Chapter 19: Security: Name: Alvin Irwanto NIM: 41518010055
Chapter 19: Security: Name: Alvin Irwanto NIM: 41518010055
NIM : 41518010055
Chapter 19 : Security
A. Database Security
Database security is the mechanisms that protect the database against intentional or accidental
threats. Security considerations apply not only to the data held in a database, breahes of security
may affect other parts of the system, which may in turn affect the database. Consequently, database
security encompasses hardware, software, people, and data.
A database represents an essential corporate that should be properly secured using appropriate
controls. We consoder database security in relation to the followong situations :
a. Theft and fraud
b. Loss of confidentiality
c. Loss of privacy
d. Loss of integrity
e. Loss of availability
Threat is any situation or event, whether intentional or accidental, that may adversely affect a
system and consequently the organization.
B. Countermeasures – Computer-Based Controls
The types of countermeasure to threats on computer systems range from physical controls to
administrative pricedures.
1. Authorization
Authirization is the granting of a right or privilage that enables a subject to have legotimate
access to a system or a system’s object. Authorization controls can be built into the software,
and govern not only what system or object a specified user can access, but also what the user
may do with it. The process of authorization involves authentication of subjects requesting
access to objects, where ‘subject’ represents a user or program and ‘object’ represents a
database table, view, procedure, trigger, or any other object that can be created within the
system.
Authentication is a mechanism that determines whethera user who he or she claims to be.
A system administrator is usually responsible for allowong users to have access ro a computer
system by creating individual user accounts. Each user is given a unique identifier, which is
used by the operating system to determine who they are.
2. Access Controls
The typical way to provide access controls for a database system is based on the granting
and revoking of privileges. A privilegeallows a user to create or access (that is read, write, or
modify) some database object (such as a relation, view, or index) or to run certain DBMS
utilities. Privileges are granted to users to accomplish the tasks required for their jobs. As
excessive granting of unnecessary privileges can compromise security: a privilege should only
be granted to a user if that user cannot accomplish his or her work without that privilege.
3. Views
View is the dynamic result of one or more relational operations operating on the databse
relations to prouduce another relation. A view is a virtual relation that does not actually exist
in the database, but is produced upon request by a particular userm at the time of request.
5. Integrity
Integrity constraints also contribute to maintaning a secure databse system by preventing data
from becoming invalid, and hence giving misleading or incorrect results.
6. Encryption
Encrytion is the encoding of the data by a special algorithm that renders the data unreadable
by any program without the descryption key. If a database system holds particularly sensitive
data, it may be deemed necessary to encode it as a precaution against possible external threats
or attempts to access it. Reversible techniques are more commonly used. To transmit data
securely over insecure networks requires the use of a cryptosystem, which includes:
a. An encryption key to encrips the data (plaintext)
b. An encription algorithm that, with the encryption key, transforms the plaintext into
ciphertext
c. A decryption kry to decrypt the chiphertext
d. A decryption algorithm that, with the decryption key, transforms the chipertext back into
plaintext.
1. Proxy Servers
In a Web environment, a proxy server is a computer that sits between a Web browser and
a Web server. It intercepts all requests to the Web server to determine if it can fulfill the requests
itself. If not, it forwards the requests to the Web server. Proxy servers have two main purposes:
to improve performance and filter requests.
2. Firewalls
A firewall is a system designed to prevent unauthorized access to or from a private network.
Firewalls can be implemented in both hardware and software, or a combination of both. They
are frequently used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each message and blocks those that do not meet the
specified security criteria.
4. Digital Certificates
A digital certificate is an attachment to an electronic message used for security purposes,
most commonly to verify that a user sending a message is who he or she claims to be, and to
provide the receiver with the means to encode a reply.
5. Kerberos
Kerberos is a server of secured user names and passwords (named after the three-headed
monster in Greek mythology that guarded the gate of hell). The importance of Kerberos is that
it provides one centralized security server for all data and resources on the network. Database
access, login, authorization control, and other security features are centralized on trusted
Kerberos servers. Kerberos has a similar function to that of a Certificate server: to identify and
validate a user.
8. Java Security
Safety and security are integral parts of Java’s design, with the ‘sandbox’ ensuring that an
untrusted, possibly malicious, application cannot gain access to system resources. To
implement this sandbox, three components are used: a class loader, a bytecode verifier, and a
security manager. The safety features are provided by the Java language and the Java Virtual
Machine (JVM), and enforced by the compiler and the runtime system; security is a policy that
is built on top of this safety layer.
9. ActiveX Security
ActiveX, on the other hand, places no restrictions on what a control can do. Instead, each
ActiveX control can be digitally signed by its author using a system called Authenticode™.
The digital signatures are then certified by a Certificate Authority (CA). This security model
places the responsibility for the computer’s security on the user. Before the browser downloads
an ActiveX control that has not been signed or has been certified by an unknown CA, it presents
a dialog box warning the user that this action may not be safe.