Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATABASE SECURITY.

Published bySuparman Sudirman Modified over 7 years ago

Similar presentations

Presentation on theme: "DATABASE SECURITY."— Presentation transcript:

1 DATABASE SECURITY

2 INFORMATION / DATA is one of the most valuable assets in any organization

3 Definition the mechanism that protect the database against intentional or accidental threats

4 In actual terms database security is to prevent the confidential data which is stored in repository 

5 Organizations functioning well have asked for the confidentiality of their database. They do not allow the illegitimate user to access their data/information. And they also claim the assurance that their data is protected from any malicious

6 Various security layers in a database exist
database administrator system admin security officer, developers employee

7 security can be violated at any of these layers by an attacker

8 attacker can be classified into 3
INTRUDER INSIDER ADMINISTRATOR

9 INTRUDER an unauthorized user who inordinately accessing a computer system and tries to fetch beneficial information is called an intruder

10 INSIDER A person who is one of the representative of trusted users and misconduct of his/her authority and tries to get information beyond his own

11 ADMINISTRATOR an authorized user who has permission to administer a computer system, but uses his/her administration privileges illegally as per organization’s security policy

12 DIFFERENT TYPES OF ATTACKS

13 Direct attacks Directly hitting the target data is known as direct attack. These attacks are accessible and successful only if the database does not accommodate any protection system

14 Indirect attacks As its name implies indirect attacks are not directly executed on the target but data from or about the target can be collected through other transitional objects. For purpose to cheat the security system, some of the combinations of different queries are used

15 Passive attacks In this, attacker only inspects data present in the database and do not perform any alteration

16 Active attack actual database values are modified. can misguide a user. Splicing – in this, a cipher text value is replaced by different cipher text value

17 Interruption Interception:
penghentian sebuah proses yang sedang berjalan. Performing denial of service: menutup database dari aplikasi Web, sehingga menyangkal layanan kepada pengguna lain Interception: menyela sebuah proses yang sedang berjalan. Determining database schema : mengekstrak data dari database, untuk mengetahui informasi skema database, seperti nama tabel, nama kolom, dan tipe data kolom.

18 Modification: Fabrication:
mengubah data tanpa ijin dari pihak otoritas. Adding or modifying data : menambah atau mengubah informasi dalam database. Fabrication: perusakan secara mendasar pada sistem utama. Injection through user input:  penyerang menyuntikkan perintah SQL dengan menyediakan input pengguna yang sengaja dibuat sesuai. 

19 BUSINESS REQUIREMENT -- COMPLIANCE --
DATA INTEGRITY regulation designed to prevent fraud and ensure that data changes are appropriately managed DATA CONFIDENTIALITY regulations designed to protect personal,medical, financial data from theft and exposure

20 REGULATION NAME SECURITY REQUIRMENT Payment Card Industry Da ta Security Standard (PCIDSS) Reuires that mrerchants track and monitor all access to cardholder data. secure audit trails so they can’t be altered Remove/disable inactive user accounts at least every 90 days EU Privacy Directive Protects personal data that is processed or transferred. Government & industry regulations require organizations to protect regulated data from unauthorized access & changes

21 The required controls include…
Keeping a complete database act’ audit trail Limiting access to business need-to-know In case of a breach, notifying those individuals whose data has been breached

22 DATABASE SECURITY REQUIREMENT
ORGANIZATIONS MUST IMPLEMENT A COMPREHENSIVE DATABASE SECURITY STRATEGY

23 DISCOVER & CLASSIFICATION SENSITIVE DATA
IDENTIFYING ALL SENSITIVE DATA WILL HELP ORGNIZATIONS PRIOROTIE RISK

24 USER RIGHTS MANAGEMENT
Organizations should limit user rights to data to ‘business need-to-know’. This helps reduce and better control the risk of a data breach.

25 Database & Application Attack Prevention
To protect database data, organization should identify, and optionally block, an intelligent Web application firewall to provide the first line of defense against

26 Security Levels On Relational Databases
Relasi The user is allowed or not allowed to access directly a relation Read Authorization The user is allowed to read the data, but can not modify. Insert Authorization The user is allowed to add new data, but can not modify existing data

27 Tingkat Pengamanan Pada Database Relasional
Update Authorization The user is allowed to modify the data, but can not delete the data. Delete Authorization user allowed to delete the data.

Download ppt "DATABASE SECURITY."

Similar presentations

Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Understand Database Security Concepts

Understand Database Security Concepts
Database Management System

Database Management System
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
Information Security Policies and Standards

Information Security Policies and Standards
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Introducing Computer and Network Security

Introducing Computer and Network Security
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
General Awareness Training

General Awareness Training
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Similar presentations

Ads by Google