Database Security: Understanding the History, Importance, and Practical Measures, Slides of Applications of Computer Sciences

An in-depth analysis of database security, discussing its history, importance, and practical measures to ensure data privacy and prevent data breaches. Topics covered include database security procedures, data breaching, data privacy, practical security measures, server security, trusted ip addresses, database connection, table access control, database auditing, and possible locations for auditing.

Typology: Slides

2011/2012

Uploaded on 07/18/2012

padmavati
padmavati 🇮🇳

4.6

(24)

154 documents

1 / 45

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
7/7/2012 1
Presentation Layout
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d

Partial preview of the text

Download Database Security: Understanding the History, Importance, and Practical Measures and more Slides Applications of Computer Sciences in PDF only on Docsity!

7/7/2012 1

Presentation Layout

7/7/2012 Section 1 2

Main Idea

Database SecurityHistory of Data BreechingData PrivacyPractical Security MeasuresNative AuditingDatabase AuditingPossible Locations for Auditing

7/7/2012 4

Database Security

 Databases are always vulnerable to data stealing  In the early days of databases, it was very much difficult to make a practical access to databases.  The databases were launched on a mainframe computer (not accessible to every one).  As the databases shifted to LINUX, UNIX and windows, the problem started and gradually became an important issue regarding database security

90 % organization info[1]

7/7/2012 5

Data Breeching

 Any unauthorized access to company data comes under the paradigm of data breeching.

 In other words it is nothing more than data stealing.

7/7/2012 7

Data Privacy

 Data privacy can be taken as a law.

 Prediction of the organization operations became easy if

 Intrusions may be internal or external to the organization

DB is accessed

80% attacks are internal[4]

7/7/2012 8

Practical Security Measures

 Server Security

 Trusted IP Address

 Database Connection

 Table Access Control

7/7/2012 10

Trusted IP Address

 It should be known to DBA that who is allowed to interact with the database

 This means that only trusted IP should be allowed to access the database.  Report all unauthorized access to the DBA

Governmentsecurity,URLhttp://www.governmentsecurity.org/articles/DatabaseSecurityCommon-sensePrinciples.phpdocsity.com

7/7/2012 11

Database Connection

 Default user name and passwords are never a good strategy

 In certain cases users are allowed to perform dynamic updates to database.  In such a situation system administrator should validate these updates first before actually applying it to the database

7/7/2012 14

Database Auditing

 The need for auditing starts as application is launched in to operation

 Monitor all activities by all users

 DBA monitoring is the need of the hour  Report only suspicious activities of users

7/7/2012 15

Database Auditing

 Who accesses data?

 Which software or application?

 Which position of the network data was

accessed?

 The query that was used to access data

 Whether the query executed

successfully?

 What were the results?

Governmentsecurity,URLhttp://www.governmentsecurity.org/articles/DatabaseSecurityCommon- sensePrinciples.php 17

Possible Location for Auditing

 Auditing within

 Client  DBMS  Client and DBMS

7/7/2012 18

Locations for Auditing

1. Auditing within Client

It is inefficient in certain cases as we have to restrict our clients to a specific software program. This is not possible in most cases.

  1. Auditing within DBMS

This might cause problem with several databases to be handled at the same time. The turning on of auditing mechanism can cause performance penalty.

7/7/2012 20

Methods for Auditing

 Connection Auditing

 C2 Auditing

 SQL Trace

7/7/2012 21

Connection Auditing

 This form of auditing records that who, when

and how have tried to access database

 Performance overhead

 Not an intelligent auditing