Scribd
Upload
2K views

Database Security Assignment

The document discusses threats to database security such as accidental loss, theft, fraud, loss of privacy or confidentiality, loss of integrity, and loss of availability. It then describes measures to establish database security, including server, network, and web security. Authentication schemes and encryption are also covered as methods to enhance database security.

Uploaded by

Aamir Raza
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF or read online on Scribd
2K views

Database Security Assignment

The document discusses threats to database security such as accidental loss, theft, fraud, loss of privacy or confidentiality, loss of integrity, and loss of availability. It then describes measures to establish database security, including server, network, and web security. Authentication schemes and encryption are also covered as methods to enhance database security.

Uploaded by

Aamir Raza
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 7

DATABASE SECURITY

THREATS OF DATABASE

 Accidental loss
 Theft & fraud
 Loss of privacy or confidentiality
 Loss of data integrity
 Loss of availability

1. Accidental loss

Loss occurs due to human error. It is usually by chance loss of data.

These losses can be minimized.

By,

 User authorization
 Uniform software installation procedure
 Hardware maintenance schedule

2. Theft & fraud

Theft “steal of data” by an unauthorized user.

Fraud “ intentially ” spoiling the data.

These two activities are performed usually electronic means.

Example,

Someone may being away the data on his flash.


This can be avoided by,

 Maintaining physical security


 Fire wall

3. Loss of privacy

Privacy means:

Protection relating to individual data.

Confidently means:

Protection of data of organization.

 Failure to these protection causes.


 Black mail
 Bribery
 Public embarrassment
 State of federal laws govern by protection of data.

Otherwise this security may cause financial & reputation loss.

4. Loss of data integrity


“Integrity” means soundness of data and extent of validity of data.

If data is not secured then this can be hampered someone may. Alter the data due
to which it becomes invalid. So recovery and backup procedures should be used.

Invalid data may cause “wrong decisions”.

5. Loss of availability
Destructive hardware , networks, applications may cause the data to
become unavailable.

Virus may cause this problem.

ESTABLISHING DATA SECURITY

 Server Security
 Network security
 Web security
 Web privacy
1. Server security

Multiple users, including database servers, need to be protected.


Each should be located in a secure are, accessible only to authorized
administrator and supervisor. Logical access controls, including server and
administrator and passwords, provide layers of protection against
intrusion. Password management utilities should be included as part of the
network and operating systems.

Reliance on operating system authentication should not be encouraged.

2. Network security

Securing client/server systems includes securing the network


between client and server. The encryption of data so that attackers cannot
read a data packet being transmitted is obviously an important part of
network security. For example, authentication of the client workstation
that is attempting to access the server also helps to enforce network
security and application system.

3. Web security

If an organization wishes only to make static HTML pages


available, protection must be established for the HTML files stored on
web pages.

Sensitive files may be kept on another server accessible through an


organization s intranet. Security measures for dynamic web page
generation are different.

Web security include ways to restrict access to web servers.

 Restrict the number of users on the web server as much as


possible.
 Restrict access to the web server, keeping a minimum number of
ports open.
 Remove any unneeded programs that load automatically when
setting up the server.

4. Web privacy

Protection of individual privacy when using the internet has become an


important issue. E-mail, E-commerce and marketing and other online resources
have created new computer mediated communication paths.

Application that return individualized responses require that information


be collected about the individual but at the same time proper respect for the
privacy and dignity of employee.
MEASURES

Subset of database that is presented to one or more users view is a virtual table.

A view is created by queering one or more of the base tables.

 View present only that data which is required by user.

So, user cannot view other private, confidential data.


Example:
Worker of production dept. views data relating to material type, query
relating to material & access.

INTEGRITY CONTROLS

Integrity control protect data from unauthorized use and update.

These controls include,

 Limit the value in field


 Limit actions that can perform on date
 Limit execution process
 Domail “ domain is the way to user-define data”

Once a domain is defined any field can be assigned that domain as its data.

Authorization rules
Authorization rules are controlled incorporated in the data management
system. That restrict access to data and also restrict the actions that people
may take when they access data. For example, a person who can supply a
particular password may be authorized to read any record in a database but
cannot necessarily modify any of those records.

Authorization table for salespersons

Customer Order
record record
Read Y Y
Insert Y Y
Modify Y N
Delete N N

ENCRYPTION

Data encryption can be used to protect highly sensitive data such as


customer credit card numbers or account balances. Encryption in the
coding or scrambling of data so that humans cannot read them. Some
DBMS products include encryption routines that automatically encode
sensitive data when are stored or transmitted over communication
channels. For example, encryption is commonly used in electronic fund
transfer (EFT) systems. Other DBMS products provide exits that allow
users to code heir own encryption routines.

AUTHENTICATION SCHEMES
In an electronic environment, a user can provide his or her identity
by supplying one or more of the fallowing factors.

 Something the user knows, usually a password or personal


identification number (PIN)
 Something the user possesses, such as a smart card or token.
 Some unique personal characteristic, such as fingerprint or retinal
scan

Authentication schemes are called one-factor, two-factor or three factor


authentication, depending on how many of these factors are employed.
Authentication becomes stronger in proportion to the number of factors that are
used.

SECURITY POLICY & PROCEDURES

 Personal controls
 Physical controls
 Maintenance controls
 Data privacy controls

USER-DEFINES PROCEDURES

Some DBMS products provide user exists (or interface ) that allow
system designers or users to create their own user-defined procedures for
security, in addition to the authorization rules we have just described. For
example, a user procedure might be designed to provide positive user
identification. In attempting to log on to the computer, the user might be
required to supply a procedure name are supplied, the systems then calls the
procedure, which ask the user a series of questions whose answers should be
known only to that password holder.

You might also like