TOPIC: Database Security

Roll # 161506
Name: Remshaa Javed
Subject: System Security
Overview:
 In today’s world, we need everything to be secured whether it is a mobile,
computer, vehicle or almost anything.
 Threats and risk to database have increased, So there is a need for security
of the database. The majority companies store sensitive data in database.
E.g.: Credit card number’s, University Admission, Land record.
 If there is no security to database what happens??? Data will be easily
corrupted.
What is Database Security?
• Database:
It is a collection of information stored in a computer.
• Security:
It is being free from danger.
• Database Security:
It is a mechanism that protects database against intentional and
accidental threats.
Definition of Database Security:
Database security is defined as a process by which “ Confidentiality, Integrity
and Availability” of database can be protected.
Database Security Concept:
1. Confidentiality
2. Integrity
3. Availability
Confidentiality:
Confidentiality refers to protecting information from being accessed by
unauthorized parties. In other words, only the people who are authorized to
do so can gain access to sensitive data. Imagine your bank records. You
should be able to access them, of course, and employees at the bank who
are helping you with a transaction should be able to access them, but no
one else should. A failure to maintain confidentiality means that someone
who shouldn't have access has managed to get it, through intentional
behavior or by accident. Such a failure of confidentiality, commonly known
as a breach, typically cannot be remedied. Once the secret has been
revealed, there's no way to un-reveal it. If your bank records are posted on a
public website, everyone can know your bank account number, balance,
etc., and that information can't be erased from their minds, papers,
computers, and other places. Nearly all the major security incidents reported
in the media today involve major losses of confidentiality.
Integrity:
Integrity refers to ensuring the authenticity of information—that information is
not altered, and that the source of the information is genuine. Imagine that
you have a website and you sell products on that site. Now imagine that an
attacker can shop on your web site and maliciously alter the prices of your
products, so that they can buy anything for whatever price they choose. That
would be a failure of integrity, because your information—in this case, the
price of a product—has been altered and you didn't authorize this alteration.
Another example of a failure of integrity is when you try to connect to a
website and a malicious attacker between you and the website redirects your
traffic to a different website. In this case, the site you are directed to is not
genuine.
 Availability:
 The other thing we want to do with this data is make sure that the people
who need to see it are the authorized individuals that can get to data and
that’s all about availability because even if we have confidentiality and
integrity if we have a denial of service or the authorized user isn’t able to
get to the data when they need it that’s a problem as far as the business is
concerned.
Security Problems:
There are two kinds of threat.
• Non-fraudulent Threat
• Fraudulent Threat
 Non-fraudulent Threat:
1. Natural or accidental disasters.
2. Errors or bugs in hardware or software.
3. Human errors.
 Fraudulent Threat:
Authorized users:
Those who abuse their privileges and authority.
Hostile agents:
Those improper users (outsider or insiders) who attack the software and/or
hardware system, or read or write data in a database
Security of Database through Firewalls:
 A FIREWALL is dedicated software on another computer which inspects
network traffic passing through it and denies (or) permits passage based on
set of rules. Basically it is a piece of software that monitors all traffic that
goes from your system to another via the Internet or network and Vice
Versa. Database Firewalls are a type of Web Application Firewalls that
monitor databases to identify and protect against database specific
attacks that mostly seek to access sensitive information stored in the
databases.
 Method of Securing the Database:
 Encryption: This is the process of transforming plain text information using an
encryption algorithms (called cipher) to make it unreadable to anyone
except those possessing special knowledge, usually referred to as a key.
 Web-based Database Security: Some Methods are proposed to establish
security of Web database against illegitimate intrusion. The data
transmission from server to the client should be in a secured way (use
Secure Socket Layer).SSL encrypt the link between a client and serve which
ensures that all data passed between them remain private and free of
attack.
 Authentication and Access Control: Authentication is used to check
properly the identity of the user and Access Control controls the user
actions or operations.