Databases:

Summary:
In this chapter we studied what databases essentially are and its basic concepts and components
and various advantages of using databases. We briefly learnt and understood the basic security
requirements of database such as: Physical database integrity, Logical database integrity, Element
integrity, Auditability, Access control, User authentication and availability of the database. We learnt
how security issues like reliability and integrity are more obvious in databases. Database integrity,
Element integrity and Element integrity are the three major concerns of databases. In our past
chapters we studied how O.S. provides protection to the user and database but the database
manager is to enhance these securities. The databases securities such as two-phase update, internal
consistency, recovery and concurrency are to be enhanced by the database manager. We learnt
about the database disclosure. As database also consists of sensitive data we also learnt about
various types of database disclosure and how to prevent data disclosure using data suppression and
modification. We also learnt about the data mining which is finding very specific data from vast fields
of haystacks of data which is known as big data.

What is database security and why we need it?

Database security is combination of various controls and countermeasures to secure a database

management system. It is used to protect the confidentiality and integrity and protects the database
from any malicious or unauthorized access or cyber-attacks. We should understand that the more a
database is accessible the less secure it becomes. Thus there is various security precautions needed
to follow to keep a database secure. We need to maintain the database security for the following
reasons:

 Human error
 Malware.
 Physical location security.
 Backup attacks.
 Software vulnerabilities.
 Insider threats, etc.

Database security best practices:

1) Secure User Access

Inside threats:
Most of the inside threats come from the users who has the access to the database. May these
threats are malicious or accidentals, inside breaches are a very common type of database threats
which occurs due lots of users having access the data base.

Solutions:
To keep the database secure it is at most crucial to give the database access to minimum number of
the users. Also to make the database more secure, access can be only provided to the user only
when he is operating on the database.
Other standard practices to secure the account:

 Use strong passwords to keep the account from being hacked.

 Using encrypted password hashes.
 Deleting all the unused former employee accounts.
 Auto locking of accounts after several failed attempts.

2) Use Secure Applications and Software:

It is very important that all the software’s that communicates directly with the database are to be
secured separately to avoid any security threats. If we are using any external applications to
communicate with the database, the application should have its own firewall and protection layers.

Example of SQL injection:

As mentioned above if we are using a web application that is communicating with the database then
even if the application is secured or not the database firewall settings whitelists this application. If
there are any security issues or vulnerabilities in the software then the database can be accessed
thorough backdoor entry and risks of SQL injection.

Solution:
To avoid such security threats best practices are to sue web server firewall that secures the database
from any type of external attacks or backdoor entry.

3) Perform security testing:

Upon setting up all the security layers we should conduct penetration tests and vulnerability
scanning tools. This will help us to find unguarded parts of database if they exist. We should try to do
these testing to find if any possibilities of any vulnerabilities before our database goes live.

4) Ensuring hardware security:

Hardware security is also one of the most import aspects of database security. Private servers and
data centres are very much venerable for any physical attacks which are not easy to detect. Proper
cooling system is very much essential to keep the database safe on cloud or on premises. We should
also safeguard this hardware by adding an extra layer of physical security such as cameras, locks,
security guards, etc.

5) Regularly update your operating system and patches:

To safeguard the database from the recently discovered vulnerabilities we should regularly update
our operating system. We should enable all the security functions and controls provided by
database. If the databases are connected to the various third party software’s then all the software’s
must have their own patches.
6) Encrypt data and backups:

Encryption is the best and recommended way to secure the database. This makes the data almost
impossible to be intercepted by anyone without encryption key. We should not only encrypt the
transit data but all the previous stored data as well. We should keep the decryption key separate
from the encrypted data follow strict guidelines to manage the key to prevent any security breaches.

7) Use multiple firewalls:

We can protect our database with the help of one firewall which provides first layer security in
database security framework. But using only one firewall doesn’t stop the SQL injection attacks. Thus
we need to add multiple firewalls to protect from these SQL attacks. The following three firewall are
able to provide the needed security:

 Packet filter firewall

 Proxy server firewall.

 Stateful packet inspection

Day by day the nature of cyber-attacks is evolving and we need to follow the above steps to
minimize these threats and protect your database, servers and the users. We must constantly
monitor all the security measures to jeep us protected from the evolving cyber-attacks the more
proactive we are the better the security of our databases.

Ref.

https://phoenixnap.com/kb/database-security

https://www.tripwire.com/state-of-security/featured/database-security-best-practices-you-should-
know/

https://securityintelligence.com/articles/database-security-best-practices-essential-guide/

https://www.esecurityplanet.com/networks/database-security-best-practices/

https://www.netwrix.com/data_security_best_practices.html
Cloud Computing

Summary:

In this chapter we learnt about various cloud computing concepts and its service models. Before
moving to the cloud we should first analyse the risks involved in the process and various cloud
services providers in the market. Further we studied various cloud security tools and techniques
such as data protection in the cloud, cloud application securities and logging and incident response.
The SAML is and XML based standard that defines a way for systems to securely exchange user
identity and privilege information. OAuth is an authorization standard used to authorize third-party
application to access the API on the behalf of the users. We also learnt about public IaaS versus
private network security and how IaaS is more vulnerable to attacks and threats. And at the end we
studied the future of cloud computing.

What is cloud computing?

Generally hosted services that are delivered over the internet is known as cloud computing. Cloud
computing is divided into infrastructure as a service (IaaS), platform as a service (PaaS) and software
as a service (SaaS). Services such as servers, storage, database, network, software, analytics, etc. are
provided in cloud computing.

Why Cloud Computing?

All big and small business organizations upon application of cloud computing has various advantages
such as security, scalability, integration, cost-cutting, flexibility, performance, etc.

Why organizations need data loss protection?

There are lots of data breaches that occur and an average data breach costs around $3.86 million
(mcafee). It many vary from large organizations to small organizations. Thus cloud data loss
prevention (DLP) is used to protect an organization’s sensitive information form cyber-attacks and
security threats.
Best practices for cloud Data Loss Prevention (DLP) :

1) Prioritize your data:

All the data on cloud is not equally critical to threats that needs loss prevention. Thus we have to
find out the data which is most important and very critical for an organization and can cause major
problems if attackers attacks and steals it.

2) Classify the data:

We have to classify the data with the user who created it. Highly sensitive data such as Social
Security Numbers or credit card numbers of customers, etc. There are various pre-configured rules
for PCI, PII, etc.

3) Understand when data is at risk:

Flies with the most sharing permissions are often at risk due to high of cyber-attacks. Similarly
sensitive files. In addition, sensitive files owned by privileged and highly targeted users can also be at
risk.

4) Monitor data in motion.

We should monitor our data continuously which is in motion to understand if anything goes wrong
with their sensitive data and to find the scope of risks that DLP should address.

5) Implement a single centralized DLP program:

Implementing inconsistent DLP practices leads to lack of visibility into our data assets and weak into
our data security. Also many employees many times ignore department DLP programs that are not
supported by the organizations.

6) Practice exact data matching.

This helps us to create custom identifiers which are unique to our company such as financial services
account numbers, local forms of ID, or medical record numbers.

7) Educate employees and provide continuous guidance:

Employees most of the times doesn’t recognise if their actions may cause data loss, thus training the
employees can significantly reduce the data loss by insider attacks. CASBs allow us to notify the users
if there are any DLP violations in the cloud.

8) Rollout:

Whenever we are implementing a DLP program, we should apply new security controls to only a
single subset of the most sensitive data first which makes it easier to implement and manage.
Overtime further application of these security controls can be performed so there are minimum
minimal disruptions.

9) It should be made mandatory to work using corporate VPN to gain access to the organization’s
cloud resources.

10) We should install DLP agent’s users system and in case of IaaS a DLP server is to be inserted as a
proxy in between user system and organization cloud servers.

Ref:

https://www.techtarget.com/searchcloudcomputing/definition/cloud-computing#:~:text=Cloud
%20computing%20is%20a%20general,as%20a%20service%20(SaaS).

https://www.mcafee.com/enterprise/en-in/security-awareness/data-protection/dlp-best-
practices.html

https://www.proofpoint.com/us/threat-reference/cloud-dlp#:~:text=Your%20Free
%20Consultation-,What%20is%20Cloud%20DLP%3F,in%20SaaS%20and%20IaaS%20applications.

https://www.cloudcodes.com/blog/data-loss-prevention-for-cloud-computing.html

https://nightfall.ai/data-loss-prevention-best-practices-strategies