Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Published byAubrey Miles Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization."— Presentation transcript:

1 Chapter 19 Security Transparencies

2 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization. Type of threats that can affect a database system. How to protect a computer system using computer-based controls. Security measures provided by Microsoft Access and Oracle DBMSs. Approaches for securing a DBMS on the Web.

3 3 Database Security Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource. Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential.

4 4 Database Security M echanisms that protect the database against intentional or accidental threats. Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database.

5 5 Database Security Involves measures to avoid: –Theft and fraud –Loss of confidentiality (secrecy) –Loss of privacy –Loss of integrity –Loss of availability

6 6 Database Security Threat –Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization.

7 7 Summary of Threats to Computer Systems

8 8 Typical Multi-User Computer Environment

9 9 Countermeasures – Computer- Based Controls Concerned with physical controls to administrative procedures and includes: –Authorization –Views –Backup and recovery –Integrity –Encryption –RAID technology

10 10 Countermeasures – Computer- Based Controls Authorization –The granting of a right or privilege, which enables a subject to legitimately have access to a system or a system’s object. Authentication –A mechanism that determines whether a user is who he or she claims to be.

11 11 Countermeasures – Computer- Based Controls View –Dynamic result of one or more relational operations operating on the base relations to produce another relation. –A virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.

12 12 Countermeasures – Computer- Based Controls Backup –Process of periodically taking a copy of the database and log file (and possibly programs) to offline storage media. Journaling –Process of keeping and maintaining a log file (or journal) of all changes made to database to enable effective recovery in event of failure.

13 13 Countermeasures – Computer- Based Controls Integrity –Prevents data from becoming invalid, and hence giving misleading or incorrect results. Encryption –The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key.

14 14 Security in Microsoft Access DBMS Provides two methods for securing a database: –setting a password for opening a database (system security); –user-level security, which can be used to limit the parts of the database that a user can read or update (data security).

15 15 Open exclusive

16 16 Securing the DreamHome Database Using a Password

17 17 User and Group Accounts Dialog Box for the DreamHome Database

18 18 User and Group Permissions Dialog Box

19 19 DBMSs and Web Security Internet communication relies on TCP/IP as the underlying protocol. However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it.

20 20 DBMSs and Web Security Must ensure while transmitting information over the Internet that: –inaccessible to anyone but sender and receiver (privacy); –not changed during transmission (integrity); –receiver can be sure it came from sender (authenticity); –sender can be sure receiver is genuine (non- fabrication); –sender cannot deny he or she sent it (non-repudiation). Must also protect information once it has reached Web server.

21 21 DBMSs and Web Security Download may have executable content, which can perform following malicious actions: –Corrupt data or execution state of programs. –Reformat complete disks. –Perform a total system shutdown. –Collect and download confidential data. –Usurp identity and impersonate user. –Lock up resources. –Cause non-fatal but unwelcome effects.

Download ppt "Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:

Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 19 Security.

Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:

Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:
DATABASE ADMINISTRATION AND SECURITY

DATABASE ADMINISTRATION AND SECURITY

Similar presentations

Ads by Google