SlideShare une entreprise Scribd logo

Data security and Integrity

Zaid Shabbir
Zaid Shabbir

Slides present data and information system. In any information system security and integrity is the prime concern. How we can make sure stored data is more secure and generated information should be accurate, reliable and consistent.

Données & analyses
1  sur  44
Télécharger pour lire hors ligne
Data Security and Integrity
Contents ● Introduction ● Database Security In General – Information System – Information / Data Security ● Information Security Triangle ● Information Security Architecture ● Database Security – Security Levels – Dangers for Databases – Security Methods
Contents ● Database Security Methodology ● Security Layers in DBMS – Authentication – Authorization – Views and Data Security – Virtual Private Database ● Data Auditing
Introduction ● In the modern era of information security violation and attacks increased on each day. ● For data security we need to implement more strict policies in a way our business operations not blocked and execute smoothly. Security Measures: ● Prevent the physical access to the servers where data reside. ● Implement operating system operations in more secure way. ● Implement security models that enforce security measures. ● DBA should implement the security polices to protect the data.
Database Security In General ● Degree to which data is fully protected from tampering or unauthorized acts. ● Comprises information system and information security concepts.
Information System ● Information system (IS) comprised of components working together to produce and generate accurate information. ● In IS wise decisions require – Accurate and timely information – Information integrity ● IS categorized based on usage as – Low-level – Mid-level – High-level
Information System ... Typical use of system applications at various management level Order Tracking Customer Service Student registration Risk management Fraud Detection Sales Forecasting Market Analysis Loan Expert Financial Enterprise
Information System ... Information System Components
Database and DBMS Environment DBMS Functions Organize data Store and retrieve data efficiently Manipulate data (update and delete Enforce referential integrity and consistency Enforce and implement data security policies and procedures Back up, recover, and restore data Data security …..DBMS Components Data Hardware Software Networks Procedures Database Server
Information / Data Security ● Information / data is one of the most valuable asset for any organization. ● Its security consist of procedures and measures taken to protect information systems components.
Information Security Triangle Information Security C.I.A Triangle Data and information is classified into Different levels of confidentiality to ensure that only authorized users access the information. → System is available at all times only for authorized and authenticated persons. → System is protected from being shutdown due to external or internal threats or attacks. → Data and information is accurate and protected from tampering by Unauthorized persons. → Data and information is consistent and validated.
Confidential Classification (CIA Triangle)
Integrity (CIA Triangle) ● Data Integrity refers to the overall completeness, accuracy and consistency of data. ● Integrity has two types physical and logical. ● Physical integrity: Physical integrity deals with challenges associated with correctly storing and fetching the data itself. – Challenges: electromechanical faults, physical design flaws, natural disasters etc. ● Logical Integrity: Concerned with referential integrity and entity integrity in a relational database – Challenges: software bugs, design flaws, and human errors.
Integrity by Example (CIA Triangle) Employee A learns that his similar designation coworker is earning higher salary then he is. Employee A get this information through the access of an application program by accounting dept and manipulates the vacation hours and overtime hours of his colleague. Two security violations: ● Confidential data is disclosed inappropriately. ● An application to modify data was access inappropriately.
Availability (CIA Triangle) ● Systems must be always available to authorized users. ● Systems determines what a user can do with the information. ● System might not be visible in some conditions.
Information Security Architecture → Privacy laws → Confidential classification → Policies and procedures → Access rights → Customer concerns → Social and cultural issues Confidentiality → Security technology → Security model → Cryptography technology → DBMS technology → Database and design → Application technology Integrity → Threats and attacks → System vulnerabilities → Authorization methodology → Authentication technology → Network interfaces → Disaster and recovery strategy Availability
Database Security Database security entertain allowing or disallowing user actions on the database and the objects within it. DMBS contains Discretionary access control regulates all user access to named objects through privileges. A privilege is permission to access a named object in a prescribed manner; for example, permission to query a table. Privileges are granted to users at the discretion of other users.
Database Security ... Database Security Access Points
Database Security ... Database Security Enforcement
Security Levels ● Database System: Since some users may modify data while some may only query, it is the job of the system to enforce authorization rules. ● Operating System: No matter how secure the database system is, the operating system may serve as another means of unauthorized access. ● Network: Since most databases allow remote access, hardware and software security is crucial. ● Physical: Sites with computer systems must be physically secured against entry by intruders or terrorists. ● Human: Users must be authorized carefully to reduce the chance of a user giving access to an intruder.
Data Integrity Violation
Dangers for Databases Security vulnerability: a weakness in any information system component. Categories of Security Vulnerabilities
Dangers for Databases ... Security threat: a security violation or attack that can happen any time because of a security vulnerability. Categories of Security Threats
Dangers for Databases ... Security risk: a known security gap left open. Categories of Security Risks
Dangers for Databases... Integration of Security Vulnerabilities, Risks and Threats in Database Environment
Security Methods Database Component Protected Security Method People ● Physical limit to access hardware and documents. ● Through the process of identification and authentication make sure right user is going to access the information ● Conduct training courses on the Importance of security and how to guard assets ● Establishment of security policies and procedures. Applications ● Authentication of users who access the application. ● Apply business rules. ● A Single sign on
Security Methods ... Database Component Protected Security Method Network ● Network firewall to block the intruders. ● VPN ● Network Authentication Operating System ● Authentication ● Password policy ● User accounts DBMS ● Authentication ● Audit mechanism ● Database resource limits ● Password policy ● Data encryption Data Files ● Files / Folder permissions ● Access monitoring
Security Methods ... Database Component Protected Security Method Data ● Data Validation ● Data constraints ● Data Encryption ● Data Access
Databases Security Methodology
Security Layers in DBMS ● Authentication ● Authorization – Data File level – Database level – Table level – Record level – Column level
Security Layers in DBMS ... By Database Management System through username and password Through Files Permissions Schema owners/security administrator grant or revoke privileges
Overview of Authentication Methods Several DBMS support different user authentication method for security purpose. Some of the authentication methods are.. Authentication by the Operating System: Once user authenticated by the operating system, users can connect to database more conveniently, without specifying a user name or password. (e.g. In EDB/Postgres peer/ident authentication method use for this purpose). Password Authentication: Users are created with some password in database and after assignment of some set of privileges register user can communicate with DBMS.
Overview of Authentication Methods ... Trust Authentication: Registered user can connect with database and perform operations as per authority on different objects.
Overview of Authentication Methods ... Authentication by the Network: In network base authentication scheme there are three branches 1. Third Party-Based Authentication Technologies: If network authentication services are available to you (such as DCE, Kerberos, or SESAME), Oracle Database can accept authentication from the network service. 2.Certificate Authentication: This authentication method uses SSL client certificates to perform authentication. It is therefore only available for SSL connections. When using this authentication method, the server will require that the client provide a valid certificate. No password prompt will be sent to the client.
Overview of Authentication Methods ... 3. Remote Authentication Oracle Database supports remote authentication of users through Remote Dial-In User Service (RADIUS), a standard lightweight protocol used for user authentication, authorization, and accounting.
Authorization ● For security purposes, we may assign a user several forms of authorization on parts of the databases which allow: – Read: read tuples. – Insert: insert new tuple, not modify existing tuples. – Update: modification, not deletion, of tuples. – Delete: deletion of tuples. ● We may assign the user all, none, or a combination of these.
Authorization ... In addition to the previously mentioned, we may also assign a user rights to modify the database schema: Index: allows creation and modification of indices. Resource: allows creation of new relations. Alteration: addition or deletion of attributes in a tuple. Drop: allows the deletion of relations. In SQL DCL used for authorization assignments on different database objects
DCL and Authorization ● DCL commands are used to enforce database security in a multiple database environment. ● Two types of DCL commands are – Grant – Revoke ● Database Administrator's or owner’s of the database object can provide/remove privileges on a database object through Grant and Revoke in RDMS.
DCL and Authorization ● GRANT Syntax GRANT privilege_name ON object_name TO {user_name | PUBLIC | role_name} [with GRANT option]; ● Here, privilege_name: is the access right or privilege granted to the user. ● object_name: is the name of the database object like table, view etc.,. ● user_name: is the name of the user to whom an access right is being granted. ● Public is used to grant rights to all the users. ● With Grant option: allows users to grant access rights to other users.
DCL and Authorization ● REVOKE Syntax: REVOKE privilege_name ON object_name FROM {User_name | PUBLIC | Role_name} ● For Example: GRANT SELECT ON employee TO user1 ● This command grants a SELECT permission on employee table to user1. REVOKE SELECT ON employee FROM user1 ● This command will revoke a SELECT privilege on employee table from user1.
Views and Data Security ● Views can serve as security mechanism by restricting the data available to users. Through views you can restrict users on limited columns and give the rights to specific users. ● Example: Table emp contains employee salaries which should not visible to all users and all user can read the data other then salary. – Emp (id, name, address, designation, salary) – Create view emp_basic_info as select (id, name, address, designation) from emp; – Grant select (id, name,address) on emp_basic_info to 'qasim' – Grant select (id, name, address, designation) on emp_basic_info to 'Haider'
Views and Data Security CREATE VIEW EuropeanCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Continent = "Europe" CREATE VIEW BigCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Population >= 30000000
Virtual Private Database Virtual Private Database (VPD) is a feature which enables Administrator to create security around actual data (i.e row/columns) so that multiple users can access data which is relevant to them. ● Steps for VPD – Create an Application Context: Create users, objects and permissions on the objects. – Create security policies functions – Apply security policies to tables Reference Postgres Plus Advanced Server Guide: http://get.enterprisedb.com/docs/Postgres_Plus_Enterprise_Edition_Guide_v9.5.pdf Section 9.11 DBMS_RLS
Data Auditing Database auditing involves observing a database for user/transaction actions. Database administrators and consultants often set up auditing for security purposes. In EDB data auditing manage control through audit logs. EDB / PostgreSQL maintained Audit log on .. ● When a role establishes a connection to an Advanced Server database ● What database objects a role creates, modifies, or deletes when connected to Advanced Server. ● When any failed authentication attempts occur.

Recommandé

System security
System securitySystem security
System securitysommerville-videos
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 

Recommandé

System security
System securitySystem security
System securitysommerville-videos
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Backup and recovery
Backup and recoveryBackup and recovery
Backup and recoverydhawal mehta
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Showrobinlgray
 
Software Security
Software SecuritySoftware Security
Software SecurityRoman Oliynykov
 

Contenu connexe

Tendances

Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Backup and recovery
Backup and recoveryBackup and recovery
Backup and recoverydhawal mehta
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 

Tendances (20)

Email security
Email securityEmail security
Email security
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Database security
Database securityDatabase security
Database security
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Backup and recovery
Backup and recoveryBackup and recovery
Backup and recovery
 
Security models
Security models Security models
Security models
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocol
 
Data security
Data securityData security
Data security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Network security
Network securityNetwork security
Network security
 
Security threats
Security threatsSecurity threats
Security threats
 
Network security
Network securityNetwork security
Network security
 
Security services
Security servicesSecurity services
Security services
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Email security
Email securityEmail security
Email security
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 

En vedette

Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Showrobinlgray
 
Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurVaibhav's Group
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft PresentationRandall Chesnutt
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 

En vedette (7)

Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 
Software Security
Software SecuritySoftware Security
Software Security
 
Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav Gaur
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 

Similaire à Data security and Integrity

MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Database security 12.pdf
Database security 12.pdfDatabase security 12.pdf
Database security 12.pdfShajanShajan2
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptxFarhanaMariyam1
 
Final Study of Security functionality in Distributed Database.pptx
Final Study of Security functionality in Distributed Database.pptxFinal Study of Security functionality in Distributed Database.pptx
Final Study of Security functionality in Distributed Database.pptxHasibAhmadKhaliqi1
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxSaqibAhmedKhan4
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectATMOSPHERE .
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxpriestmanmable
 

Similaire à Data security and Integrity (20)

Dstca
DstcaDstca
Dstca
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Database security 12.pdf
Database security 12.pdfDatabase security 12.pdf
Database security 12.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
 
Final Study of Security functionality in Distributed Database.pptx
Final Study of Security functionality in Distributed Database.pptxFinal Study of Security functionality in Distributed Database.pptx
Final Study of Security functionality in Distributed Database.pptx
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
Database security
Database securityDatabase security
Database security
 
Database security
Database securityDatabase security
Database security
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docx
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptx
 

Plus de Zaid Shabbir

Modern SDLC and QA.pptx
Modern SDLC and QA.pptxModern SDLC and QA.pptx
Modern SDLC and QA.pptxZaid Shabbir
 
Software Agility.pptx
Software Agility.pptxSoftware Agility.pptx
Software Agility.pptxZaid Shabbir
 
Software Development Guide To Accelerate Performance
Software Development Guide To Accelerate PerformanceSoftware Development Guide To Accelerate Performance
Software Development Guide To Accelerate PerformanceZaid Shabbir
 
Software Testing and Agility
Software Testing and Agility Software Testing and Agility
Software Testing and Agility Zaid Shabbir
 
Cloud computing & dbms
Cloud computing & dbmsCloud computing & dbms
Cloud computing & dbmsZaid Shabbir
 
No sql bigdata and postgresql
No sql bigdata and postgresqlNo sql bigdata and postgresql
No sql bigdata and postgresqlZaid Shabbir
 
Files and data storage
Files and data storageFiles and data storage
Files and data storageZaid Shabbir
 
Tree and binary tree
Tree and binary treeTree and binary tree
Tree and binary treeZaid Shabbir
 
Introduction to data structure
Introduction to data structureIntroduction to data structure
Introduction to data structureZaid Shabbir
 

Plus de Zaid Shabbir (14)

Modern SDLC and QA.pptx
Modern SDLC and QA.pptxModern SDLC and QA.pptx
Modern SDLC and QA.pptx
 
Software Agility.pptx
Software Agility.pptxSoftware Agility.pptx
Software Agility.pptx
 
Software Development Guide To Accelerate Performance
Software Development Guide To Accelerate PerformanceSoftware Development Guide To Accelerate Performance
Software Development Guide To Accelerate Performance
 
Software Testing and Agility
Software Testing and Agility Software Testing and Agility
Software Testing and Agility
 
Cloud computing & dbms
Cloud computing & dbmsCloud computing & dbms
Cloud computing & dbms
 
No sql bigdata and postgresql
No sql bigdata and postgresqlNo sql bigdata and postgresql
No sql bigdata and postgresql
 
Files and data storage
Files and data storageFiles and data storage
Files and data storage
 
Queue
QueueQueue
Queue
 
Queue
QueueQueue
Queue
 
Sorting
SortingSorting
Sorting
 
Stack
StackStack
Stack
 
Tree and binary tree
Tree and binary treeTree and binary tree
Tree and binary tree
 
Sorting
SortingSorting
Sorting
 
Introduction to data structure
Introduction to data structureIntroduction to data structure
Introduction to data structure
 

Dernier

Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
ELKO dropshipping via API with DroFx.pptx
ELKO dropshipping via API with DroFx.pptxELKO dropshipping via API with DroFx.pptx
ELKO dropshipping via API with DroFx.pptxolyaivanovalion
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...amitlee9823
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 

Dernier (20)

CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
ELKO dropshipping via API with DroFx.pptx
ELKO dropshipping via API with DroFx.pptxELKO dropshipping via API with DroFx.pptx
ELKO dropshipping via API with DroFx.pptx
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 

Data security and Integrity

  • 2. Contents ● Introduction ● Database Security In General – Information System – Information / Data Security ● Information Security Triangle ● Information Security Architecture ● Database Security – Security Levels – Dangers for Databases – Security Methods
  • 3. Contents ● Database Security Methodology ● Security Layers in DBMS – Authentication – Authorization – Views and Data Security – Virtual Private Database ● Data Auditing
  • 4. Introduction ● In the modern era of information security violation and attacks increased on each day. ● For data security we need to implement more strict policies in a way our business operations not blocked and execute smoothly. Security Measures: ● Prevent the physical access to the servers where data reside. ● Implement operating system operations in more secure way. ● Implement security models that enforce security measures. ● DBA should implement the security polices to protect the data.
  • 5. Database Security In General ● Degree to which data is fully protected from tampering or unauthorized acts. ● Comprises information system and information security concepts.
  • 6. Information System ● Information system (IS) comprised of components working together to produce and generate accurate information. ● In IS wise decisions require – Accurate and timely information – Information integrity ● IS categorized based on usage as – Low-level – Mid-level – High-level
  • 7. Information System ... Typical use of system applications at various management level Order Tracking Customer Service Student registration Risk management Fraud Detection Sales Forecasting Market Analysis Loan Expert Financial Enterprise
  • 9. Database and DBMS Environment DBMS Functions Organize data Store and retrieve data efficiently Manipulate data (update and delete Enforce referential integrity and consistency Enforce and implement data security policies and procedures Back up, recover, and restore data Data security …..DBMS Components Data Hardware Software Networks Procedures Database Server
  • 10. Information / Data Security ● Information / data is one of the most valuable asset for any organization. ● Its security consist of procedures and measures taken to protect information systems components.
  • 11. Information Security Triangle Information Security C.I.A Triangle Data and information is classified into Different levels of confidentiality to ensure that only authorized users access the information. → System is available at all times only for authorized and authenticated persons. → System is protected from being shutdown due to external or internal threats or attacks. → Data and information is accurate and protected from tampering by Unauthorized persons. → Data and information is consistent and validated.
  • 13. Integrity (CIA Triangle) ● Data Integrity refers to the overall completeness, accuracy and consistency of data. ● Integrity has two types physical and logical. ● Physical integrity: Physical integrity deals with challenges associated with correctly storing and fetching the data itself. – Challenges: electromechanical faults, physical design flaws, natural disasters etc. ● Logical Integrity: Concerned with referential integrity and entity integrity in a relational database – Challenges: software bugs, design flaws, and human errors.
  • 14. Integrity by Example (CIA Triangle) Employee A learns that his similar designation coworker is earning higher salary then he is. Employee A get this information through the access of an application program by accounting dept and manipulates the vacation hours and overtime hours of his colleague. Two security violations: ● Confidential data is disclosed inappropriately. ● An application to modify data was access inappropriately.
  • 15. Availability (CIA Triangle) ● Systems must be always available to authorized users. ● Systems determines what a user can do with the information. ● System might not be visible in some conditions.
  • 16. Information Security Architecture → Privacy laws → Confidential classification → Policies and procedures → Access rights → Customer concerns → Social and cultural issues Confidentiality → Security technology → Security model → Cryptography technology → DBMS technology → Database and design → Application technology Integrity → Threats and attacks → System vulnerabilities → Authorization methodology → Authentication technology → Network interfaces → Disaster and recovery strategy Availability
  • 17. Database Security Database security entertain allowing or disallowing user actions on the database and the objects within it. DMBS contains Discretionary access control regulates all user access to named objects through privileges. A privilege is permission to access a named object in a prescribed manner; for example, permission to query a table. Privileges are granted to users at the discretion of other users.
  • 18. Database Security ... Database Security Access Points
  • 19. Database Security ... Database Security Enforcement
  • 20. Security Levels ● Database System: Since some users may modify data while some may only query, it is the job of the system to enforce authorization rules. ● Operating System: No matter how secure the database system is, the operating system may serve as another means of unauthorized access. ● Network: Since most databases allow remote access, hardware and software security is crucial. ● Physical: Sites with computer systems must be physically secured against entry by intruders or terrorists. ● Human: Users must be authorized carefully to reduce the chance of a user giving access to an intruder.
  • 22. Dangers for Databases Security vulnerability: a weakness in any information system component. Categories of Security Vulnerabilities
  • 23. Dangers for Databases ... Security threat: a security violation or attack that can happen any time because of a security vulnerability. Categories of Security Threats
  • 24. Dangers for Databases ... Security risk: a known security gap left open. Categories of Security Risks
  • 25. Dangers for Databases... Integration of Security Vulnerabilities, Risks and Threats in Database Environment
  • 26. Security Methods Database Component Protected Security Method People ● Physical limit to access hardware and documents. ● Through the process of identification and authentication make sure right user is going to access the information ● Conduct training courses on the Importance of security and how to guard assets ● Establishment of security policies and procedures. Applications ● Authentication of users who access the application. ● Apply business rules. ● A Single sign on
  • 27. Security Methods ... Database Component Protected Security Method Network ● Network firewall to block the intruders. ● VPN ● Network Authentication Operating System ● Authentication ● Password policy ● User accounts DBMS ● Authentication ● Audit mechanism ● Database resource limits ● Password policy ● Data encryption Data Files ● Files / Folder permissions ● Access monitoring
  • 28. Security Methods ... Database Component Protected Security Method Data ● Data Validation ● Data constraints ● Data Encryption ● Data Access
  • 30. Security Layers in DBMS ● Authentication ● Authorization – Data File level – Database level – Table level – Record level – Column level
  • 31. Security Layers in DBMS ... By Database Management System through username and password Through Files Permissions Schema owners/security administrator grant or revoke privileges
  • 32. Overview of Authentication Methods Several DBMS support different user authentication method for security purpose. Some of the authentication methods are.. Authentication by the Operating System: Once user authenticated by the operating system, users can connect to database more conveniently, without specifying a user name or password. (e.g. In EDB/Postgres peer/ident authentication method use for this purpose). Password Authentication: Users are created with some password in database and after assignment of some set of privileges register user can communicate with DBMS.
  • 33. Overview of Authentication Methods ... Trust Authentication: Registered user can connect with database and perform operations as per authority on different objects.
  • 34. Overview of Authentication Methods ... Authentication by the Network: In network base authentication scheme there are three branches 1. Third Party-Based Authentication Technologies: If network authentication services are available to you (such as DCE, Kerberos, or SESAME), Oracle Database can accept authentication from the network service. 2.Certificate Authentication: This authentication method uses SSL client certificates to perform authentication. It is therefore only available for SSL connections. When using this authentication method, the server will require that the client provide a valid certificate. No password prompt will be sent to the client.
  • 35. Overview of Authentication Methods ... 3. Remote Authentication Oracle Database supports remote authentication of users through Remote Dial-In User Service (RADIUS), a standard lightweight protocol used for user authentication, authorization, and accounting.
  • 36. Authorization ● For security purposes, we may assign a user several forms of authorization on parts of the databases which allow: – Read: read tuples. – Insert: insert new tuple, not modify existing tuples. – Update: modification, not deletion, of tuples. – Delete: deletion of tuples. ● We may assign the user all, none, or a combination of these.
  • 37. Authorization ... In addition to the previously mentioned, we may also assign a user rights to modify the database schema: Index: allows creation and modification of indices. Resource: allows creation of new relations. Alteration: addition or deletion of attributes in a tuple. Drop: allows the deletion of relations. In SQL DCL used for authorization assignments on different database objects
  • 38. DCL and Authorization ● DCL commands are used to enforce database security in a multiple database environment. ● Two types of DCL commands are – Grant – Revoke ● Database Administrator's or owner’s of the database object can provide/remove privileges on a database object through Grant and Revoke in RDMS.
  • 39. DCL and Authorization ● GRANT Syntax GRANT privilege_name ON object_name TO {user_name | PUBLIC | role_name} [with GRANT option]; ● Here, privilege_name: is the access right or privilege granted to the user. ● object_name: is the name of the database object like table, view etc.,. ● user_name: is the name of the user to whom an access right is being granted. ● Public is used to grant rights to all the users. ● With Grant option: allows users to grant access rights to other users.
  • 40. DCL and Authorization ● REVOKE Syntax: REVOKE privilege_name ON object_name FROM {User_name | PUBLIC | Role_name} ● For Example: GRANT SELECT ON employee TO user1 ● This command grants a SELECT permission on employee table to user1. REVOKE SELECT ON employee FROM user1 ● This command will revoke a SELECT privilege on employee table from user1.
  • 41. Views and Data Security ● Views can serve as security mechanism by restricting the data available to users. Through views you can restrict users on limited columns and give the rights to specific users. ● Example: Table emp contains employee salaries which should not visible to all users and all user can read the data other then salary. – Emp (id, name, address, designation, salary) – Create view emp_basic_info as select (id, name, address, designation) from emp; – Grant select (id, name,address) on emp_basic_info to 'qasim' – Grant select (id, name, address, designation) on emp_basic_info to 'Haider'
  • 42. Views and Data Security CREATE VIEW EuropeanCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Continent = "Europe" CREATE VIEW BigCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Population >= 30000000
  • 43. Virtual Private Database Virtual Private Database (VPD) is a feature which enables Administrator to create security around actual data (i.e row/columns) so that multiple users can access data which is relevant to them. ● Steps for VPD – Create an Application Context: Create users, objects and permissions on the objects. – Create security policies functions – Apply security policies to tables Reference Postgres Plus Advanced Server Guide: http://get.enterprisedb.com/docs/Postgres_Plus_Enterprise_Edition_Guide_v9.5.pdf Section 9.11 DBMS_RLS
  • 44. Data Auditing Database auditing involves observing a database for user/transaction actions. Database administrators and consultants often set up auditing for security purposes. In EDB data auditing manage control through audit logs. EDB / PostgreSQL maintained Audit log on .. ● When a role establishes a connection to an Advanced Server database ● What database objects a role creates, modifies, or deletes when connected to Advanced Server. ● When any failed authentication attempts occur.