Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Slides:



Advertisements
Similar presentations
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Advertisements

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 2 Overview of Database Administrator (DBA) Tools.
Oracle 10g Database Administrator: Implementation and Administration
Chapter 9 Auditing Database Activities
System Administration Accounts privileges, users and roles
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Administering User Security
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Database Security Managing Users and Security Models.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Guide to Operating System Security Chapter 4 Account-based Security.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
1Introduction Objectives 1-2 Course Objectives 1-3 Oracle Products 1-4 Relational Database Systems 1-5 How the Data Is Organized 1-6 Integrity Constraints.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Profiles, Password Policies, Privileges, and Roles
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
MISSION CRITICAL COMPUTING Moving Data and Other Planning Considerations.
I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Managing users and security Akhtar Ali. Aims Understand and manage profiles Understand and manage users Understand and manage privileges Understand and.
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Introduction to Oracle. Oracle History 1979 Oracle Release client/server relational database 1989 Oracle Oracle 8 (object relational) 1999.
Dale Roberts 1 Department of Computer and Information Science, School of Science, IUPUI Dale Roberts, Lecturer Computer Science, IUPUI
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Week 2 Lecture 1 Creating an Oracle Instance. Learning Objectives  Learn the steps for creating a database  Understand the prerequisites for creating.
Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.
IST 318 Database Administration Lecture 9 Database Security.
Chapter 13Introduction to Oracle9i: SQL1 Chapter 13 User Creation and Management.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
Chapter 6 Virtual Private Databases
7 Copyright © 2007, Oracle. All rights reserved. Administering User Security.
Intro To Oracle :part 1 1.Save your Memory Usage & Performance. 2.Oracle Login ways. 3.Adding Database to DB Trees. 4.How to Create your own user(schema).
Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga.
Database Systems Slide 1 Database Systems Lecture 4 Database Security - Concept Manual : Chapter 20 - Database Security Manual : Chapters 5,10 - SQL Reference.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
15 Copyright © Oracle Corporation, All rights reserved. Managing Users.
19 Copyright © 2008, Oracle. All rights reserved. Security.
6 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
SQL Database Management
Controlling User Access
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Chapter 5 : Designing Windows Server-Level Security Processes
Designing Database Solutions for SQL Server
Database Security OER- Unit 1-Authentication
Operating System Security
Presentation transcript:

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users

Database Security and Auditing2 Objectives Explain the importance of administration documentation Outline the concept of operating system authentication Create users and logins using both Oracle10g and SQL Server Remove a user from Oracle10g and SQL servers

Database Security and Auditing3 Objectives (continued) Modify an existing user using both Oracle10g and SQL servers List all default users on Oracle10g and SQL servers Explain the concept of a remote user List the risks of database links

Database Security and Auditing4 Objectives (continued) List the security risks of linked servers List the security risks of remote servers Describe best practices for user administration

Database Security and Auditing5 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail –Ensure administration consistency What to document: –Administration policies, staff and management –Security procedures –Procedure implementation scripts or programs –Predefined roles description

Database Security and Auditing6 Documentation of User Administration (continued)

Database Security and Auditing7 Documentation of User Administration (continued)

Database Security and Auditing8 Operating System Authentication Many databases (including Microsoft SQL Server 2000) depend on OS to authenticate users Reasons: –Once an intruder is inside the OS, it is easier to access the database –Centralize administration of users Users must be authenticated at each level

Database Security and Auditing9 Operating System Authentication (continued)

Database Security and Auditing10 Creating Users Must be a standardized, well-documented, and securely managed process In Oracle10g, use the CREATE USER statement: –Part of the a Data Definition Language (DDL) –Account can own different objects

Database Security and Auditing11 Creating an Oracle10g User IDENTIFIED clause –Tells Oracle how to authenticate a user account –BY PASSWORD option: encrypts and stores an assigned password in the database –EXTERNALLY option: user is authenticated by the OS –GLOBALLY AS option: depends on authentication through centralized user management method

Database Security and Auditing12 Creating an Oracle10g User (continued)

Database Security and Auditing13 Creating an Oracle10g User (continued) DEFAULT TABLESPACE clause: specifies default storage for the user TEMPORARY TABLESPACE clause QUOTA clause: tells Oracle 10g how much storage space a user is allowed for a specified tablespace PROFILE clause: indicates the profile used for limiting database resources and enforcing password policies

Database Security and Auditing14 Creating an Oracle10g User (continued)

Database Security and Auditing15 Creating an Oracle10g User (continued) PASSWORD EXPIRE clause: tells Oracle to expire the user password and prompts the user to enter a new password ACCOUNT clause: enable or disable account ALTER USER: modifies a user account Oracle Enterprise Manager: GUI administration tool

Database Security and Auditing16 Creating an Oracle10g User (continued)

Database Security and Auditing17 Creating an Oracle10g User (continued)

Database Security and Auditing18 Creating an Oracle10g User Using External (Operating System) Authentication Depends on an external party to authenticate the user Steps: –Verify account belongs to ORA_DBA group –Set the Windows registry string OSAUTH_PREFIX_DOMAIN to FALSE –View setting of the OS_AUTHENT_PREFIX initialization parameter –Change OS_AUTHENT_PREFIX to NULL

Database Security and Auditing19 Creating an Oracle10g User Using External (Operating System) Authentication (continued)

Database Security and Auditing20 Creating an Oracle10g User Using External (Operating System) Authentication (continued)

Database Security and Auditing21 Creating an Oracle10g User Using External (Operating System) Authentication (continued) Steps (continued): –Create an Oracle user –Provide new user with CREATE SESSION privilege Advantage: allows administrators to use one generic user to run maintenance scripts without a password

Database Security and Auditing22 Creating an Oracle User Using Global Authentication Enterprise-level authentication solution Use the CREATE USER statement DBA_USERS view: contains information about all accounts

Database Security and Auditing23 Creating an Oracle User Using Global Authentication (continued)

Database Security and Auditing24 Creating an Oracle User Using Global Authentication (continued)

Database Security and Auditing25 Creating a SQL Server User Create a login ID first; controls access to SQL Server system Associate login ID with a database user Must be member of fixed server roles (SYSADMIN or SECURITYADMIN) Two types of login IDs: –Windows Integrated (trusted) login –SQL Server login

Database Security and Auditing26 Creating Windows Integrated Logins Command line: –SP_GRANTLOGIN system stored procedure –Can be associated local, domain, group usernames Enterprise Manager: –Use the Security container –Logins -> New Login

Database Security and Auditing27 Creating Windows Integrated Logins (continued)

Database Security and Auditing28 Creating Windows Integrated Logins (continued)

Database Security and Auditing29 Creating Windows Integrated Logins (continued)

Database Security and Auditing30 Creating SQL Server Logins Command line: –SP_ADDLOGIN system stored procedure –Password is encrypted by default –Specify a default database Enterprise Manager: –Security container –Logins -> New Login –SQL Server Authentication option

Database Security and Auditing31 Creating SQL Server Logins (continued)

Database Security and Auditing32 Removing Users Simple process Make a backup first Obtain a written request (for auditing purposes)

Database Security and Auditing33 Removing an Oracle User DROP command CASCADE option: when user owns database objects Recommendations: –Backup the account for one to three months –Listing all owned objects –Lock the account or revoke the CREATE SESSION privilege

Database Security and Auditing34 SQL Server: Removing Windows Integrated Logins Command line: SP_DENYLOGIN system stored procedure Enterprise Manager: –Highlight the desired login –Choose Delete from the Action menu

Database Security and Auditing35 Modifying Users Modifications involve: –Changing passwords –Locking an account –Increasing a storage quota ALTER USER DDL statement

Database Security and Auditing36 Modifying an Oracle User ALTER USER statement Oracle Enterprise Manager: graphical tool

Database Security and Auditing37 Modifying an Oracle User (continued)

Database Security and Auditing38 SQL Server: Modifying Windows Integrated Login Attributes Command line: –SP_DEFAULTDB system stored procedure –SP_DEFAULTLANGUAGE stored procedure Enterprise Manager: –Expand the security container –Select desired login –Properties (on the Action Menu)

Database Security and Auditing39 Default Users Oracle default users: –SYS, owner of the data dictionary –SYSTEM, performs almost all database tasks –ORAPWD, creates a password file SQL Server default users: –SA, system administrator –BUILT_IN\Administrators

Database Security and Auditing40 Remote Users

Database Security and Auditing41 Database Links Connection from one database to another: allow DDL and SQL statements Types: PUBLIC and PRIVATE Authentication Methods: –CURRENT USER –FIXED USER –CONNECT USER

Database Security and Auditing42 Database Links (continued)

Database Security and Auditing43 Linked Servers Allow you to connect to almost any: –Object Linking and Embedding Database (OLEDB) –Open Database Connectivity (ODBC) OPENQUERY function Map logins in your SQL Server instance to users in the linked database Remote servers: allow communication using RPC

Database Security and Auditing44 Linked Servers (continued)

Database Security and Auditing45 Practices for Administrators and Managers Manage: –Accounts –Data files –Memory Administrative tasks: –Backup –Recovery –Performance tuning

Database Security and Auditing46 Best Practices Follow company’s policies and procedures Always document and create logs Educate users Keep abreast of database and security technology Review and modify procedures

Database Security and Auditing47 Best Practices (continued) For SQL server: –Mimic Oracle’s recommended installation for UNIX –Use local Windows or domain Windows accounts Block direct access to database tables Limit and restrict access to the server Use strong passwords Patches, patches, patches

Database Security and Auditing48 Summary Document tasks and procedures for auditing purposes Creating users: –CREATE USER statement in Oracle –Login ID in SQL Server Removing users: –SQL DROP statement –SP_DENYLOGIN Windows system stored procedure

Database Security and Auditing49 Summary (continued) Modifying user attributes: ALTER USER DDL statement Local database and users Remote users Database links Linked servers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.