Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAN A DATABASE REALLY BE SECURE?

Published byTrevor Roberts Modified over 6 years ago

Similar presentations

Presentation on theme: "CAN A DATABASE REALLY BE SECURE?"— Presentation transcript:

1 CAN A DATABASE REALLY BE SECURE?
PRESENTED BY AUDREY WILLIAMS

2 DATABASE SECURITY What’s the purpose of a Database Security System?
To protect the stored data that is being collected to use in meaningful ways such as documents, charts, reports. Also, to secure the data from intruders Spafford implies, “the only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.”

3 DATABASE SECURITY In response to Mr. Spafford’s statement –
Why should an organization bother to implement a database security system? To protect the company’s clientele from predators that will sell the data to the highest bidder. Database intrusions and thefts will destroy or reduce the company’s credibility & profits.

4 OVERVIEW What’s the purpose of a database security system?
Why should an organization bother to implement a database security system? What kinds of database security features can protect the DBMS? What are the responsibilities of the database administrator?

5 Levels of data security
Human level: Corrupt/careless User Network/User Interface Database application program Database system Operating System Physical level

6 DATABASE SECURITY [Figure ] demonstrates that the path of a source message comes from the client and is sent to the LAN/WAN router. Next, the source message is passed to the server. The requested data is passed to the internet, internet router, and firewall to the DBMS to retrieve requested information. After the destination server receives the message, the DBMS sends the message back to the client as it was forwarded in the same order. So, the entry point for Hackers to breach the system is the internet, internet router, and firewall connection which places the DBMS in jeopardy of data intrusion.

7 Network Level Network level: must use encryption to prevent
Eavesdropping: unauthorized reading of messages Masquerading: pretending to be an authorized user or legitimate site, or sending messages supposedly from authorized users All information must be encrypted to prevent eavesdropping Public/private key encryption widely used Handled by secure http Must prevent person-in-the-middle attacks E.g. someone impersonates seller or bank/credit card company and fools buyer into revealing information

8 Database Application program
Authentication and authorization mechanisms to allow specific users access only to required data 1-Authentication: who are you? Prove it! 2-Authorization: what you are allowed to do 3-Application authenticates/authorizes users 4-Application itself authenticates itself to database 5-Database password

9 Contt… Central authentication systems allow users to be authenticated centrally LDAP or MS Active Directory often used for central authentication and user management in organizations Single sign-on: authenticate once, and access multiple applications without fresh authentication Password only given to central site, not to applications LDAP from Book

10 DATABASE Security for System
What kinds of database security features can protect the DBMS? Digital Certificate is a unique identifier given to an entity to provide authentication of a computer, document, or webpage. Then, a third party such as Equifax certifies that the document is legal or illegal. Encryptions alter the data so unauthorized users cannot view data information. Firewalls protect a network from unauthorized access from the internet. Proxy Servers shield the requests between the client computers inside a private network and the internet. Security Socket Layer connects and transmits encrypted data. S-HTTP (secure hypertext transport protocol) transmits web pages securely. So, by configuring these features with internet and network components, it is possible to provide privacy and security to reduce database security intrusions.

11 Book Topics More from book SSL Firewalls

12 Operating system security
Installing applications Antivirus Personal firewall Secure shell PGP Putting the workstation on the network Physical security (Architecture) (From Book)

13 Physical level security
Traditional lock-and-key security Protection from floods, fire, etc. E.g. WTC (9/11), fires in IITM, WWW conf website, etc. Protection from administrator error E.g. delete critical files Solution Remote backup for disaster recovery Plus archival backup (e.g. DVDs/tapes) Operating system level Protection from virus/worm attacks critical

14 RESPONSIBLITIES OF THE DATABASE ADMINISTRATOR
To assign unique password & user identification for users to have permission to access, read and or manipulate specific information at a given time. Enable various data layers that secure the access control, auditing and authentication, encryption, and integrity controls. Perform a “vulnerability scan” on a routine basis to locate configuration problems in the data layers of the DBMS software. Evaluate and perform a “vulnerability assessment” against the database. This assessment makes an effort to locate the cracks in the database security.

15 RESPONSIBLITIES OF THE DATABASE ADMINISTRATOR
To continually monitor the database security standards to make sure that the company’s DBMS is in compliance with the database security standards. Two features of the database security compliance must be utilized. Patch Management Method that locates problems in the software, fixes and updates the cracks in the database security. Management & Review of Public & Granted Data Access relates to locating data objects in the database, such as the table that holds data and evaluates who is entitled to manipulate or view the data objects.

16 RESPONSIBLITIES OF THE DATABASE ADMINISTRATOR
Always keep in mind that whenever a system has internet and network connections attached to a DBMS, security breaches will occur. Perform routine backup recovery procedures incase of electrical outage and intruder attacks that can damage the DBMS.

17 THE CLASSIC DATABASE INTRUDERS
The Shifty Employees & Malicious Hackers

Download ppt "CAN A DATABASE REALLY BE SECURE?"

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CAN A DATABASE REALLY BE SECURE? PRESENTED BY AUDREY WILLIAMS.

CAN A DATABASE REALLY BE SECURE? PRESENTED BY AUDREY WILLIAMS.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Similar presentations

Ads by Google