Database Security Issues Reading: CB, Ch 20. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The value of maintaining.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

Cryptography and Network Security

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Database Administration and Security Transparencies 1.

Digital Signatures. Anononymity and the Internet.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Chapter 8 Web Security.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Chapter 19 Security.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Public Key Encryption.

Security is often cited as a major barrier to electronic commerce. Prospective buyers are leery of sending credit card information over the web. Prospective.

CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.

Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Jump to first page Internet Security in Perspective Yong Cao December 2000.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.

Chapter 40 Internet Security.

Security Outline Encryption Algorithms Authentication Protocols

Message Digest Cryptographic checksum One-way function Relevance

برنامج أمن أنظمة الحاسب

Advanced Computer Networks

Presentation transcript:

Database Security Issues Reading: CB, Ch 20

Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The value of maintaining a secure & reliable database Some of the sources of risk (i.e. threats) to a database system Some of the measures used to improve DBMS security The special threats and counter- measures wrt web-based DBMSs

Dept. of Computing Science, University of Aberdeen3 Data - Information - Is Valuable Many enterprises depend on secure & reliable DBMSs: –Banks, the stock exchange, airlines, hospitals,... DBMS systems may be at risk from situations such as: –Theft, fraud –Loss of confidentiality (business secrets) – loss of competitiveness –Loss of privacy (personal information) – legal implications –Loss of integrity – corrupted data –Loss of availability Insecure DBMS worse than having no DBMS at all –Low staff confidence –Low customer confidence

Dept. of Computing Science, University of Aberdeen4 Potential Sources of Risk - Threats Examples of hardware & software threats are: –Hardware - breakdown, theft, fire, flood, power loss... –Software - bugs, unexpected features (includes OS) –Communications - wiretapping, packet sniffers, packet loss Probably the greatest threats are from people: –Programmers - insecure code –DBAs - trapdoors, fake accounts –Users - mistakes, hacking, blackmail Which group do you think poses the greatest threat? Impact of an event is important but not the events occurrence probability –Rare events may pose more risk!!!

Dept. of Computing Science, University of Aberdeen5 Common Security Measures Authorization - privileges, views Authentication - passwords Verification - digital signatures/certificates Encryption - public key / private key, secure sockets Integrity – IEF (Integrity Enhancement Features), transactions Backups - offsite backups, journaling, log files RAID (Redundant Array of Independent Discs) discs - data duplication, hot swap discs Physical - data centres, alarms, guards, UPS Logical - firewalls, net proxies Note: The security of a component is as good as the security of the weakest link in the whole system

Dept. of Computing Science, University of Aberdeen6 Encryption - Symmetric Keys DES - Data Encryption Standard; 56-bit keys, fast but breakable Symmetric Key: use same key to encrypt and decrypt... This is OK if A and B are physically nearby But on the internet, there's a serious problem!! Key Plain Text Cypher Text Encryption Algorithm A B Cypher Text Key ???

Dept. of Computing Science, University of Aberdeen7 Encryption - Private Key / Public Key Asymetric encryption –Public key encodes a message... –Private key decodes it... Above, A (sender) first asks B (receiver) for public key... Then, A can encrypt message with B's public key Rivest, Shamir, Adelman (RSA): slow but unbreakable RSA - Uses massive prime numbers (128-bit keys) PGP – Pretty Good Privacy combines DES + RSA A B Cypher Text Bs Public Key Bs Private Key As Public Key Bs Public Key

Dept. of Computing Science, University of Aberdeen8 Digital Signatures Digital signatures (RSA in reverse): –Establishes authenticity of a document "Hi, this message is in clear text but if anyone changes even a single byte, you will be able to tell that the message is not the original from the digital signature below, signed with my private key. Yours, D. BEGIN SIGNATURE P4`341uy2rl34iut1lf,jbf,KPP98$\%\#!\$"BV!"X# END SIGNATURE Problem: How can we verify authenticity of sender ??

Dept. of Computing Science, University of Aberdeen9 Digital Certificates Digital Certificates use a trusted third party called a Certificating Authority (CA). If A & B both trust CA, then A & B can trust each other Often used to set up secure connections: HTTPS, SSL Once certificates exchanged, can then use RSA etc. Certificating Authority AB Trust CertA CertB CertA CertB PubAPubB

Dept. of Computing Science, University of Aberdeen10 Firewalls Firewalls block unauthorised external network access Firewalls may limit access to the internet for internal machines Internal Client Internal Client DBMS Server Firewall Internal Network The Internet ??

Dept. of Computing Science, University of Aberdeen11 Example Firewall Architecture Bastion Hosts run web services etc. (liable to attack) Routers connect networks... Internal router is main firewall RouterWWWMailProxy Router Internal Network The Internet Perimeter Network Bastions

Dept. of Computing Science, University of Aberdeen12 Firewall Techniques Use a proxy server to hide internal network addresses: General guidelines: –Disable all user accounts on all Bastion machines –Preferably, run only one type of service on each Bastion machine Software firewalls: –Can have all-software firewalls (packet filters) –Until MS-Blast virus, Microsoft shipped Windows-XP with firewall off by default!! Proxy SE.CR.ET.!!

Dept. of Computing Science, University of Aberdeen13 Summary The best security comes from using multiple techniques: –People - authorisation/authentication..need-to-know. –Physical - protect the hardware, RAID discs, backups –Network - use firewalls, encryption –Software – good programming practice main CS responsibility For any given system: –Consider the different sources of risk (threats)... –Balance the cost of implementing security measures vs cost of any loss!!