Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches:

Published byNigel Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches:"— Presentation transcript:

1 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches: Application ID passed to Database Server from secured middle-tier 1

2 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches: Application ID passed to Database Server from user’s workstation 2

3 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches: Direct Database Connection User’s individual ID passed to Database Server by Application Server/Citrix Server 3

4 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches: Direct Database Connection User’s individual ID passed to Database Server from their Workstation 4

5 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Hidden Secret: Application design issues which cause database management issues Conditions – Most developers have knowledge of the Application ID/password ID & passwords are coded in clear text within program or ini file Can use ID & Password to connect to database and directly update tables – Access is below OS level security (Distributed Environment only) – Users are assigned application level logon which is also a database ID which has insert/update access to database tables to allow application to function as required Can choose not to logon through application and instead connect directly to database to alter tables 5

6 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Hidden Secret: Application design issues which cause database management issues Controls used to mitigate risk – Application ID Security Design Encrypt password IPsec rules on router/firewalls to only allow App server to connect to database server Remove all apps from workstations and connect from secured middle-tier 6

7 ©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Hidden Secret: Application design issues which cause database management issues Controls used to mitigate risk – Application ID Security Design Detective review processes which identify when ID is initiated from workstation instead of “controlled” middle-tiers (i.e., Web Server, Application Server, Citrix or Terminal Server) - 3-tier application design only – Need to identify IP Address/Machine Name Control breaks down if shared workstation Ability to spoof IP/Machine Name in connection stream (SQL Server – when SQL trace used) Database security which only permits users to utilize the access through pre-defined access paths – Oracle & SQL Server Application Roles User loses access entitlements when not going through the application Requires coding within application 7

Download ppt "©Copyright Audit Serve, Inc. 2008 - 2013 All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches:"

Similar presentations

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,

Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright ®xSpring Pte Ltd, All rights reserved Versions AuthorDateDescription 1.0NBL2012/05First version. Modified from Enterprise edition.

Copyright ®xSpring Pte Ltd, All rights reserved Versions AuthorDateDescription 1.0NBL2012/05First version. Modified from Enterprise edition.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.

MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security.

Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security.
Best Practices for Securing Oracle EBS R12

Best Practices for Securing Oracle EBS R12
Database Application Security Models

Database Application Security Models
Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.

Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Week 2 File Systems & Unix Commands. File System Hierarchy.

Week 2 File Systems & Unix Commands. File System Hierarchy.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Similar presentations

Ads by Google