SlideShare une entreprise Scribd logo

Database Security - IK

Télécharger en tant que PPTX, PDF
I
Ilgın Kavaklıoğulları

ILGIN KAVAKLIOGULLARI Computer Science And Engineering Student @ Techical University of Sofia

Ingénierie
1  sur  26
Programming Techniques for Secure Code DATABASE SECURITY ILGIN KAVAKLIOĞULLARI 273213005
 Database: It is an organized collection of data.  Security: It is the degree of resistance to, or protection from, harm.  Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
Database security concerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.
Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers. Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services.
 Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended.  Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/ equipment failures and obsolescence.  Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities, data loss/corruption, performance degradation etc.  Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, sabotage/criminal damage etc.
Many layers and types of information security control are appropriate to databases, including:  Access control  Auditing  Authentication  Encryption  Integrity controls  Backups  Application security  Database Security applying Statistical Method
Databases have been largely secured against hackers through network security measures such as firewalls, and network-based intrusion detection systems. While network security controls remain valuable in this regard, securing the database systems themselves, and the programs/functions and data within them, has arguably become more critical as networks are increasingly opened to wider access, in particular access from the Internet.
Furthermore, system, program, function and data access controls, along with the associated user identification, authentication and rights management functions, have always been important to limit and in some cases log the activities of authorized users and administrators. In other words, these are complementary approaches to database security, working from both the outside-in and the inside-out as it were.
Many organizations develop their own "baseline" security standards and designs detailing basic security control measures for their database systems. These may reflect general information security requirements or obligations imposed by corporate information security policies and applicable laws and regulations, along with generally accepted good database security practices and perhaps security recommendations from the relevant database system and software vendors.
The security designs for specific database systems typically specify further security administration and management functions along with various business- driven information security controls within the database programs and functions. Furthermore, various security-related activities are normally incorporated into the procedures, guidelines etc. relating to the design, development, configuration, use, management and maintenance of databases.
Two types of privileges are important relating to database security within the database environment: system privileges and object privileges.  System Privileges System privileges allow a user to perform administrative actions in a database. These include privileges (as found in SQL Server) such as: create database, create procedure, create view, backup database, create table, create trigger, and execute.  Object Privileges Object privileges allow for the use of certain operations on database objects as authorized by another user. Examples include: usage, select, insert, update, and references.
One technique for evaluating database security involves performing vulnerability assessments or penetration tests against the database. Testers attempt to find security vulnerabilities that could be used to defeat or bypass security controls, break into the database, compromise the system etc. Database administrators or information security administrators may for example use automated vulnerability scans to search out misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software. The results of such scans are used to harden the database and close off the specific vulnerabilities identified, but other vulnerabilities often remain unrecognized and unaddressed.
In database environments where security is critical, continual monitoring for compliance with standards improves security. Security compliance requires, amongst other procedures, patch management and the review and management of permissions granted to objects within the database. Database objects may include table or other objects listed in the Table link. The permissions granted for SQL language commands on objects are considered in this process.
Compliance monitoring is similar to vulnerability assessment, except that the results of vulnerability assessments generally drive the security standards that lead to the continuous monitoring program. Essentially, vulnerability assessment is a preliminary procedure to determine risk where a compliance program is the process of on-going risk assessment. The compliance program should take into consideration any dependencies at the application software level as changes at the database level may have effects on the application software or the application server.
Application level authentication and authorization mechanisms may be effective means of providing abstraction from the database layer. The primary benefit of abstraction is that of a single sign-on capability across multiple databases and platforms. A single sign-on system stores the database user's credentials and authenticates to the database on behalf of the user.
Another security layer of a more sophisticated nature includes real-time database activity monitoring, either by analyzing protocol traffic (SQL) over the network, or by observing local database activity on each server using software agents, or both. Use of agents or native logging is required to capture activities executed on the database server, which typically include the activities of the database administrator. Agents allow this information to be captured in a fashion that can not be disabled by the database administrator, who has the ability to disable or modify native audit logs.
Analysis can be performed to identify known exploits or policy breaches, or baselines can be captured over time to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion. These systems can provide a comprehensive database audit trail in addition to the intrusion detection mechanisms, and some systems can also provide protection by terminating user sessions and/or quarantining users demonstrating suspicious behavior.
Some systems are designed to support separation of duties (SOD), which is a typical requirement of auditors. SOD requires that the database administrators who are typically monitored as part of the DAM, not be able to disable or alter the DAM functionality. This requires the DAM audit trail to be securely stored in a separate system not administered by the database administration group.
A good database security program includes the regular review of privileges granted to user accounts and accounts used by automated processes. For individual accounts a two-factor authentication system improves security but adds complexity and cost. Accounts used by automated processes require appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise.
In conjunction with a sound database security program, an appropriate disaster recovery program can ensure that service is not interrupted during a security incident, or any incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions. After an incident occurs, database forensics can be employed to determine the scope of the breach, and to identify appropriate changes to systems and processes.
The greatest threat to database security are non- tracked unauthorized changes by internal and external users. Algorithms based on cryptology and other statistical methods are deployed to both identify these events and report threats to administrators. Such shield DB approach maps large dataset into its small digital fingerprint which, is continuously updated with every change in main database by registered applications. Desired fingerprints are then matched with actual at preset intervals for identifying the changed locations in the main database, date and time of unauthorized changes, even made through privileged authority.
Database Security - IK

Recommandé

Database security
Database securityDatabase security
Database securityMehrdad Jingoism
 
A Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseA Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseShivnandan Singh
 
A1802030104
A1802030104A1802030104
A1802030104IOSR Journals
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsjayussuryawan
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and securityNeeharika Nidadavolu
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Dynamic Access Control for RBAC-administered web-based Databases
Dynamic Access Control for RBAC-administered web-based DatabasesDynamic Access Control for RBAC-administered web-based Databases
Dynamic Access Control for RBAC-administered web-based DatabasesThitichai Sripan
 

Recommandé

Database security
Database securityDatabase security
Database securityMehrdad Jingoism
 
A Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseA Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseShivnandan Singh
 
A1802030104
A1802030104A1802030104
A1802030104IOSR Journals
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsjayussuryawan
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and securityNeeharika Nidadavolu
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Dynamic Access Control for RBAC-administered web-based Databases
Dynamic Access Control for RBAC-administered web-based DatabasesDynamic Access Control for RBAC-administered web-based Databases
Dynamic Access Control for RBAC-administered web-based DatabasesThitichai Sripan
 
Poster
PosterPoster
PosterRehab Abdallah
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksjayussuryawan
 
Chapter006
Chapter006Chapter006
Chapter006Jeanie Delos Arcos
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015AFCEA International
 
IRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET- Analysis of using Software Defined and Service Coherence ApproachIRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET- Analysis of using Software Defined and Service Coherence ApproachIRJET Journal
 
Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder Resume Myrtle Beach address 1-24-17Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder Resume Myrtle Beach address 1-24-17Carl Binder
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
55994241 cissp-cram
55994241 cissp-cram55994241 cissp-cram
55994241 cissp-crambsnl007
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemMuhammad Azmy
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Studyjoepanora
 
Lecture week8
Lecture week8Lecture week8
Lecture week8ismaelhaider
 
13 essential log_col_infog
13 essential log_col_infog13 essential log_col_infog
13 essential log_col_infoghuynhvanphuc
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and securityMohd Arif
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodInternational Journal of Engineering Inventions www.ijeijournal.com
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxpriestmanmable
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 

Contenu connexe

Tendances

Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksjayussuryawan
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015AFCEA International
 
IRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET- Analysis of using Software Defined and Service Coherence ApproachIRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET- Analysis of using Software Defined and Service Coherence ApproachIRJET Journal
 
Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder Resume Myrtle Beach address 1-24-17Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder Resume Myrtle Beach address 1-24-17Carl Binder
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
55994241 cissp-cram
55994241 cissp-cram55994241 cissp-cram
55994241 cissp-crambsnl007
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemMuhammad Azmy
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Studyjoepanora
 
13 essential log_col_infog
13 essential log_col_infog13 essential log_col_infog
13 essential log_col_infoghuynhvanphuc
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and securityMohd Arif
 

Tendances (17)

Poster
PosterPoster
Poster
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
Chapter006
Chapter006Chapter006
Chapter006
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015
 
IRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET- Analysis of using Software Defined and Service Coherence ApproachIRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET- Analysis of using Software Defined and Service Coherence Approach
 
Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder Resume Myrtle Beach address 1-24-17Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder Resume Myrtle Beach address 1-24-17
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
 
55994241 cissp-cram
55994241 cissp-cram55994241 cissp-cram
55994241 cissp-cram
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
 
Database security
Database securityDatabase security
Database security
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Study
 
Lecture week8
Lecture week8Lecture week8
Lecture week8
 
13 essential log_col_infog
13 essential log_col_infog13 essential log_col_infog
13 essential log_col_infog
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
 

Similaire à Database Security - IK

Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxpriestmanmable
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 
Top ten database_threats
Top ten database_threatsTop ten database_threats
Top ten database_threatsFITSFSd
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxyasirkhokhar7
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...Anar Godjaev
 
Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...
Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...
Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...Snarky Security
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Modeltom termini
 
A03302001006
A03302001006A03302001006
A03302001006theijes
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseDavid Murphy
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 

Similaire à Database Security - IK (20)

Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docx
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
Top ten database_threats
Top ten database_threatsTop ten database_threats
Top ten database_threats
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
 
Database security
Database securityDatabase security
Database security
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Database security
Database securityDatabase security
Database security
 
Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...
Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...
Patent. US20220232015A1:PREVENTING CLOUD-BASED PHISHING ATTACKS USING SHARED ...
 
Chap05
Chap05Chap05
Chap05
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
 
A03302001006
A03302001006A03302001006
A03302001006
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
Ch10 Conducting Audits
Ch10 Conducting AuditsCh10 Conducting Audits
Ch10 Conducting Audits
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational Database
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 

Plus de Ilgın Kavaklıoğulları

Computational Genomics - Bioinformatics - IK
Computational Genomics - Bioinformatics - IKComputational Genomics - Bioinformatics - IK
Computational Genomics - Bioinformatics - IKIlgın Kavaklıoğulları
 
Travelling Salesman Problem using Partical Swarm Optimization
Travelling Salesman Problem using Partical Swarm OptimizationTravelling Salesman Problem using Partical Swarm Optimization
Travelling Salesman Problem using Partical Swarm OptimizationIlgın Kavaklıoğulları
 

Plus de Ilgın Kavaklıoğulları (11)

Multi-Core on Chip Architecture *doc - IK
Multi-Core on Chip Architecture *doc - IKMulti-Core on Chip Architecture *doc - IK
Multi-Core on Chip Architecture *doc - IK
 
Unified Parallel C - IK
Unified Parallel C - IKUnified Parallel C - IK
Unified Parallel C - IK
 
Computational Genomics - Bioinformatics - IK
Computational Genomics - Bioinformatics - IKComputational Genomics - Bioinformatics - IK
Computational Genomics - Bioinformatics - IK
 
Normal Mapping / Computer Graphics - IK
Normal Mapping / Computer Graphics - IKNormal Mapping / Computer Graphics - IK
Normal Mapping / Computer Graphics - IK
 
Agent-Based Technologies (Mobile-C) - IK
Agent-Based Technologies (Mobile-C) - IKAgent-Based Technologies (Mobile-C) - IK
Agent-Based Technologies (Mobile-C) - IK
 
Internet of Things (IoT) - IK
Internet of Things (IoT) - IKInternet of Things (IoT) - IK
Internet of Things (IoT) - IK
 
Travelling Salesman Problem using Partical Swarm Optimization
Travelling Salesman Problem using Partical Swarm OptimizationTravelling Salesman Problem using Partical Swarm Optimization
Travelling Salesman Problem using Partical Swarm Optimization
 
Socket Programming w/ C# - IK
Socket Programming w/ C# - IKSocket Programming w/ C# - IK
Socket Programming w/ C# - IK
 
Robotics - IK
Robotics - IKRobotics - IK
Robotics - IK
 
Expert Systems - IK
Expert Systems - IKExpert Systems - IK
Expert Systems - IK
 
Business Intelligent Systems - IK
Business Intelligent Systems - IKBusiness Intelligent Systems - IK
Business Intelligent Systems - IK
 

Dernier

Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Servicemeghakumariji156
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesRAJNEESHKUMAR341697
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxchumtiyababu
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Call Girls Mumbai
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesMayuraD1
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiessarkmank1
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdfKamal Acharya
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilVinayVitekari
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEselvakumar948
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath
 

Dernier (20)

Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech Civil
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 

Database Security - IK

  • 1. Programming Techniques for Secure Code DATABASE SECURITY ILGIN KAVAKLIOĞULLARI 273213005
  • 2.  Database: It is an organized collection of data.  Security: It is the degree of resistance to, or protection from, harm.  Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
  • 3.
  • 4. Database security concerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.
  • 5. Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers. Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services.
  • 6.  Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended.  Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/ equipment failures and obsolescence.  Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities, data loss/corruption, performance degradation etc.  Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, sabotage/criminal damage etc.
  • 7. Many layers and types of information security control are appropriate to databases, including:  Access control  Auditing  Authentication  Encryption  Integrity controls  Backups  Application security  Database Security applying Statistical Method
  • 8. Databases have been largely secured against hackers through network security measures such as firewalls, and network-based intrusion detection systems. While network security controls remain valuable in this regard, securing the database systems themselves, and the programs/functions and data within them, has arguably become more critical as networks are increasingly opened to wider access, in particular access from the Internet.
  • 9. Furthermore, system, program, function and data access controls, along with the associated user identification, authentication and rights management functions, have always been important to limit and in some cases log the activities of authorized users and administrators. In other words, these are complementary approaches to database security, working from both the outside-in and the inside-out as it were.
  • 10. Many organizations develop their own "baseline" security standards and designs detailing basic security control measures for their database systems. These may reflect general information security requirements or obligations imposed by corporate information security policies and applicable laws and regulations, along with generally accepted good database security practices and perhaps security recommendations from the relevant database system and software vendors.
  • 11. The security designs for specific database systems typically specify further security administration and management functions along with various business- driven information security controls within the database programs and functions. Furthermore, various security-related activities are normally incorporated into the procedures, guidelines etc. relating to the design, development, configuration, use, management and maintenance of databases.
  • 12.
  • 13. Two types of privileges are important relating to database security within the database environment: system privileges and object privileges.  System Privileges System privileges allow a user to perform administrative actions in a database. These include privileges (as found in SQL Server) such as: create database, create procedure, create view, backup database, create table, create trigger, and execute.  Object Privileges Object privileges allow for the use of certain operations on database objects as authorized by another user. Examples include: usage, select, insert, update, and references.
  • 14. One technique for evaluating database security involves performing vulnerability assessments or penetration tests against the database. Testers attempt to find security vulnerabilities that could be used to defeat or bypass security controls, break into the database, compromise the system etc. Database administrators or information security administrators may for example use automated vulnerability scans to search out misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software. The results of such scans are used to harden the database and close off the specific vulnerabilities identified, but other vulnerabilities often remain unrecognized and unaddressed.
  • 15. In database environments where security is critical, continual monitoring for compliance with standards improves security. Security compliance requires, amongst other procedures, patch management and the review and management of permissions granted to objects within the database. Database objects may include table or other objects listed in the Table link. The permissions granted for SQL language commands on objects are considered in this process.
  • 16. Compliance monitoring is similar to vulnerability assessment, except that the results of vulnerability assessments generally drive the security standards that lead to the continuous monitoring program. Essentially, vulnerability assessment is a preliminary procedure to determine risk where a compliance program is the process of on-going risk assessment. The compliance program should take into consideration any dependencies at the application software level as changes at the database level may have effects on the application software or the application server.
  • 17.
  • 18. Application level authentication and authorization mechanisms may be effective means of providing abstraction from the database layer. The primary benefit of abstraction is that of a single sign-on capability across multiple databases and platforms. A single sign-on system stores the database user's credentials and authenticates to the database on behalf of the user.
  • 19. Another security layer of a more sophisticated nature includes real-time database activity monitoring, either by analyzing protocol traffic (SQL) over the network, or by observing local database activity on each server using software agents, or both. Use of agents or native logging is required to capture activities executed on the database server, which typically include the activities of the database administrator. Agents allow this information to be captured in a fashion that can not be disabled by the database administrator, who has the ability to disable or modify native audit logs.
  • 20. Analysis can be performed to identify known exploits or policy breaches, or baselines can be captured over time to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion. These systems can provide a comprehensive database audit trail in addition to the intrusion detection mechanisms, and some systems can also provide protection by terminating user sessions and/or quarantining users demonstrating suspicious behavior.
  • 21. Some systems are designed to support separation of duties (SOD), which is a typical requirement of auditors. SOD requires that the database administrators who are typically monitored as part of the DAM, not be able to disable or alter the DAM functionality. This requires the DAM audit trail to be securely stored in a separate system not administered by the database administration group.
  • 22.
  • 23. A good database security program includes the regular review of privileges granted to user accounts and accounts used by automated processes. For individual accounts a two-factor authentication system improves security but adds complexity and cost. Accounts used by automated processes require appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise.
  • 24. In conjunction with a sound database security program, an appropriate disaster recovery program can ensure that service is not interrupted during a security incident, or any incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions. After an incident occurs, database forensics can be employed to determine the scope of the breach, and to identify appropriate changes to systems and processes.
  • 25. The greatest threat to database security are non- tracked unauthorized changes by internal and external users. Algorithms based on cryptology and other statistical methods are deployed to both identify these events and report threats to administrators. Such shield DB approach maps large dataset into its small digital fingerprint which, is continuously updated with every change in main database by registered applications. Desired fingerprints are then matched with actual at preset intervals for identifying the changed locations in the main database, date and time of unauthorized changes, even made through privileged authority.