Database security assignment rehema richard, Lecture notes of Database Management Systems (DBMS)

Assignment on advanced database Security

Typology: Lecture notes

2015/2016

Uploaded on 11/10/2016

neoka1983
neoka1983 🇹🇿

4.5

(4)

9 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
INSTITUTE OF ACCOUNTANCY ARUSHA
DEPARTMENT OF INFORMATICS
INDIVIDUAL ASSIGNMENT
PROGRAMME NAME: MASTER IN INFORMATION SECURITY
MODULE NAME: DATABADE SECIRITY
MODULE CODE: ITM09330
STUDENT NAME: RICHARD, Rehema
REG NO: MIS / 0003 / T.2013
MODULE FACILITATOR: DR K.J.KALEGELE
DUE DATE : 4THDECEMBER 25
1
1
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Database security assignment rehema richard and more Lecture notes Database Management Systems (DBMS) in PDF only on Docsity!

INSTITUTE OF ACCOUNTANCY ARUSHA

DEPARTMENT OF INFORMATICS

INDIVIDUAL ASSIGNMENT

PROGRAMME NAME: MASTER IN INFORMATION SECURITY

MODULE NAME: DATABADE SECIRITY

MODULE CODE: ITM

STUDENT NAME: RICHARD, Rehema

REG NO: MIS / 0003 / T.

MODULE FACILITATOR: DR K.J.KALEGELE

DUE DATE : 4 THDECEMBER^25

ASSIGNMENT N0 1:

Malware

This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. There are various types of malware including spyware, keyloggers, true viruses, worms, or any type of malicious code that infiltrates a computer. Generally, software is considered malware based on the intent of the creator rather than its actual features. Malware creation is on the rise due to the sheer volume of new types created daily and the lure of money that can be made through organized internet crime. Malware was originally created as experiments and pranks, but eventually led to vandalism and destruction of targeted machines.

Computer Viruses

Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your e- mail program to spread itself to other computers, or even erase everything on your hard disk.

Computer viruses are often spread by attachments in e-mail messages or instant messaging messages. That is why it is essential that you never open e-mail attachments unless you know who it's from and you are expecting it.

Types of computer viruses and what they do:

Resident Viruses

This type of virus is a permanent which resides in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed. Examples include: Randex, CMJ, Meve, and MrKlunky.

Multipartite Viruses

Multipartite viruses are distributed through infected media and usually hide in the memory. Gradually, the virus moves to the boot sector of the hard drive and infects executable files on the hard drive and later across the computer system.

Direct Action Viruses

The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Worms A worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers. Worms are often confused with computer viruses; the difference lies in how they spread. Computer worms self-replicate and spread across networks, exploiting vulnerabilities, automatically; that is, they don’t need a cybercriminal’s guidance, nor do they need to latch onto another computer program. As such, computer worms pose a significant threat due to the sheer potential of damage they might cause. A particularly notorious incident occurred in 1988. A computer worm since named the Morris worm caused hundreds of thousands, if not millions, of dollars in damage, and its creator was convicted under the Computer Fraud and Abuse Act. Types of Computer Worms Email worms

These worms are infected to a computer through email messages. It gets to them via an HTML link or attachments that navigate readers to a site that is infected. Opening of either of these leads the worm to be downloaded and it infects the computer. These worms are known to spread via emails received in applications like Windows MAPI Functions and MS Outlook Services. Worms have the ability of taking and using email addresses from program foundations such as MS Outlook address book.

Instant message worms This type of computer worms appears in instantaneous messaging applications and sends links of infected sites to your contacts. These worms function like email worms but they use the contact list of the messenger to spread infected links instead of an email address book. Internet worms.

These worms scan network resources with the use of a local running system service to find machines that are vulnerable then try connecting and gaining complete access to those machines. Besides, they scan for systems with usable exploits, a number of which allow the worm to send info packets or request to install itself.

File-sharing network worms. The kinds of computer worms that copy themselves into shared folders and appear as a safe name. Once the file starts spreading in file-sharing network, the worm also spreads, which will continue infecting other systems in a similar fashion. IRC worms. Internet Relay Chat, or IRC, targets chat channels by sending links of infected webpages or infected files to consumers. This worm is usually less effective compared to the other types because IRC recipients have to confirm file request, save and open it before the worms infect their

Trojan

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber- thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

Types of Trojan Horse

Exploit

Exploit Trojans are applications that seek security vulnerabilities of software and operating systems already installed on a computer for malicious intent.

Backdoor

These are created to give an unauthorized user remote control of a computer. Once installed on a machine, the remote user can then do anything they wish with the infected computer. This often results in uniting multiple backdoor Trojan-infected computers working together for criminal activity.

Rootkit

Programmed to conceal files and computer activities, rootkits are often created to hide further malware from being discovered. Normally, this is so malicious programs can run for an extended period of time on the infected computer.

doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.

ASSIGNMENT No.

Part 1

Describe the Kerberos Protocol

Is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography.

The Internet is an insecure place.

Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

Kerberos was created by Massachusetts Institute of Technology (MIT) as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise.

Technologies Related to Kerberos Authentication

The following diagram shows how Kerberos authentication fits with other technologies in Windows Server 2003. Depending on whether the client or server applications are user-mode or kernel-mode applications, they use either Secur32.dll or Ksecdd.sys, respectively, by means of SSPI calls to communicate with the Local Security Authority Subsystem (LSASS).

Figure :Kerberos Architecture

The following table is a description of the components that participate in Kerberos Authentication. Security Subsystem Components Used in Digest Authentication

Component Description

Kerberos.dll The SSP that implements an industry-standard protocol that is used with either a password or a smart card for interactive logon. It is also the preferred authentication method for services in Windows 2000 and Windows Server 2003. Kdcsvc.dll The Kerberos Key Distribution Center (KDC) service, which is responsible for providing ticket- granting tickets to clients.

Ksecdd.sys The Kernel Security Device Driver is used to communicate with LSASS in user mode.

Lsasrv.dll The LSA Server service, which both enforces security policies and acts as the security package manager for the LSA. Secur32.dll The Secur32.dll component is the multiple authentication providers that implements SSPI for user mode applications.

Part 2

Assessment Paper

NETWORK SECURITY ASSESSMENTS

SUMMARY

Database Assessment is the analysis of database configuration, patch status, and security settings; it is performed by examining the database system both internally and externally in relation to known threats, industry best practices, and IT operations guidelines.

My assessment strategy rests on basic requirements for database and network security at Tanzania Public Service College (TPSC) in all Six (6) Campuses. There are certain characteristics that the network should possess:

Security Policy Networks should have an associated defined security policy that specifies information security requirements (e.g., confidentiality, integrity, availability, auditing, access control, etc.) as well as what users may and may not do on the network (e.g., what constitutes unauthorized and illegal activities).

Network Management Networks should be able to control access to and detect modifications of critical components. Networks must maintain control over their configuration (e.g., hardware, software, security, etc.) and connectivity.

Identification and Authentication

  • Human Resource managers
  • Personal Secretaries.

Table :Identified Assets to be protected

Database Server Review of database server configuration and operation system parameters

Network Review of Network Configuration and Topology

Storage Review of Disk Storage Configuration Parameters

Workload Review of Database Workload in Peak / Non-Peak Times Automated Jobs Review of Automated Jobs –Statistics Gathering, SQL Tuning Advisor, SQL Access Advisor Backups Review of Backup Schedules and Backup Types

Threats that I must protect my Organization Database from:

  • Excessive privileges When users (or applications) are granted database privileges that exceed the requirements of their job function, these privileges may be used to gain access to confidential information. For example, a university administrator whose job requires read-only access to student records may take advantage of excessive update privileges to change grades.
  • Privilege abuse Users may abuse legitimate data access privileges for unauthorized purposes. For example, a user with privileges to view individual student records via a Student Management Information System client may abuse that privilege to retrieve all students records via a MS-Excel client
  • Platform vulnerabilities Vulnerabilities in underlying operating systems may lead to unauthorized data access and corruption. For example, the Blaster worm took advantage of a Windows 2000 vulnerability to take down target servers.
  • SQL injection This type of attacks involve a user who takes advantage of vulnerabilities in front-end web applications and stored procedures to send unauthorized database queries, often with elevated privileges. Using SQL injection, attackers could even gain unrestricted access to an entire database
  • Denial of service Denial of service (DoS) may be invoked through many techniques. Common DoS techniques include buffer overflows, data corruption, network flooding and resource consumption. The latter is unique to the database environment and frequently overlooked.
  • Weak authentication

Weak authentication schemes allow attackers to assume the identity of legitimate database users. Specific attack strategies include brute force attacks, social engineering, and so on

  • Exposure of backup data Some recent high profile attacks have involved theft of database backup tapes and hard disks.All backups should be encrypted. In fact, some vendors have suggested that future DBMS products may not support the creation of unencrypted backups. Encryption of online production database information is a poor substitute for granular privilege controls.

Table :Risk value Assigned to each Threat

Threat Risk Value Cost of Threat to the Company Excessive privileges (^) 5 High cost

Privilege abuse (^) 4 Medium cost

Unauthorized privilege elevation (^) 2 Low cost

Platform vulnerabilities (^) 3 Low cost

SQL injection (^) 3 Low cost

Weak audit (^) 5 High cost

Denial of service (^) 3 Low cost

Database protocol vulnerabilities (^) 4 Medium cost

Weak authentication (^) 4 Medium cost

Exposure of backup data (^) 4 Medium cost

Table :Threats Prioritization based on their Risk Value

Threat Risk value Excessive privileges (^) 5

Weak audit (^) 5

Privilege abuse (^) 4