Data Privacy Who owns data? Customer rights. International complications. Do not release data to others. Do not read data unnecessarily. Report all infractions and problems. Privacy tradeoffs Marketing needs Government requests Employee management
Hardware backup facilities
Continuous backup (mirror sites)
“ Sister” agreements
Data and software
Policies and procedures
Write it down
Train all new employees
Test it once a year
Allowable time between disaster and business survival limits.
Physical Security Provisions
Disaster planning and testing.
Fire monitoring and control.
Control physical access.
Physical access limitations
Guards and video monitoring
Badges and tracking
Consultants and Business alliances
Limited data access
Limited physical access
Paired with employees
Letting a competitor see the strategic marketing plans.
Letting employees change their salary numbers.
Preventing a finance officer from retrieving data needed to get a bank loan.
Do not use “real” words.
Do not use personal (or pet) names.
Include non-alphabetic characters.
Use at least 6 (8) characters.
Change it often.
Too many passwords!
Finger / hand print readers
Retina (blood vessel) scans
The one-minute password.
Card matched to computer.
Best method for open networks / Internet.
Basic Security Ideas
Limit access to hardware
Fire and environment monitors.
Employee logs / cards.
Access from network nodes.
Software and data usage.
User calls modem
Modem gets name, password
Modem hangs up phone
Modem calls back user
Machine gets final password
phone company phone company 1 4 5 2 3 Jones 1111 Smith 2222 Olsen 3333 Araha 4444
Access to directories
View / File scan
Access to files
DBMS usually needs most of these
Assign by user or group.
DBMS access controls
Open / Run
Owners and administrator
Need separate user identification / login to DBMS.
SQL Security Commands
Table columns (SQL 92+)
GRANT INSERT ON Bicycle TO OrderClerks REVOKE DELETE ON Customer FROM Assemblers
WITH GRANT OPTION GRANT SELECT ON Bicycle TO MarketingChair WITH GRANT OPTION Enables the recipient to also grant the specified privilege to other users. It passes on part of your authority.
Roles Assign permissions to the role. New hire: Add role to person Items: SELECT Customers: SELECT, UPDATE Sales: SELECT, UPDATE, INSERT Role: SalesClerk 18 3.75 Bird Food 333 82 1.23 Cat Food 222 53 0.95 Dog Food 111 QOH Price Description ItemID 4444 Jennifer Locke 1113 3333 Jackson Pollock 1112 2222 Peta Wilson 1111 Phone FirstName LastName CustomerID 1113 05-May- 113 1112 04-May- 112 1112 03-May- 111 CustomerID SaleDate SalesID
Using Queries for Control
Permissions apply to entire table or query.
Use query to grant access to part of a table.
Give all employees read access to name and phone (phonebook).
Give managers read access to salary.
Employee( ID , Name, Phone, Salary) Query: Phonebook SELECT Name, Phone FROM Employee Security Grant Read access to Phonebook for group of Employees. Grant Read access to Employee for group of Managers. Revoke all access to Employee for everyone else (except Admin).
Separation of Duties SupplierID Name … 673 Acme Supply 772 Basic Tools 983 Common X Supplier OrderID SupplierID 8882 772 8893 673 8895 009 PurchaseOrder Referential integrity Clerk must use SupplierID from the Supplier table, and cannot add a new supplier. Purchasing manager can add new suppliers, but cannot add new orders.
Securing an Access Database
Set up a secure workgroup
Create a new Admin user.
Enable security by setting a password
Remove the original Admin user.
Run the Security Wizard in the database to be secured.
Assign user and group access privileges in the new database.
Encrypt the new database.
Save it as an MDE file.
Protection for open transmissions
Weak operating systems
Single key (AES)
Trap doors / escrow keys
U.S. export limits
64 bit key limit
Breakable by brute force
Typical hardware:2 weeks
Special hardware: minutes
Plain text message Encrypted text Key: 9837362 Key: 9837362 AES Encrypted text Plain text message AES Single key: e.g., AES
Dual Key Encryption
Using Bob’s private key ensures it came from him.
Using Alice’s public key means only she can read it.
Alice Bob Public Keys Alice 29 Bob 17 Private Key 13 Private Key 37 Use Bob’s Public key Use Bob’s Private key Message Message Encrypt+T Encrypt+T+M Encrypt+M Use Alice’s Public key Use Alice’s Private key Transmission