MODULE 5

Database Security

Security of databases refers to the array of controls, tools, and procedures designed to ensure and safeguard
confidentiality, integrity, and accessibility of the database. Security for databases must cover and safeguard
the following aspects:

 The database containing data.

 Database management systems (DBMS)
 Any applications that are associated with it.
 Physical database servers or the database server virtual, and the hardware that runs it.
 The infrastructure for computing or network that is used to connect to the database.

Common Threats and Challenges

1. Insider dangers:
An insider threat can be an attack on security from any three sources having an access privilege to the
database.
 A malicious insider who wants to cause harm
 An insider who is negligent and makes mistakes that makes the database vulnerable to attacks
 An infiltrator who acquires credentials by using a method like phishing or accessing the database of
credential information in the database itself.
2. Human Error :
The unintentional mistakes, weak passwords or sharing passwords, and other negligent or uninformed
behaviours of users.

3. SQL/NoSQL Injection Attacks:

 A specific threat to databases is the infusing of untrue SQL as well as other non-SQL string attacks in
queries for databases delivered by web-based apps and HTTP headers.
 Companies that do not follow the safe coding practices for web applications and conduct regular
vulnerability tests are susceptible to attacks using these.
4. Buffer Overflow is a way to Exploit Buffers:
 Buffer overflow happens when a program seeks to copy more data into the memory block with a
certain length than it can accommodate.
 The attackers may make use of the extra data, which is stored in adjacent memory addresses, to
establish a basis for they can begin attacks.

5. Malware:
 Malware is software designed to exploit vulnerabilities or cause harm to databases.
 Malware can be accessed via any device that connects to the databases network.

6. DDoS (DoS/DDoS) Attacks:

In a denial-of-service (DoS) attack in which the attacker overwhelms the targeted server -- in this case, the
database server with such a large volume of requests that the server is unable to meet no longer legitimate
requests made by actual users. In most cases, the server is unstable or even fails to function.

Access Control

 Database access control is a method of allowing access to company’s sensitive data only to those people
(database users) who are allowed to access such data and to restrict access to unauthorized persons.
 It includes two main components: authentication and authorization.
 Authentication is a method of verifying the identity of a person who is accessing your database.
Authentication isn’t enough to protect data.
  Authorization, determines whether a user should be allowed to access the data or make the transaction
he’s attempting.

Types of Access Control

1. Discretionary Access Control (DAC) :

 DAC is a type of access control where the data owner or administrator has the discretion to
determine who can access specific resources.
 Permissions are assigned to users directly or via user groups.
 Users are assigned permissions like read, write, execute, etc., on a per-object basis.

2. Mandatory Access Control (MAC) :

 MAC is a more rigid access control model where access policies are established by a central
authority, not by individual owners.
 Often used in environments requiring high security, such as government or military applications.
 Users cannot alter access policies or grant permissions.

3. Role-Based Access Control (RBAC) :

 RBAC assigns permissions based on roles rather than individual user identities.
 Users are assigned roles, and roles have predefined permissions.
 Suitable for large organizations where roles reflect job functions.
 Difference between DAC, MAC, RBAC

Authentication vs Authorization

Intrusion detection

 A system called an intrusion detection system (IDS) observes network traffic for malicious transactions
and sends immediate alerts when it is observed.
 It is software that checks a network or system for malicious activities or policy violations.
 Each illegal activity or violation is often recorded either centrally using an SIEM (security information and
event management) system or notified to an administration.
  IDS monitors a network or system for malicious activity and protects a computer network from
unauthorized access from users, including perhaps insiders.

Classification of Intrusion Detection System(IDS)

IDS

Application
NIDS HIDS PIDS Hybrid IDS
PIDS

Network Intrusion detection System(NIDs) –

 Network intrusion detection systems (NIDS) are set up at a planned point within the network to examine
traffic from all devices on the network.
 Once an attack is identified or abnormal behavior is observed, the alert can be sent to the administrator.
 An example of a NIDS is installing it on the subnet where firewalls are located in order to see if someone
is trying to crack the firewall.

Host Intrusion detection System(NIDs) –

 HIDS run on independent hosts or devices on the network.

 A HIDS monitors the incoming and outgoing packets from the device only and will alert the administrator
if suspicious or malicious activity is detected.
 It takes a snapshot of existing system files and compares it with the previous snapshot.
 If the analytical system files were edited or deleted, an alert is sent to the administrator to investigate.

Protocol-based Intrusion Detection System (PIDS) –

 PIDS comprises a system or agent that would consistently reside at the front end of a server, controlling
and interpreting the protocol between a user/device and the server.
 PIDS is for securing the web server by monitoring the HTTPS protocol stream.

An application-based intrusion detection system(APIDS) -

 APIDS is a system that stays within a group of servers.

 It identifies the intrusions by monitoring and interpreting the communication on application-specific
protocols.
 APIDS uses machine language to establish the baseline of the expected system behavior in terms of
bandwidth, parts, protocol, and device usage.

Hybrid Intrusion Detection System –

 Hybrid intrusion detection system is made by the combination of two or more approaches to the
intrusion detection system.
 In the hybrid intrusion detection system, the host agent or system data is combined with network
information to develop a complete view of the network system.
 The hybrid intrusion detection system is more effective in comparison to the other intrusion detection
system.
 Prelude is an example of Hybrid IDS.

Intrusion Detection System Evasion Techniques

 Fragmentation: Dividing the packet into smaller packet called fragment and the process is known as
fragmentation. This makes it impossible to identify an intrusion because there can’t be a malware
signature.
  Packet Encoding: Encoding packets using methods like Base64 or hexadecimal can hide malicious
content from signature-based IDS.
 Traffic Obfuscation: By making message more complicated to interpret, obfuscation can be utilised to
hide an attack and avoid detection.
 Encryption: Several security features, such as data integrity, confidentiality, and data privacy, are
provided by encryption. Unfortunately, security features are used by malware developers to hide attacks
and avoid detection.

Detection Method of IDS

1. Signature Detection: The signature-based IDS can detect the attacks whose patterns are already present in
the system but are unable to detect new or unknown malicious or attack network traffic.
2. Anomaly Detection: The anomaly-based intrusion detection system was introduced to detect unknown
malicious attacks as new attack methods are developed quickly. This detection method uses machine
learning to create a trustful activity model, and anything that comes is compared with that model to detect
malicious traffic or patterns.
3. Hybrid detection: This IDS uses both signature-based as well as anomaly-based detection system and enable
it to detect potential threats with a minimum error rate.

Advantages of IDS

 It keeps a check on the routers, firewalls, key servers, and files and uses its database to raise the alarm
and send notifications.
 Offer centralized management for the correlation of the attack.
 Act as an additional layer of protection for the company.
 It analyzes different attacks, identifies their patterns, and helps the administrator to organize and
implement effective control.
 Provide system administrators the ability to quantify the attack.
 An intrusion detection system in cyber security help detects cybersecurity problems.

SQL injection

 SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend
database manipulation to access information that was not intended to be displayed.
 This information may include any number of items, including sensitive company data, user lists or private
customer details.
 The impact SQL injection can have on a business is far-reaching.
 A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and,
in certain cases, the attacker gaining administrative rights to a database, all of which are highly
detrimental to a business.
 While this vector can be used to attack any SQL database, websites are the most frequent targets.

Types of SQL Injections

1. In-band SQLi -
 The attacker uses the same channel of communication to launch their attacks and to gather their
results.
 In-band SQLi’s simplicity and efficiency make it one of the most common types of SQLi attack. There
are two sub-variations of this method:
 Error-based SQLi—the attacker performs actions that cause the database to produce error
messages. The attacker can potentially use the data provided by these error messages to
gather information about the structure of the database.
 Union-based SQLi—this technique takes advantage of the UNION SQL operator, which fuses
multiple select statements generated by the database to get a single HTTP response. This
response may contain data that can be leveraged by the attacker.
2. Inferential (Blind) SQLi –
 The attacker sends data payloads to the server and observes the response and behavior of the server
to learn more about its structure.
 This method is called blind SQLi because the data is not transferred from the website database to
the attacker, thus the attacker cannot see information about the attack in-band.
 Blind SQL injections rely on the response and behavioral patterns of the server so they are typically
slower to execute but may be just as harmful. Blind SQL injections can be classified as follows:
 Boolean—that attacker sends a SQL query to the database prompting the application to
return a result. The result will vary depending on whether the query is true or false. Based
on the result, the information within the HTTP response will modify or stay unchanged. The
attacker can then work out if the message generated a true or false result.
 Time-based—attacker sends a SQL query to the database, which makes the database wait
(for a period in seconds) before it can react. The attacker can see from the time the database
takes to respond, whether a query is true or false. Based on the result, an HTTP response will
be generated instantly or after a waiting period. The attacker can thus work out if the
message they used returned true or false, without relying on data from the database.
3. Out-of-band SQLi –
 The attacker can only carry out this form of attack when certain features are enabled on the
database server used by the web application.
 This form of attack is primarily used as an alternative to the in-band and inferential SQLi techniques.
 Out-of-band SQLi is performed when the attacker can’t use the same channel to launch the attack
and gather information, or when a server is too slow or unstable for these actions to be performed
 These techniques count on the capacity of the server to create DNS or HTTP requests to transfer
data to an attacker.

Ways to prevent SQLi

 Use Prepared Statements and Parameterized Queries

 Use Stored Procedures
 Validate User Input
 Use ORM (Object-Relational Mapping) Libraries
 Escape User Inputs
 Implement Least Privilege
 Use Security Tools
 Regular Security Audits and Penetration Testing
 Error Handling
 Keep Software Updated
 Use Web Frameworks with Built-In Protections
 MODULE 6

Difference between Object Oriented DBMS and Object relational DBMS

Comparison between RDBMS, OODBMS, ORDBMS

OODBMS

Logical Database
  A Logical Database is a special type of ABAP (Advance Business Application and Programming) that is
used to retrieve data from various tables and the data is interrelated to each other.
 Also, a logical database provides a read-only view of Data.

Structure Of Logical Database:

 A Logical database uses only a hierarchical structure of logically related tables i.e. Data is organized in a
Tree-like Structure.
 The data is stored as records that are connected to each other through edges (Links).
 Logical Database contains Open SQL statements which are used to read data from the database.
 The logical database reads the program, stores them in the program if required, and passes them line
by line to the application program.

 Structure of Logical database

Features of Logical Database:

 We can select only that type of Data that we need.

 Data Authentication is done in order to maintain security.
 Logical Database uses hierarchical Structure due to this data integrity is maintained.
 With the help of a Logical Database, Performance is improved.
 With the help of the Logical database, we will read the same data from multiple programs.
 A logical database defines the same user interface for multiple programs.

Web database

 A web database is a system for storing and displaying information that is accessible from the Internet /
web.
 The database might be used for any of a wide range of functions, such as a membership database, client
list, or inventory database.
 A web database is a type of Web Application.
 A Web database is a database application designed to be managed and accessed through the Internet.
 A web database is ideal for situations when the information should be shared, or when it must be accessed
from various locations.
 An example of where a web database may be used is for an online forum.

Benefits of Web database

 Provides simplicity • Facilitates transparent network access

 Web-DBMS is Platform independence • Scalability
 Provides Graphical User Interface (GUI) • Innovation
 Standardization
 Provides Cross-platform support

Distributed Database
• In the most basic terms, a distributed database is a database that stores data in multiple locations instead of one
location.
• This means that rather than putting all data on one server or on one computer, data is placed on multiple servers
or in a cluster of computers consisting of individual nodes.
• These nodes are oftentimes geographically separate and may be physical computers or virtual machines within a
cloud database.
• Two types :

1. Homogeneous distributed Db

In a homogeneous distributed database, the machines, nodes, servers, or sites store the same data, use the
same data model, work with the same operating system, and share the same distributed database management
system (DDBMS). It has 2 subsets:
 Autonomous distributed databases: In an autonomous distributed database, nodes work on
their own with their own complete set of data, only requiring an application to facilitate
universal updates across all nodes or messaging between nodes.
 Non-autonomous distributed databases: In non-autonomous distributed databases, nodes
rely on a centralized database management system (DBMS) to coordinate data distribution,
communications, and all updates.

2. Heterogeneous distributed Db

 In a heterogeneous distributed database, different machines or sites may house different data sets, use
different operating systems, contain different data schemas, and require software to facilitate
communication between machines.
 Further, different sites may not even be aware of the existence of other sites. It has 2 subsets:
 Federated distributed databases: In a federated distributed database, multiple nodes —
which are able to function completely on their own and may contain different data — can
work together and function as one entity. This means that when a query occurs, the system
determines which node is best equipped to respond and passes the query appropriately.
This process is sometimes referred to as data virtualization.
 Unfederated distributed databases: In an unfederated distributed database, each node
operates individually and there is a central application that manages the access to each
database in each node.

Data Warehousing:

 Data warehousing refers to the process of collecting, storing, and managing large volumes of data from
different sources in a centralized repository.
 This repository, known as a data warehouse, is designed to facilitate querying and analysis, providing a
consolidated view of an organization's historical and current data for decision-making purposes.
 The data is often structured and optimized for read-heavy operations, making it suitable for reporting,
business intelligence, and data analysis.

Data Mining

 Data mining is the process of discovering patterns, correlations, and insights from large sets of data
using statistical, mathematical, and computational techniques.
 It involves extracting meaningful information from raw data by identifying trends, anomalies, and
relationships that can be used for predictive analysis, decision support, and strategic planning.
 Data mining techniques include classification, regression, clustering, association analysis, and anomaly
detection, often employing algorithms from fields such as machine learning and artificial intelligence.