Database security

OBJECTIVE

ü The main objective is to find ways to provide

security, safety and storage to data.
 OBJECTIVE
ü
It also includes :
üDatabase which provides integrity, sharing, availability and
retrieval of data.
ü
üDatabase security strives to ensure that only authenticated users
perform authorized activities at authorized times.
ü
Levels of Data Security

Physical level
ütraditional
. lock-and-key security
üprotection from floods, fire etc.

Protection from administrator error for example

üdelete critical files

Solution to this includes:

üremote backup for disaster recovery
üarchival backup (e.g. DVDs/tapes)
Operating system level: It includes Protection from
virus/worm attacks critically.

HUMAN LEVEL:
IT INCLUDES PROTECTION FROM HUMAN
CARELESSNESS AND CORRUPT OF DATA.
Partial solution: encrypt the database at storage
level.

Main issue: key management

E.g. user provides decryption key (password)
when database is started up
Security control
1. CONFIDENTIALITY OR SECRECY REFERS TO
THE PROTECTION OF DATA AGAINST
UNAUTHORIZED DISCLOSURE

2. INTEGRITY REFERS TO THE PREVENTION OF

UNAUTHORIZED AND IMPROPER DATA
MODIFICATION

3.AVAILABILITY REFERS TO THE PREVENTION

AND RECOVERY FROM HARDWARE AND
SOFTWARE ERRORS AS WELL AS FROM
MALICIOUS DATA ACCESS RESULTING IN THE
Access control
THE PRIMARY METHOD USED TO PROTECT
DATA IS LIMITING ACCESS TO THE DATA.
THIS CAN BE DONE THROUGH
AUTHENTICATION, AUTHORIZATION, AND
ACCESS CONTROL.
 Auditing
1. DATABASE AUDITING IS USED TO TRACK
DATABASE ACCESS AND USER ACTIVITY.
2. AUDITING CAN BE USED TO IDENTIFY
WHO ACCESSED DATABASE OBJECTS,
WHAT ACTIONS WERE PERFORMED, AND
WHAT DATA WAS CHANGED.
3. DATABASE AUDITING DOES NOT
PREVENT SECURITY BREACHES, BUT IT
DOES PROVIDE A WAY TO IDENTIFY IF
BREACHES HAVE OCCURRED
Database Firewall
A DATABASE FIREWALL IS AN APPLICATION
FIREWALL WHICH PROTECTS DATABASES FROM
APPLICATION ATTACKS

A DATABASE FIREWALL IS A COMPUTER

APPLICATION FIREWALL OPERATING AT THE
DATABASE APPLICATION LAYER OF A PROTOCOL
STACK.

ALSO KNOWN AS A PROXY-BASED FIREWALL, IT

MAY BE IMPLEMENTED AS A PIECE OF SOFTWARE
RUNNING ON A SINGLE COMPUTER, OR A STAND-
ALONE PIECE OF HARDWARE
CRYPTOGRAPHY
CRYPTOGRAPHY CAN BE DEFINED AS
TECHNIQUES USED TO SECURE DATA BY
CONVERSION OF DATA INTO A SCRAMBLED CODE
THAT CAN BE DECIPHERED AND SENT ACROSS A
PUBLIC OR PRIVATE NETWORK.

CRYPTOGRAPHY USES TWO MAIN STYLES OR

FORMS OF ENCRYPTING DATA I.E. SYMMETRICAL
AND ASYMMETRICAL.

SYMMETRIC CRYPTOGRAPHY IS SUSCEPTIBLE

TO PLAIN TEXT ATTACKS .
ASYMMETRIC CRYPTOGRAPHY USES DIFFERENT
ENCRYPTION KEYS FOR ENCRYPTION AND
Conclusion
 Database security is major issue for
any organization.
 Database requires security at different
levels
 Several technical solutions should be
implemented to provide database
security
Thank you…