CAN A DATABASE REALLY BE SECURE? PRESENTED BY AUDREY WILLIAMS.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 9: Privacy, Crime, and Security
Security Issues and Challenges in Cloud Computing
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World
Chapter 1 Introduction to Security
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
PART THREE E-commerce in Action Norton University E-commerce in Action.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
HIPAA PRIVACY AND SECURITY AWARENESS.
Cyber crime & Security Prepared by : Rughani Zarana.
C8- Securing Information Systems
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs cybercrime is nothing but where.
Chap1: Is there a Security Problem in Computing?.
Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.
Cybercrime What is it, what does it cost, & how is it regulated?
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.
Securing Information Systems
Securing Information Systems
Chapter 5 Electronic Commerce | Security Threats - Solution
INFORMATION SYSTEMS SECURITY AND CONTROL.
Working at a Small-to-Medium Business or ISP – Chapter 8
Secure Software Confidentiality Integrity Data Security Authentication
CAN A DATABASE REALLY BE SECURE?
Chapter 17 Risks, Security and Disaster Recovery
Chapter 5 Electronic Commerce | Security Threats - Solution
Firewalls.
Security of a Local Area Network
Securing Information Systems
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
AbbottLink™ - IP Address Overview
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs cybercrime is nothing but where.
Presentation transcript:

CAN A DATABASE REALLY BE SECURE? PRESENTED BY AUDREY WILLIAMS

2 OVERVIEW What’s the purpose of a database security system? What’s the purpose of a database security system? Why should an organization bother to implement a database security system? Why should an organization bother to implement a database security system? What kinds of database security features can protect the DBMS? What kinds of database security features can protect the DBMS? What are the responsibilities of the database administrator? What are the responsibilities of the database administrator? Exposing classic database intruders Exposing classic database intruders Summation Summation Bibliography Bibliography

3 DATABASE SECURITY What’s the purpose of a Database Security System? What’s the purpose of a Database Security System? To protect the stored data that is being collected to use in meaningful ways such as documents, charts, reports. To protect the stored data that is being collected to use in meaningful ways such as documents, charts, reports. Also, to secure the data from intruders Also, to secure the data from intruders Spafford implies, “the only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Spafford implies, “the only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.”

4 DATABASE SECURITY In response to Mr. Spafford’s statement – Why should an organization bother to implement a database security system? Why should an organization bother to implement a database security system? To protect the company’s clientele from predators that will sell the data to the highest bidder. To protect the company’s clientele from predators that will sell the data to the highest bidder. Database intrusions and thefts will destroy or reduce the company’s credibility & profits. Database intrusions and thefts will destroy or reduce the company’s credibility & profits.

5 DATABASE SECURITY [Figure 1] demonstrates that the path of a source message comes from the client and is sent to the LAN/WAN router. [Figure 1] demonstrates that the path of a source message comes from the client and is sent to the LAN/WAN router. Next, the source message is passed to the server. The requested data is passed to the internet, internet router, and firewall to the DBMS to retrieve requested information. Next, the source message is passed to the server. The requested data is passed to the internet, internet router, and firewall to the DBMS to retrieve requested information. After the destination server receives the message, the DBMS sends the message back to the client as it was forwarded in the same order. After the destination server receives the message, the DBMS sends the message back to the client as it was forwarded in the same order. So, the entry point for Hackers to breach the system is the internet, internet router, and firewall connection which places the DBMS in jeopardy of data intrusion. So, the entry point for Hackers to breach the system is the internet, internet router, and firewall connection which places the DBMS in jeopardy of data intrusion.

6 DATABASE SECURITY FEATURES What kinds of database security features can protect the DBMS? What kinds of database security features can protect the DBMS? Digital Certificate is a unique identifier given to an entity to provide authentication of a computer, document, or webpage. Then, a third party such as Equifax certifies that the document is legal or illegal. Digital Certificate is a unique identifier given to an entity to provide authentication of a computer, document, or webpage. Then, a third party such as Equifax certifies that the document is legal or illegal. Encryptions alter the data so unauthorized users cannot view data information. Encryptions alter the data so unauthorized users cannot view data information. Firewalls protect a network from unauthorized access from the internet. Firewalls protect a network from unauthorized access from the internet. Proxy Servers shield the requests between the client computers inside a private network and the internet. Proxy Servers shield the requests between the client computers inside a private network and the internet. Security Socket Layer connects and transmits encrypted data. Security Socket Layer connects and transmits encrypted data. S-HTTP (secure hypertext transport protocol) transmits web pages securely. S-HTTP (secure hypertext transport protocol) transmits web pages securely. So, by configuring these features with internet and network components, it is possible to provide privacy and security to reduce database security intrusions. So, by configuring these features with internet and network components, it is possible to provide privacy and security to reduce database security intrusions.

7 RESPONSIBLITIES OF THE DATABASE ADMINISTRATOR To assign unique password & user identification for users to have permission to access, read and or manipulate specific information at a given time. To assign unique password & user identification for users to have permission to access, read and or manipulate specific information at a given time. Enable various data layers that secure the access control, auditing and authentication, encryption, and integrity controls. Enable various data layers that secure the access control, auditing and authentication, encryption, and integrity controls. Perform a “vulnerability scan” on a routine basis to locate configuration problems in the data layers of the DBMS software. Perform a “vulnerability scan” on a routine basis to locate configuration problems in the data layers of the DBMS software. Evaluate and perform a “vulnerability assessment” against the database. This assessment makes an effort to locate the cracks in the database security. Evaluate and perform a “vulnerability assessment” against the database. This assessment makes an effort to locate the cracks in the database security.

8 RESPONSIBLITIES OF THE DATABASE ADMINISTRATOR To continually monitor the database security standards to make sure that the company’s DBMS is in compliance with the database security standards. To continually monitor the database security standards to make sure that the company’s DBMS is in compliance with the database security standards. Two features of the database security compliance must be utilized. Two features of the database security compliance must be utilized. Patch Management Method that locates problems in the software, fixes and updates the cracks in the database security. Patch Management Method that locates problems in the software, fixes and updates the cracks in the database security. Management & Review of Public & Granted Data Access relates to locating data objects in the database, such as the table that holds data and evaluates who is entitled to manipulate or view the data objects. Management & Review of Public & Granted Data Access relates to locating data objects in the database, such as the table that holds data and evaluates who is entitled to manipulate or view the data objects.

9 RESPONSIBLITIES OF THE DATABASE ADMINISTRATOR Always keep in mind that whenever a system has internet and network connections attached to a DBMS, security breaches will occur. Always keep in mind that whenever a system has internet and network connections attached to a DBMS, security breaches will occur. Perform routine backup recovery procedures incase of electrical outage and intruder attacks that can damage the DBMS. Perform routine backup recovery procedures incase of electrical outage and intruder attacks that can damage the DBMS.

10 THE CLASSIC DATABASE INTRUDERS The Shifty Employees & Malicious Hackers The Shifty Employees & Malicious Hackers

11 THE CLASSIC DATABASE INTRUDERS Employees Employees For example, a salesperson in the sales department should have access to company prices of the product list instead of data access of employee birth dates, extensive clientele information, home addresses, and salary information. For example, a salesperson in the sales department should have access to company prices of the product list instead of data access of employee birth dates, extensive clientele information, home addresses, and salary information. Adding to the example above, the salesperson learns that they will be fired or laid off; the salesperson could alter and copy the database information for the purpose of using the client list with their new job. Adding to the example above, the salesperson learns that they will be fired or laid off; the salesperson could alter and copy the database information for the purpose of using the client list with their new job. So, the company and the database administrator are to blame for the employee having access to various amounts of data to steal. So, the company and the database administrator are to blame for the employee having access to various amounts of data to steal.

12 THE CLASSIC DATABASE INTRUDERS The Black Hat Hacker The Black Hat Hacker Is a person that hacks into a security system to retrieve data from a computer, network, and database system with the intent to commit and terrorize the victims in a criminal and maliciously act of blackmail, damage and larceny. Is a person that hacks into a security system to retrieve data from a computer, network, and database system with the intent to commit and terrorize the victims in a criminal and maliciously act of blackmail, damage and larceny. The purpose is to gain system controls of the individual or the organization. The purpose is to gain system controls of the individual or the organization.

13 THE CLASSIC DATABASE INTRUDERS Hackers believe: “The best hackers never get caught!” However in 2006, 42% of cybercrimes were committed by hackers. However in 2006, 42% of cybercrimes were committed by hackers. Then, the manpower from law enforcement is limited in size to fully pursue every high-tech crime that is committed, so the most costly crimes are the cases that are pursued by law enforcement. Then, the manpower from law enforcement is limited in size to fully pursue every high-tech crime that is committed, so the most costly crimes are the cases that are pursued by law enforcement. Yet, in 2006, global tasks forces in major cities are developing and devoting more manpower for the goal of locating, charging, arresting, and sentencing hackers for their cybercrimes. Yet, in 2006, global tasks forces in major cities are developing and devoting more manpower for the goal of locating, charging, arresting, and sentencing hackers for their cybercrimes. In 2006, one hacker stole 165,000 consumer identities and another hacker stole $800,000 from local banks through identity thefts. In 2006, one hacker stole 165,000 consumer identities and another hacker stole $800,000 from local banks through identity thefts.

14 SUMMATION It seems that companies cannot deter or stop predators from hacking into DBMS through the internet and network connections. It seems that companies cannot deter or stop predators from hacking into DBMS through the internet and network connections. So, by applying database security features and routine maintenance on the DBMS to: So, by applying database security features and routine maintenance on the DBMS to: Monitor the database security compliances Monitor the database security compliances Perform vulnerability assessments and scans to discover cracks in the database security Perform vulnerability assessments and scans to discover cracks in the database security Reconfigure data access parameters to lock out imminent attackers Reconfigure data access parameters to lock out imminent attackers Prevent employees from accessing and viewing more data than necessary should maintain the database security to protect the data from most intrusions and thefts. Prevent employees from accessing and viewing more data than necessary should maintain the database security to protect the data from most intrusions and thefts.

15 THE END BIBLIOGRAPHY WIKIPEDIA WIKIPEDIA DOJ & FBI DOJ & FBI Merriam-Webster Merriam-Webster L.A.P.D. L.A.P.D. N.Y.P.D N.Y.P.D Spafford. Eugene H. O'Reilly. S. Garfinkel. Web Security & Commerce. Retrieved from Internet 31.Mar Article was created in Spafford. Eugene H. O'Reilly. S. Garfinkel. Web Security & Commerce. Retrieved from Internet 31.Mar Article was created in

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.