Database Security

By: meow
Ch5

What is Encryption?
Encryption converts data into unreadable formats to prevent unauthorized
access.

Types of Encryption:
1. Symmetric Encryption: Uses the same key for encryption and
decryption.
2. Asymmetric Encryption: Uses a public key for encryption and a private
key for decryption
Example on Symmetric Encryption: AES, DES.
Example on Asymmetric Encryption: RSA, ECC.

Why Encryption Matters?:

1. Ensures confidentiality of sensitive data.
2. Protects data during storage and transmission.
3. Helps comply with regulations like GDPR, PCI DSS, and HIPAA.

Secure Data Transmission Protocols

1. TLS: Encrypts communication over networks.
2. HTTPS: Protects web traffic.
3. VPNs: Encrypts data over public networks
CODE EXAMPLES

MySQL AES Encryption:

SELECT AES_ENCRYPT('SensitiveData', 'EncryptionKey') AS EncryptedData;

AES Decryption:
SELECT AES_DECRYPT(EncryptedData, 'EncryptionKey') AS OriginalData;

SQL Example: Encrypting Data Before Storage

INSERT INTO SecureTable(ID, EncryptedField)
VALUES (1, AES_ENCRYPT('Confidential Info', 'Key123'));

SQL Example: Decrypting Data for Retrieval

SELECT AES_DECRYPT(EncryptedField, 'Key123') AS DecryptedField
FROM SecureTableWHERE ID = 1;

Steps to Enable SSL:

1. Generate SSL certificates.
2. Configure MySQL server to use certificates.
3. Enable SSL for clients
Best Practices Protecting API Communication:
1. Always use HTTPS.
2. Include authentication tokens.
3. Use encrypted payloads for sensitive data.
Real-World Encryption Example
Case Study: Securing payment data in an e-commerce platform.

• Solution: Use AES encryption for sensitive payment details.

• Result: Reduced data breach incidents.

Challenges in Encryption
1. Managing encryption keys securely.
2. Performance overhead for large datasets.
3. Ensuring compliance with evolving standards
Ch6

What is Data Corruption?

Data corruption occurs when data becomes inaccessible, unreadable, or
altered in unintended ways.
Types of Corruption:
1. Logical Corruption: Errors in data organization or query execution.
2. Physical Corruption: Hardware-related damage affecting data storage.

Causes of Data Corruption:

1. Software Bugs
2. Hardware Failures
3. Human Errors
4. Cyberattacks

Impact of Data Corruption:

1. Loss of critical business information.
2. Operational disruptions and downtime.
3. Financial and reputational damage

Preventing Data Corruption

1. Use RAID configurations for disk reliability.
2. Enable checksums to detect file integrity issues.
3. Regularly update and patch database software.
CODE EXAMPLES:

MySQL Integrity Check Tools:

CHECK TABLE: Detects table corruption.
[CHECK TABLE TableName; ]

REPAIR TABLE: Fixes table corruption.

[REPAIR TABLE TableName;]

Backup in MySQL:
[mysqldump-u root -p --databases DatabaseName > C:\Backups\backup.sql]
Explanation: )‫ (شرح للكود‬This command exports the entire database into a
backup file (backup.sql).

• U root -p → Logs in as root, prompting for a password.

• --databases DatabaseName → Specifies the database to backup.
• > C:\Backups\backup.sql → Saves the backup file at C:\Backups.

Restoring Data from Backup:

[mysql -u root -p DatabaseName <C:\Backups\backup.sql]
Explanation: This command restores the database using the previously
created backup file

• mysql -u root -p → Logs into MySQL as root.

• DatabaseName → The name of the database where data will be
restored.
• <C:\Backups\backup.sql → Uses the backup file to restore data
Enable Binary Logging in MySQL:
1. Open the my.ini configuration file in:
[C:\ProgramData\MySQL\MySQL Server 8.0\my.ini]

2. Add the following under the [mysqld] section:

[log_bin="C:/ProgramData/MySQL/MySQL Server 8.0/mysql-bin"
expire_logs_days=7]

Restart MySQL:
Run the following cmd command:
[net stop mysql]
[net start mysql]

Explanation:
log_bin → Enables binary logging at a specific Windows path.
expire_logs_days=7 →Deletes logs older than 7 days
 Recovery Basics: Backups
Types:
1. Full Backup: Entire database.
2. Incremental Backup: Only changes since the last backup.
3. Differential Backup: Changes since the last full backup

Real-World Case Study

Incident: Financial institution lost critical data due to malware corruption.
Solution:

• Restored data from backups.

• Recovered transactions using binary logs.
• Implemented daily backups to prevent recurrence

Challenges in Recovery
1. Insufficient or outdated backups.
2. High recovery time affecting operations.
3. Loss of incremental data between backups

Best Practices for Recovery

1. Schedule automatic backups with retention policies.
2. Regularly test backups for reliability.
3. Enable database replication for failover support
Ch7

What is Unauthorized Access?

Unauthorized access occurs when individuals gain access to systems, data,
or resources without permission.
Examples:
1. Accessing a database using stolen credentials.
2. Exploiting poorly configured user permissions

Implications of Unauthorized Access:

1. Data Breaches
2. Data Manipulation.
3. Reputational Damage

Types of Access Controls :

1. Discretionary Access Control (DAC)
2. Mandatory Access Control (MAC)
3. Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC)

RBAC assigns permissions to roles instead of individual users, simplifying
management.
Example:

• Admin Role: Full access to all tables.

• Analyst Role: Read-only access to specific tables
CODE EXAMPLES
MySQL User Management Basics

Creating a New User:

[CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';]
Granting Permissions:
[GRANT SELECT ON DatabaseName.* TO 'username'@'localhost';]

Implementing RBAC in MySQL

• Step 1: Create a Role

[CREATE ROLE Analyst; ]

• Step 2: Assign Permissions to the Role

[GRANT SELECT ON DatabaseName.* TO Analyst;]

• Step 3: Assign the Role to a User

[GRANT Analyst TO 'user1'@'localhost']

Viewing Assigned Roles

[SHOW GRANTS FOR 'user1'@'localhost'; ]
Revoking Permissions and Roles
Revoke Permissions:
[REVOKE SELECT ON DatabaseName.* FROM 'user1'@'localhost'; ]
Revoke Roles:
[REVOKE Analyst FROM 'user1'@'localhost']

Auditing and Monitoring Access

Enable Logs: Use MySQL general and error logs.
[SET GLOBAL general_log= 'ON']

Common Unauthorized Access Scenarios

1. Using weak or default passwords.
2. Exploiting excessive user privileges.
3. Lack of multi factor authentication (MFA)

Preventing Unauthorized Access:

1. Enforce Strong Passwords
2. Implement Multi-Factor Authentication (MFA
3. Enable IP Whitelisting
Real-World Case Study: Unauthorized Access Breach
Incident: An attacker accessed a healthcare database using a default admin
account.
Impact: Millions of patient records exposed.
Lesson: Use strong passwords, disable default accounts, and implement MFA

Challenges in Implementing Access Controls

1. Balancing security and usability.
2. Maintaining compliance with data protection regulations.
3. Regularly updating and managing user roles.
Best Practices for Access Control
1. Regularly review user permissions.
2. Follow the principle of least privilege (PoLP).
3. Automate role assignments using tools like IAM (Identity Access
Management)
Ch8

Why Cloud Access Controls are Critical?

1. Distributed Access
2. Data Sensitivity
3. Dynamic Environments
Common Challenges in Cloud Database Security
1. Misconfigured permissions.
2. Insufficient logging and monitoring.
3. Lack of encryption for data at rest and in transit.
4. Insecure API endpoints

Role-Based Access Control (RBAC) in Cloud

Assigns permissions to roles, which are then assigned to users.
Example in AWS RDS:

• Admin Role: Full access to manage databases.

• Read-Only Role: Limited access for querying data

Configuring Access Controls in AWS RDS

Step 1: Create IAM policies defining access permissions.
Step 2: Attach IAM roles to database users.
Step 3: Use security groups to restrict IP-based access.
CODE EXAMPLES
Configuring Access Controls in Azure SQL Database

• Step 1: Define roles using T-SQL.

[CREATE ROLE db_reader;]
[GRANT SELECT TO db_reader;]
Step 2: Assign roles to Azure Active Directory (AAD) users.
Step 3: Use firewall rules to limit access by IP address.
Example: Azure SQL RBAC Implementation
Assign Role to User:
[CREATE USER [JohnDoe] FROM EXTERNAL PROVIDER; ALTER ROLE
db_readerADD MEMBER [JohnDoe];]

Example: AWS RDS Policy

• Grant permission to view all database schemas:

[GRANT SHOW DATABASES ON *.* TO 'username'@'host'; ]

• Grant permission to connect to the MySQL server:

[GRANT USAGE ON *.* TO 'username'@'host';]
Securing Data in Cloud Databases
1. Enable encryption for data at rest
2. Use SSL/TLS for data in transit.
3. Configure automated backups and snapshots

Real-World Case Study: Misconfigured Cloud Database

Incident: Overexposed S3 buckets led to a massive data breach
Solution:

• Restrict public access.

• Use IAM policies to define user-specific permissions

Challenges in Implementing Cloud Access Controls

1. Complex permission hierarchies.
2. Balancing accessibility and security.
3. High costs of advanced security configurations.

Best Practices for Cloud Database Security

1. Adopt the principle of least privilege (PoLP).
2. Regularly audit and update access policies.
3. Enable encryption and automated monitoring tools
Ch9

Why Emerging Trends Matter :

1. Rapid evolution of cyber threats requires continuous innovation.
2. Growing adoption of IoT and Big Data increases attack surfaces.
3. Compliance with new regulations demands adaptive security measures

Artificial Intelligence and Machine Learning in Database Security:

AI Applications:
1. Real-time threat detection using anomaly detection algorithms.
2. Automated responses to potential breaches.

Blockchain for Database Security:

Key Features:

• Immutable transaction records.

• Decentralized control reduces single points of failure.
Use Case: Securing audit trails in financial systems.

Homomorphic Encryption: Allows computation on encrypted data without

decryption.
Benefit: Ensures data remains secure during processing.
Example: Encrypted queries on sensitive healthcare records
Post-Quantum Cryptography :

• Challenge: Quantum computers can break traditional encryption

algorithms.
• Solution: Developing quantum-resistant algorithms, such as lattice
based cryptography

Zero Trust Architecture (ZTA) :

Principle: “Never trust, always verify.”
Application: Verifies user identity and device security before granting
database access

Challenges in Adopting Emerging Security Trends

1. High computational costs for advanced encryption methods.
2. Complexity of integrating AI/ML solutions into existing systems.
3. Lack of expertise in quantum-safe cryptographic implementations

Proactive vs. Reactive Security Approaches

1. Proactive Measures: AI-based monitoring, zero trust access.
2. Reactive Measures: Incident response plans, disaster recovery.
Ch10

Importance of Data Privacy Regulations

1. Protect individuals’ personal and sensitive information.
2. Prevent data misuse and breaches.
3. Build trust between organizations and customers.
Overview of Key Regulations
1. GDPR (General Data Protection Regulation):Applicable in the EU,
focuses on user consent, data minimization, and breach notification.
2. CCPA (California Consumer Privacy Act): Empowers Californians to
control their personal data.
3. HIPAA (Health Insurance Portability and Accountability Act):
Regulates health data protection in the U.S

Penalties for Non-Compliance

1. GDPR: Fines up to €20 million or 4% of annual turnover.
2. CCPA: Fines up to $7,500 per violation.
3. HIPAA: Fines range from $100 to $50,000 per violation

Implementing Data Protection Best Practices

1. Use encryption for sensitive data at rest and in transit.
2. Regularly audit and update access control policies.
3. Educate employees about data privacy regulations.
Challenges in Compliance
1. High costs of implementing compliance measures.
2. Evolving regulations require continuous updates.
3. Balancing data utility with privacy requirements.
Tools for Compliance Management
1. Open Source
2. Cloud Platforms
3. Third-Party Solutions
Proactive Compliance Strategies
1. Data Minimization
2. Breach Response Plans
3. Automated Reporting

CODE EXAMPLES

GDPR Compliance in Database Security

Right to Access: Users can request their stored data.
[SELECT * FROM Users WHERE UserID= '12345'; ]
Right to Erasure: Users can request their data to be deleted.
[DELETE FROM Users WHERE UserID= '12345';]

CCPA Compliance in Database Security

(information): Provide data transparency and enable users to opt-out of data
sharing.
1. SQL Example: Mark data as “Do Not Sell.”
[UPDATE Users SET OptOut= TRUE WHERE UserID= '12345';]
HIPAA Compliance in Database Security
1. Data Encryption: Encrypt sensitive health records.
[SELECT AES_ENCRYPT('PatientInfo', 'Key123') AS EncryptedData;]
2. Access Logs: Track access to sensitive data.

Data Anonymization Techniques

1. Masking sensitive data during processing.
2. SQL Example:
[UPDATE Users SET PhoneNumber= CONCAT(LEFT(PhoneNumber, 3), 'XXX-
XXXX');]

SQL for Auditing and Monitoring

1. Enable logs to track user activity.
[SET GLOBAL general_log= 'ON';]
2. Query audit data:
[SELECT * FROM mysql.general_logWHERE User_Host LIKE '%admin%']

‫األقواس ذي‬
[]
‫الي حول االكواد مو ألزاميه حطيتها عشان تنتبهون للكود بس مو من ضمن الكود هي‬
‫ادعولي‬
<<3