Chapter 10: Database Protection

What is Database protection?

Database protection means protecting data from unauthorized access,
corruption, or loss. Its purpose is to ensure confidentiality, integrity, and
availability of data. Here are some key concepts that are essential for
database protection:

1. Access Control: It ensures that only authorized users can access the
database. This includes user authentication (username and password) and
authorization (setting permissions).

2. Encryption: By encrypting the data it is protected from unauthorized

access. When data is encrypted, only authorized users can read the data
through the decryption key.

3. Backups: It is important to take regular backups so that if data loss or

corruption occurs, you can recover your data. This is an important part of
disaster recovery.

4. Firewalls: Firewalls are network security devices that monitor traffic to

prevent unauthorized access. These protect the database from external
threats.

5. Auditing and Monitoring: It is important to monitor database activity and

keep audit logs so that any suspicious activity can be tracked. This will let you
know who accessed what.

6. Data Masking: Masking sensitive data prevents the real data from being
visible to unauthorized users. This is useful in development and testing
environments.
7. Regular Updates and Patching: Database software and operating systems
should be kept secure through regular updates and patches. These are helpful
in fixing vulnerabilities.

Security Issues:
There are some common security issues in Database Management Systems
(DBMS) that can put the security of data at risk. Some important security
issues are mentioned here:
1. Unauthorized Access: If users are not granted appropriate permissions,
unauthorized logs can access the database, which may expose sensitive
data.

2. SQL Injection: This is a common attack in which attackers inject

malicious SQL queries into the database. They try to modify, delete, or
gain unauthorized access to the data.

3. Data Breaches: If the database is not properly secured, then attackers

can steal sensitive information, such as personal data or financial
records.

4. Poor Authentication Mechanisms: Using weak passwords or

inadequate authentication methods increases the risk of unauthorized
access. Strong password policies and use of multi-factor authentication
are essential.

5. Insider Threats: Sometimes authorized users can misuse sensitive data.

Therefore, monitoring and auditing is necessary so that any suspicious
activity can be detected immediately.

6. Data Loss: Data loss can occur due to hardware failures, natural
disasters, or accidental deletions. Taking regular backups is a good way
to avoid this.
 7. Insecure Data Transmission: If the data is not encrypted when it is
being transferred through the network, then attackers can intercept
our data. Secure protocols, such as HTTPS, should be used.

8. Vulnerabilities in Software: There may be bugs or vulnerabilities in

DBMS software which give an opportunity to attackers to exploit. It is
necessary to apply regular updates and patches.

Threats to Databases:
Databases have to face many types of threats. Here are some common
threats:

1. Malicious Attacks: These attacks are carried out by hackers or

cybercriminals, which include SQL injection, malware, and denial-of-service
(DoS) attacks. Their purpose is to damage the database or result in
unauthorized access.

2. Insider Threats: Sometimes authorized users can misuse the data. These
could be employees or contractors who leak or manipulate sensitive
information.

3. Data Breaches: When sensitive data is stolen through unauthorized access

or theft, it is called data breaches. These breaches can cause financial loss
and reputational damage.

4. Physical Threats: Physical security is also an important aspect. If an

attacker gains physical access, he can damage or steal the database servers.

5. Software Vulnerabilities: If there are any bugs or vulnerabilities in the

database management software, then attackers can exploit them to cause
unauthorized access or data corruption.
6. Network Threats: Attackers can intercept data during data transmission on
unsecured networks. Due to lack of encryption, there is power in protecting
sensitive information.

7. Human Error: Sometimes human error can also create threats, such as
accidentally deleting data or making incorrect configurations.

Security Mechanisms:
What types of security mechanisms are used to ensure database security?
These mechanisms protect the database from unauthorized access, data
breaches, and other threats. Here are some common security mechanisms:

1. Access Control: This mechanism is used to grant or deny access to database

resources to users. This includes role-based access control (RBAC), where
users are given permissions according to their roles.

2. Authentication: This process happens to verify the identity of the users.

Strong authentication methods, such as multi-factor authentication (MFA),
ensure that only authorized users can access the database.

3. Encryption: Data encryption ensures that even if the data falls into the
hands of an unauthorized party, it cannot be used. This is applied to both
data at rest (stored data) and data in transit (transmitted data).

4. Auditing and Monitoring: Suspicious activities can be detected through

regular audits and monitoring. Maintaining and analyzing logs is helpful in
tracing security incidents.

5. Firewalls: Firewalls monitor network traffic and block unauthorized access.

These act as a protective barrier for database servers.
6. Backup and Recovery: Regular backups are necessary to avoid data loss. If
any incident occurs, there must be effective recovery mechanisms to restore
the data.

7. Patch Management: Database management systems should be updated

regularly to address software vulnerabilities. Applying security patches helps
protect against known vulnerabilities.

Role of DBA:
The role of Database Administrator (DBA) is to effectively manage the
database management system. Some key responsibilities of a DBA are:
1. Database Design: DBA designs the database, which includes schema
design, data modeling, and normalization. These ensure that data can
be stored and retrieved efficiently.

2. Installation and Configuration: DBA installs the database software and

configures it so that the system performs optimally.

3. Performance Monitoring: DBAs monitor and tune the performance of

the database. This includes optimizing queries, indexing, and resource
allocation.

4. Backup and Recovery: It is the responsibility of the DBA to take regular

backups and prepare recovery plans. This ensures that data can be
restored in case of data loss.

5. Security Management: DBAs manage database security, which includes

user access control, authentication, and encryption. These protect the
database from unauthorized access.

6. Troubleshooting: If any issue or error occurs, then DBA can solve the
problem by analyzing it. They provide technical support and try to
minimize system downtime.
 7. Documentation: DBA maintains documentation of database
configuration, procedures, and policies. This is important for future
reference.

8. User Support: DBAs support users in using the database, handling their
queries and issues.
The role of DBA is critical because they ensure data integrity, availability, and
performance.

Discretionary Access Control (DAC):

Discretionary Access Control (DAC) is an access control mechanism in which
resource owners have the authority to assign access rights to their resources.
This means that the user who owns a resource (such as a file, folder, or
database) can decide who can access that resource and who cannot.

### Key Features of DAC:

1. Ownership: The owner of the resource can define access permissions.
Owner can give access rights to a specific user or user group.

2. Flexibility: In DAC system owners have the flexibility to assign access rights
at their discretion. They want to be able to give read, write, or execute
permissions to anyone.

3. Access Control Lists (ACLs): DAC is often implemented through Access

Control Lists. ACLs contain a list for each resource that specifies which users
or groups have what permissions.

4. Security Risks: DAC system can be vulnerable because if the owner has
given access rights to someone, then that user can also give access rights to
other users, which can create security risks.
5. Common Usage: DAC is used in small networks or personal computers,
where users have to maintain control over their files and resources.

###Example:
If you are the owner of a document, you can decide whether your friend has
permission to view that document. If you want, you can give them only read
access or you can also give them permission to edit.

Backing Up and Restoring Databases:

Backup and restore of databases is an important process which is necessary
to avoid data loss. To understand this process, let's look at the backup and
restore steps in detail.
### Backing Up a Database
1. Backup Types:
- Full Backup: In this a copy of the entire database is made. This is the most
comprehensive backup.
- Incremental Backup: It backs up only those changes that have been made
since the last backup. This saves both space and time.
- Differential Backup: In this, all the changes made after the last full backup
are backed up.

2. Backup Process:
- Backup Tool: Database management systems (DBMS) like MySQL, SQL
Server, or Oracle provide their own backup tools. You can take backup using
these tools.
- Command Execution: Backup command has to be executed.
For example, in MySQL you can use the `mysqldump` command:
mysqldump -u username -p database_name > backup_file.sql
3. Storage: Backup files should be stored in a secure location, such as external
hard drives, cloud storage, or offsite locations.

### Restoring a Database

1. Restore Process:
- The database has to be restored using the backup file. This process
depends on the backup type.
- If you have taken a full backup, then you can simply restore the backup
file. Like in MySQL:
mysql -u username -p database_name < backup_file.sql

2. Handling Incremental/Differential Backups:

- If you are using incremental or differential backup, you will have to restore
the full backup first, then restore the incremental or differential backups
sequentially.

3. Verification: After restore, it is important to ensure that the database has

been restored correctly and data integrity is maintained.
### Best Practices
- Regular Backups: Backups should be taken at regular intervals to avoid data
loss.
- Test Restores: You should test the restore process every now and then to see
if the backup is working properly.
- Secure Storage: Backup files should be encrypted and stored at secure
locations.