Scribd
Upload
17 views

Database Security

Uploaded by

chizaramnathan
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views

Database Security

Uploaded by

chizaramnathan
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

1

DATABASE
SECURITY
Database
2
Security

🠶 Definition: Database security can be described as the level of control or


restriction on user actions on the database. This control includes access
to data, database server and its applica tions.

🠶 It is the protection of data against unauthorized access, disclosure,


alteration or destruction.
Security risks to
3
database
🠶 This includes:
systems
1. Unauthorised activity, e.g. a hacker.
2. Misuse by authorised users.
3. Malware infection which deletes, damages or makes
sensitive data available.
4. Overloads which can lead to inability of authorised users to use
the database.
5. Physical damage to servers, e.g. fire, flood, lightning,
accidental liquid spills, electrica l surge, etc.
6. Design flaws and programming bugs which create
4 security vulnerabilities.
7. Data corruption or loss caused by the entry of invalid
data or commands, mistakes in database or system
administration processes, sabotage or criminal damage.
IMPORTANCE OF DATA SECURITY
5

There are three main objectives to consider while designing a


secure database application:
1. secrecy
2. integrity and
3. availability
6 1.
SECRECY
a) Secrecy denotes the protection of information from
unauthorized disclosure either by direct retrieval or by indirect
logical inference.
b) Secrecy must deal with the possibility that information may also be
disclosed by legitimate users by passing secret information to
unauthorized users intentionally or without knowledge of the
authorized user.
7 2. INTEGRITY

🠶 Integrity constraints are rules that define the correct states of a database.
🠶 Integrity entails data protection from malicious or accidental modification,
including the insertion of false data, contamination and the destruction
of data.

🠶 Read up: SQL


injection
3.
8
AVAILABILITY
🠶 Availability is the characteristic that ensures data is accessible by
authorized users and database applications when they need
them.
Types of Database Security
9
Control
🠶 Many layers and types of information security control
are appropriate to databases, including:
🠶 Access control
🠶 Database Auditing
🠶 Authentication
🠶 Encryption
🠶 Integrity controls
🠶 Backups
🠶 Applica tion security
Assignment: What
is
applica tion
security?
Implement on
Edupage.

Deadline:
1 Access
0
🠶
Control
This is the selective restriction of access to a resource in the
database. It is a system of controlling data that is
accessible to a given user.

🠶 Permission to access a resource is termed authorisation.

🠶 Access control can be mandatory or discretionary


DAC
1 🠶 Users have privileges to access or modify objects in the database.
1 If they have permission, users can grant their privileges to other
users.
🠶 Allows an individual complete control over any object they
own.
1. File and data ownership- every object has an owner. The
🠶 There are two important concepts in DAC:
acce ss policy to this object is determined by its owner.
2. Access rights permissions:- This is the control that an owner can
assign to other objects for specific resources.
🠶 E.g. Facebook share – You can specify who gains access
to resources you create.
1 Mandatory Access
2
🠶
Control
MAC: Allowing user to a resource if and only if rules exist that allow
a given user to acce ss the resource.
🠶 In MAC only the administrator manages the access controls.

Read more:
Understanding
data processing
textbook.
Database
13
🠶 auditing
Database auditing involves observing a database so as to be aware of the
actions of database users. Database administrators and consultants often set
up auditing for security purposes, for example, to ensure that those without the
permission to access information do not access it.
Authenticatio
1
4
n Database
🠶 authentication is the process or act of confirming
that a user who is attempting to log in to a database is
authorized to do so, and is only accorded the rights to
perform activities that he or she has been authorized to do.
🠶 It may be performed by
a. the database itself,
b. the operating system,
c. a network service
d. the secured socket layer (SSL)
Database
15
🠶 encryption
Database encryption is a process that uses an
algorithm to transform data stored in a database into a
form that is incomprehensible without first being
decrypted.
🠶 A "meaningless" encrypted data is of little or no
use for hackers.
🠶 There are multiple techniques and technologies available
for database encryption.
Tutorial question
16

🠶 If an individual steals a hard disk of an organisation, he will be able


to access the information stored and read it. Describe the method
you can use to prevent the hard disk content from being read,
even if it can be accessed.

🠶 How will the authorised user be able to read the encrypted


data?
1 Backups
7

🠶 This refers to creating a copy or archiving of the data in the database.


🠶 Such backup becomes useful to restore the database in case of data
loss or system crash.
🠶 Backups can be automated to run at a particular time or done
manually.

Tutorial Question:
• Outline situations where data backup will
prove useful.
Database
18 Administrator
He manages the database
1. He develops a security policy for the database
2. He creates new users
3. He assigns roles to each user of the database.
4. He handles database auditing.
5. He regularly ca rries out database backups.

🠶 Tutorial Question: Write more duties of a database


administrator.

You might also like