DATABASE

SECURITY
GROUP 1
 CONTENTS
01 INTRODUCTION TO DATABASE SECURITY

02 DATABASE SECURITY AND DBA

03 DATABASE SECURITY TIPS

04 DATABASE SECURITY AND PRIVACY

05 LOGICAL DATABASE SECURITY

 01
INTRODUCTION TO
DATABASE SECURITY
 DATABASE SECURITY

 Refers to critical aspect of information technology, encompassing the techniques and

practices used to protect databases.

 Database security involves protecting it from;

unauthorized access, use, disclosure, disruption, modification, or destruction.

 It involves a multi-layered approach to safeguard the integrity, confidentiality, and

availability of data stored within a database management system (DBMS).

 02
DATABASE SECURITY
AND DBA
 DBA IN DATABASE SECURITY
Database administrators (DBAs) ensure database security by:
 Implementing Access Controls: Defining who can access the database and what level
of access they have (e.g., read-only, read-write, administrative).
 Regular Security Audits: Conducting periodic checks to identify and address
vulnerabilities.
 Encryption: Implementing encryption techniques to protect data at rest and in transit.
 Intrusion Detection: Monitoring database activity for suspicious patterns that could
indicate a security breach.
 Disaster Recovery Planning: Developing strategies to recover data in case of a security
incident or other disruptive event.
 03
DATABASE
SECURITY
TIPS
 DATABASE SECURITY TIPS
 Strong Passwords: Enforce strong, unique passwords for database accounts.
 Least Privilege Principle: Grant users only the minimum necessary privileges to
perform their tasks.
 Regular Patching and Updates: Keep the database software and underlying operating
system updated with the latest security patches (File definition/ Signature file).
 Data Loss Prevention (DLP): Implement DLP measures to prevent sensitive data from
leaving the organization's network.
 Regular Backups: Perform regular backups and conduct restoration tests to ensure data
recoverability.
 Security Awareness Training: Educate users about security best practices and the
importance of protecting sensitive data.
 04
DATABASE
SECURITY
AND PRIVACY
 DATABASE SECURITY AND PRIVACY

The database security must address and protect the following:

 The data in the database.

 The database management system (DBMS).

 Any associated applications.

 The physical / virtual database server and the underlying hardware.

 The network infrastructure that is used to access the database.

 DATA IN THE DATABASE
 Data Encryption: Encrypt sensitive data at rest and in transit using strong
encryption algorithms (e.g., AES-256).
 Data Masking: Replace sensitive data with non-sensitive values for testing and
development.
 Access Control: implement Role based access control to restrict access based on
user roles.
 Regular Backups: Implement regular backups of the database to ensure data
recovery in case of a security incident. Store backups in a secure location with
access control.
 DBMS

 User Identification, Authentication and Authorization: Implement robust

authentication mechanisms (e.g., multi-factor authentication) and fine-grained
authorization controls (e.g., role-based access control) after ensuring Confidentiality and
integrity of the user.
 Regular Security Audits: Conduct regular security audits to identify and address
vulnerabilities.
 Patch Management: Keep the DBMS software and its components up-to-date with the
latest security patches. This will update the File Definition/ Signature File.
 APPLICATIONS ASSOCIATED WITH THE DATABASE

 Secure Coding Practices: Ensure that applications accessing the database

follow secure coding practices to prevent vulnerabilities like SQL injection.

 Input Validation: Validate and sanitize all user inputs to prevent malicious

attacks.

 Regular Penetration Testing: Conduct regular penetration testing to identify

and address vulnerabilities in applications.

 PHYSICAL ARCHITECTURE
 Physical Security: Secure the physical location of the database server with appropriate physical

security measures (e.g., locks, surveillance).

 Network Security: Implement network security measures such as firewalls, intrusion detection

systems (IDS), and intrusion prevention systems (IPS) to protect the database server from

external threats (e.g., NIDS, HIPS).

 Hardware Security: Use secure hardware components like Trusted Platform Modules (TPMs) to

enhance system security.

 Employee Training: Train employees on security best practices and the importance of data

security.
 NETWORKING INFRASTRUCTURE

 Network Segmentation: Isolate the database server and associated applications on a

separate network segment to limit exposure.

 Virtualization: Consider using virtualization technologies to improve security and

resource management.

 Network Monitoring: Monitor network traffic for suspicious activity and respond to

incidents promptly (e.g. Nagios, Zabbix).

 Incident Response Plan: Develop and test an incident response plan to handle security

breaches effectively.
 05
LOGICAL DATABASE
SECURITY
 LOGICAL DATABASE SECURITY
Logical database security focuses on controlling access to data based on user roles and
permissions. It involves implementing access control mechanisms such as:
 User Authentication: Verifying the identity of users before granting access to the
database.
 Authorization: Defining which users are allowed to access specific data objects (e.g.,
tables, views) and what operations they can perform (e.g., read, write, delete).
 Role-Based Access Control (RBAC): Assigning users to roles and granting permissions
to roles rather than individual users.
QUERIES ON
SECURITY
 USER AUTHENTICATION
Syntax:
 Creating Users: CREATE USER user_name WITH PASSWORD 'password';
 Dropping Users: DROP USER user_name;

Example
 CREATE USER ‘kimwaga’@’localhost’ WITH PASSWORD 'password';
 SELECT user, host, password from mysql.user;
 DROP USER ‘enzo’@’localhost’;
 ACCESS CONTROL
Granting Privileges:
Syntax:
 GRANT SELECT, INSERT, UPDATE, DELETE ON table_name TO user_name;
 GRANT ALL PRIVILEGES ON table_name TO role_name;

Example:
 GRANT SELECT, INSERT, UPDATE, DELETE ON patient TO kimwaga;
 GRANT ALL PRIVILEGES ON table doctor TO Admin;
 Cont..
Revoking Privileges:
Syntax
 REVOKE SELECT, INSERT ON table_name FROM user_name;
 REVOKE ALL PRIVILEGES ON table_name FROM role_name;

Example
 REVOKE SELECT, INSERT ON patient FROM enzo;
 REVOKE ALL PRIVILEGES ON doctor FROM user 1;
 ROLE-BASED ACCESS CONTROL
Syntax
 Creating Roles:
CREATE ROLE role_name;
 Granting Privileges to Roles:
GRANT SELECT, INSERT ON table_name TO role_name;
 Assigning Users to Roles:
GRANT role_name TO user_name;
Example
 CREATE ROLE Admin;
 GRANT SELECT, INSERT ON doctor TO Admin;
 GRANT Admin TO enzo;
THANK YOU!
GROUP MEMBERS
01
1. RICHARD SHANIBU
2. ISAAC YUSUPH
3. HILDA RAPHAEL
4. GLORY MWAKA
02
5. ELTON RICARDO
6. HELEN VEDASTUS

03