Database Security & Auditing: Protecting Data Integrity & Accessibility19 Creating an Oracle10g User Using External (Operating System) Authentication (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility20 Creating an Oracle10g User Using External (Operating System) Authentication (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility21 Creating an Oracle10g User Using External (Operating System) Authentication (continued) Steps (continued): –Create an Oracle user –Provide new user with CREATE SESSION privilege Advantage: allows administrators to use one generic user to run maintenance scripts without a password

Database Security & Auditing: Protecting Data Integrity & Accessibility22 Creating an Oracle User Using Global Authentication Enterprise-level authentication solution Use the CREATE USER statement DBA_USERS view: contains information about all accounts

Database Security & Auditing: Protecting Data Integrity & Accessibility23 Creating an Oracle User Using Global Authentication (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility24 Creating an Oracle User Using Global Authentication (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility25 Creating a SQL Server User Create a login ID first; controls access to SQL Server system Associate login ID with a database user Must be member of fixed server roles (SYSADMIN or SECURITYADMIN) Two types of login IDs: –Windows Integrated (trusted) login –SQL Server login

Database Security & Auditing: Protecting Data Integrity & Accessibility26 Creating Windows Integrated Logins Command line: –SP_GRANTLOGIN system stored procedure –Can be associated local, domain, group usernames Enterprise Manager: –Use the Security container –Logins -> New Login

Database Security & Auditing: Protecting Data Integrity & Accessibility27 Creating Windows Integrated Logins (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility28 Creating Windows Integrated Logins (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility29 Creating Windows Integrated Logins (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility30 Creating SQL Server Logins Command line: –SP_ADDLOGIN system stored procedure –Password is encrypted by default –Specify a default database Enterprise Manager: –Security container –Logins -> New Login –SQL Server Authentication option

Database Security & Auditing: Protecting Data Integrity & Accessibility31 Creating SQL Server Logins (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility32 Removing Users Simple process Make a backup first Obtain a written request (for auditing purposes)

Database Security & Auditing: Protecting Data Integrity & Accessibility33 Removing an Oracle User DROP command CASCADE option: when user owns database objects Recommendations: –Backup the account for one to three months –Listing all owned objects –Lock the account or revoke the CREATE SESSION privilege

Database Security & Auditing: Protecting Data Integrity & Accessibility34 SQL Server: Removing Windows Integrated Logins Command line: SP_DENYLOGIN system stored procedure Enterprise Manager: –Highlight the desired login –Choose Delete from the Action menu

Database Security & Auditing: Protecting Data Integrity & Accessibility35 Modifying Users Modifications involve: –Changing passwords –Locking an account –Increasing a storage quota ALTER USER DDL statement

Database Security & Auditing: Protecting Data Integrity & Accessibility36 Modifying an Oracle User ALTER USER statement Oracle Enterprise Manager: graphical tool

Database Security & Auditing: Protecting Data Integrity & Accessibility37 Modifying an Oracle User (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility38 SQL Server: Modifying Windows Integrated Login Attributes Command line: –SP_DEFAULTDB system stored procedure –SP_DEFAULTLANGUAGE stored procedure Enterprise Manager: –Expand the security container –Select desired login –Properties (on the Action Menu)

Database Security & Auditing: Protecting Data Integrity & Accessibility39 Default Users Oracle default users: –SYS, owner of the data dictionary –SYSTEM, performs almost all database tasks –ORAPWD, creates a password file SQL Server default users: –SA, system administrator –BUILT_IN\Administrators

Database Security & Auditing: Protecting Data Integrity & Accessibility40 Remote Users

Database Security & Auditing: Protecting Data Integrity & Accessibility41 Database Links Connection from one database to another: allow DDL and SQL statements Types: PUBLIC and PRIVATE Authentication Methods: –CURRENT USER –FIXED USER –CONNECT USER

Database Security & Auditing: Protecting Data Integrity & Accessibility42 Database Links (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility43 Linked Servers Allow you to connect to almost any: –Object Linking and Embedding Database (OLEDB) –Open Database Connectivity (ODBC) OPENQUERY function Map logins in your SQL Server instance to users in the linked database Remote servers: allow communication using RPC

Database Security & Auditing: Protecting Data Integrity & Accessibility44 Linked Servers (continued)

Database Security & Auditing: Protecting Data Integrity & Accessibility45 Practices for Administrators and Managers Manage: –Accounts –Data files –Memory Administrative tasks: –Backup –Recovery –Performance tuning

Database Security & Auditing: Protecting Data Integrity & Accessibility46 Best Practices Follow company’s policies and procedures Always document and create logs Educate users Keep abreast of database and security technology Review and modify procedures

Database Security & Auditing: Protecting Data Integrity & Accessibility47 Best Practices (continued) For SQL server: –Mimic Oracle’s recommended installation for UNIX –Use local Windows or domain Windows accounts Block direct access to database tables Limit and restrict access to the server Use strong passwords Patches, patches, patches

Database Security & Auditing: Protecting Data Integrity & Accessibility48 Summary Document tasks and procedures for auditing purposes Creating users: –CREATE USER statement in Oracle –Login ID in SQL Server Removing users: –SQL DROP statement –SP_DENYLOGIN Windows system stored procedure

Database Security & Auditing: Protecting Data Integrity & Accessibility49 Summary (continued) Modifying user attributes: ALTER USER DDL statement Local database and users Remote users Database links Linked servers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.