2. References :
1) Hassan A. Afyouni, “Database Security and Auditing”, Third Edition, Cengage
Learning, 2009
2) Charu C. Aggarwal, Philip S Yu, “Privacy Preserving Data Mining”: Models and
Algorithms, Kluwer Academic Publishers, 2008
3) Ron Ben Natan, ”Implementing Database Security and Auditing”, Elsevier Digital
Press, 2005.
3. DATABASE SECURITY AND PRIVACY
UNIT I : SECURITY ARCHITECTURE & OPERATING SYSTEM SECURITY
FUNDAMENTALS
✓ Security Architecture:
▪ Introduction
▪ Information Systems
▪ Database Management Systems
▪ Information Security Architecture
▪ Database Security
▪ Asset Types and value
▪ Security Methods
✓ Operating System Security Fundamentals:
▪ Introduction
▪ Operating System Overview
▪ Security Environment
▪ Components
▪ Authentication Methods
✓ User Administration
✓ Password Policies
✓ Vulnerabilities
✓ E-mail Security
4. Security Architecture: Introduction
✓ Security is Avoiding unauthorised access ( with limited
time duration , not always)
✓ There is no 100% Security in all kind of software and hardware .
✓ Security violations and attacks are increased globally at an average
rate of 20%.
✓ Statistics shows that virus alerts, email spamming, identity theft, data
theft, and types of security breaches on the rise.
✓ Database Security is the degree to which all the data is fully protected
from tampering or unauthorised acts.
✓ The great challenge is to develop a new database security policy to secure
data and prevent integrity data violations.
✓ Most of the DBMS did not have a security mechanism for authentication
and encryption until recently.
5. Information Systems
✓ In today’s global market , corporate companies all
over the world to gain a portion of market share.
✓ Wise decisions are not made without accurate and timely
information.
✓ At the same time integrity of information is more important.
✓ The integrity of the information depends on the integrity of
its data source and the reliable processing of the data.
✓ Data is processed and transformed by a collection of
components working together to produce and
generate accurate information. These components
are known as INFORMATION SYSTEM.
6. Information Systems …
✓ An information can be a back bone of the day-to-day operations of a company
well as the beacon of long-term strategies and vision.
✓ Information systems are categorized based on usage.
✓ The following figure shows the typical use of system applications at
various management levels
7. Information Systems …
✓ Information System mainly classified into three categories
1) Transaction Processing System (TPS)
2) Decision Support System (DSS)
3) Expert System (ES)
8. Information Systems …
Characteristics of Information System categories
Category Characteristics Typical Application
System
Transaction
Processing
System (TPS)
✓ Also Known as ONLINE TRANSACTION
PROCESSING (OLTP)
✓ Used for operational tasks
✓ Provides solutions for structured problems
✓ Includes business transactions
✓ Logical Components of TPS applications ( Derived
from business procedures , business rules and
policies)
▪ Order tracking
▪ Customer service
▪ Payroll
▪ Accounting
▪ Student Registration
▪ Sales
Decision
Support
System (DSS)
✓ Deals with nanostructured problems and provide
recommendations or answer to solve these
problems
✓ Is capable of “What-if?” analysis
✓ Contains collection of business models
✓ Is used for tactical management tasks
▪ Risk Management
▪ Fraud Detection
▪ Sales forecasting
▪ Case resolution
9. Information Systems …
Characteristics of Information System categories …
Category Characteristics Typical Application
System
Expert System
(ES)
✓ Captures reasoning of human experts
✓ Executive Expert Systems(EESs) are a type of
expert system used by top level management
for strategic management goals
✓ A branch of Artificial Intelligence within the
field of computer science studies
✓ Software consists of :
Knowledge Base
Inference Engine
Rules
✓ People Consists of :
Domain Experts
Knowledge Engineers
Power Users
✓ Virtual University
Simulation
✓ Financial Enterprise
✓ Statistical Trading
✓ Loan Expert
✓ Market Analysis
10. Information Systems …
Components of Information System
✓ Data – The information stored in the Database for future
references or processing
✓ Procedures – Manual , Guidelines, Business rules and Policies
✓ Hardware – Computer System, Fax, Scanner, Printer, Disk
✓ Software – DBMS, OS, Programming Languages, Other
Utilities or Tools
✓ Network – Communication Infrastructure
✓ People – DBA, System Admin, Programmers, Users,
Business Analyst, System Analyst
12. Database Management System
Database :
✓ A collection of meaningful Interelated Information System
✓ It is both Physical and Logical
✓ Representing the logical information in a physical device
✓ Mainly used for storing and retrieving the data for processing
✓ Using CLIENT / SERVER Architecture
✓ Request and Reply protocols are used to communicate client and
server
13. Database Management System …
DBMS
✓ Set of programs to access the database for data manipulation or processing
✓ DBMS contains information about a particular enterprise
✓ DBMS provides an environment that it both convenient and efficient
to use Purpose of DBMS
✓ Data redundancy and inconsistency
✓ Difficulty in accessing data
✓ Data isolation – multiple files and format
✓ Integrity problems
✓ Atomicity of updates
✓ Concurrent access by multiple users
✓ Security problems
15. Information Security Architecture
Information Security
✓ Information is one of the most valuable asset in an organization
✓ Many companies have Information Security Department
✓ Information Security consists of the procedures and measures taken
to protect each component of the information systems involved in
protecting information
✓ According to the National Security Telecommunications and
Information Systems Security Committee (NSTISSC) , the concept
of CIA Triangle , in Which “C” stands for “Confidentiality”, “I”
stands for “Integrity” and “A” stands for “Availability”
16. Information Security Architecture …
Confidentiality
Information is classified
into different levels of
confidentiality to ensure
that only authorised users
access the information
Integrity
Information is accurate and
protected from tampering by
unauthorised persons
Information is consistent and
validated
Availability
Information is available all the times only
for authorised and authenticated persons
System is protected from being shutdown
due to external or internal threats or
attacks
CIA Triangle
17. ▪ Threats and Attacks
▪ System Vulnerabilities
▪ Authorization methodology
▪ Authentication Technology
▪ Network Interface
▪ Disaster and Recovery Strategy
Availability
▪ Security Technology
▪ Security Models
▪ Cryptography Technology
▪ DBMS Technology
▪ Database and Data Design
▪ Application Technology
Integrity
▪ Privacy Laws
▪ Confidential Classification
▪ Policies and Procedures
▪ Access Rights
▪ Customer Concerns
▪ Social and Cultural issues
Confidentiality
Logical
and
Physical Assets
Information Security Architecture
Information Security Architecture …
18. Information Security Architecture …
Components of Information Security Architecture
✓ Policies and Procedures
- Documented procedures and company policies that
elaborate on how security is to be carried out
✓ Security personnel and Administrators
- People who enforce and keep security in order
✓ Detection equipment
- Devices that authenticate employees and Detect equipment that is
prohibited by the company
✓ Security Programs
- Tools that protect computer systems’ server
✓ Monitoring Equipment
- Devices that monitor physical properties , employees and other
important assets
✓ Monitoring Applications
- Utilities and applications used to monitor network traffic and Internet
activities
✓ Auditing Procedures and Tools
- Checks and Controls put in place to ensure that security measures are
working
19. Database security
Database Security
✓ One of the functions of DBMS is to empower DBA to implement and
enforce security at all levels of security
✓ A security access point is a place where database security must be
protected and applied
✓ The Security access points illustrated in the below figure
20. Database Security Access Points
✓ People – Individuals who have been granted privileges and permissions to
access networks, workstations, servers, databases, data files and data
✓ Applications – Application design and implementation , which includes
privileges and permissions granted to people
✓ Network – One of the most sensitive security access points. Protect the
network and provide network access only to applications,
operating systems and databases.
✓ Operating Systems – This access point is defined as authentication to the
system, the gateway to the data
✓ DBMS – The logical structure of the database, which includes memory ,
executable and other binaries
✓ Data files – Another access point that influences database security
enforcement is access to data files where data resides.
✓ Data – The data access point deals with data design needed to enforce data
integrity
22. Data Integrity violation process
✓ Security gaps are points at which security is missing and the systems is vulnerable.
✓ Vulnerabilities are kinks in the system that must be watched because they can
become threats.
✓ In the world of information security , a threat is defined as a security risk that has
high possibility of becoming a system breach.
24. Menaces to Databases
✓ Security vulnerability
– A weakness in any of the information system components that can be
exploited to violate the integrity , confidentiality, or accessibility of the
system
✓ Security Threat
– A security violation or attack that can happen any time because of
a security vulnerability
✓ Security risk
– A known security gap that a company intentionally leaves open
25. Types of Vulnerabilities
✓ Vulnerability means “ Susceptible to Attacks” ( Source :www.dictionary.com)
✓ Intruders, Attackers and Assailers exploit vulnerabilities in Database environment to
prepare and start their attacks.
✓ Hackers usually explore the weak points of a system until they gain entry
✓ Once the intrusion point is identified , Hackers unleash their array of attacks
▪ Virus
▪ Malicious Code
▪ Worms
▪ Other Unlawful violations
✓ To protect the system the administrator should understand the types of
vulnerabilities
✓ The below figure shows the types of vulnerabilities
26. Types of Vulnerabilities …
Category Description Examples
Installation
and
Configuration
User Mistakes
✓ Results from default
installation
✓ Configuration that is known
publicly
✓ Does not enforce any
security measures
✓ Improper configuration or
Installation may result in
security risks
✓ Security vulnerabilities are
tied to humans too
✓ Carelessness in
implementing procedures
✓ Failure to follow through
✓ Accidental errors
✓ Incorrect application
configuration
✓ Failure to change default
passwords
✓ Failure to change default
privileges
✓ Using default installation
which does not enforce high
security measures
✓ Lack of Auditing controls
✓ Untested recovery plan
✓ Lack of activity monitoring
✓ Lack of protection against
malicious code
✓ Lack of applying patches as
they are released
✓ Bad authentication or
implementation
✓ Social Engineering
✓ Lack of technical
information
✓ Susceptibility to scam
27. Types of Vulnerabilities …
Category Description Examples
Software ✓ Vulnerabilities found in
commercial software for all types
of programs ( Applications, OS,
DBMS, etc.,)
✓ Software patches that are not
applied
✓ Software contains bugs
✓ System Administrators do not
keep track of patches
Design and
Implementation
✓ Related to improper software
analysis and design as well as
coding problems and deficiencies
✓ System design errors
✓ Exceptions and errors are not
handled in development
✓ Input data is not validated
28. Types of threats
✓ Threat is defined as “ An indication of impending danger or harm”
✓ Vulnerabilities can escalate into threats
✓ DBA , IS Administrator should aware of vulnerabilities and threats
✓ Four types of threats contribute to security risks as shown in below figure
29. Types of threats , definitions and examples
Threat type Definition Examples
People
Malicious
Code
People intentionally or
unintentionally inflict
damage, violation or
destruction to all or any of the
database components
(People, Applications,
Networks, OS, DBMS, Data
files or data)
Software Code that in most
cases is intentionally written
to damage or violate one or
more database environment
components (People,
Applications, Networks, OS,
DBMS, Data files or data)
✓ Employees
✓ Govt. Authorities or Person who
are in charge
✓ Contractors
✓ Consultants
✓ Visitors
✓ Hackers
✓ Organised Criminals
✓ Spies
✓ Terrorists
✓ Social Engineers
✓ Viruses
✓ Boot Sector Viruses
✓ Worms
✓ Trojon Horses
✓ Spoofing Code
✓ Denial-of-service flood
✓ Rookits
✓ Bots
✓ Bugs
✓ E-Mail Spamming
✓ Back Door
30. Types of threats , definitions and examples
Threat type Definition Examples
Natural
Disasters
Calamities caused by Nature, which can
destroy any or all of the Database
Components (People, Applications,
Networks, OS, DBMS, Data files or data)
✓ Hurricanes
✓ Tornados
✓ Eartquakes
✓ Lightning
✓ Flood
✓ Fire
Technological
Disasters
Often caused by some sort of malfunction in
equipment or hardware.
Technological disasters can inflict damage to
Networks, OS, DBMS, Data files or data
✓ Power failure
✓ Media failure
✓ Hardware failure
✓ Network failure
31. Examples of Malicious Code
✓ Virus – Code that compromises the integrity and state of the system
✓ Boot Sector Virus – Code that compromises the segment in the hard disk that
contains the program used to start the computer
✓ Worm – Code that disrupts the operation of the system
✓ Trojan Horses – Malicious code that penetrates a computer system or network
by pretending to be legitimate coded
✓ Spoofing Code – Malicious code that looks like a legitimate code
✓ Denial-of-service-flood – The act of flooding a web site or network system with
many requests with the intent of overloading the system and forcing it to
deny service legitimate requests
✓ Rootkits and Bots – Malicious or Legitimate code that performs such functions
as automatically retrieving and collecting information from computer system
✓ Bugs - Code that is faulty due to bad design, logic or both
✓ E-Mail Spamming – E-Mail that is sent to may recipients without their
permission
✓ Back door – An intentional design element of software that allows developers of
the system to gain access to the application for maintenance or technical
problems
32. Types of Threats
✓ Risks are simply the a part of doing business
✓ Managers at all the levels are constantly working to assess and mitigate risks to
ensure the continuity of the department operations.
✓ Administrators should understand the weakness and threats related to the system
✓ Categories of database security risks are shown in the below figure
33. Definitions and examples of Risk types
Risk Type Definition Examples
People The loss of people who are
vital components of the
database environments and
know critical information can
create risks
✓ Loss of key persons ( Registration,
Migration, Health problems)
✓ Key person downtime due to sickness
personal or family problems, or
burnout
Hardware A risk that mainly results in
hardware unavailability or
interoperability
✓ Downtime due to hardware failure, mal
functions, or inflicted damages
✓ Failure due to unreliable or poor quality
equipment
Data Data loss or data integrity is a
major concern of the
database administration and
management
✓ Data loss
✓ Data corruption
✓ Data Privacy loss
Confidence The loss of public confidence
in the data produced by the
company causes a loss of
public confidence in the
company itself
✓ Loss of procedural and policy
documentation
✓ DB performance degradation
✓ Fraud
✓ Confusion and uncertainty about
database information
35. Asset Types and Their Values
✓ People always tend to protect assets regardless of what they are
✓ Corporations treat their assets in the same way
✓ Assets are the infrastructure of the company operation
✓ There are four main types of assets
▪ Physical assets – Also known as tangible assets, these include buildings, cars,
hardware and so on
▪ Logical assets – Logical aspects of an information system such as business
applications, in-house programs, purchased software, OS, DBs, Data
▪ Intangible assets – Business reputation, quality, and public confidence
▪ Human assets – Human skills, knowledge and expertise
36. Database Security Methods
Security methods used to protect database environment components
Database
Component
Protected
Security Methods
People ✓ Physical limits on access to hardware and documents
✓ Through the process of identification and authentication make
certain that the individual is who is claim s to be through the use of
devices, such as ID cards, eye scans, and passwords
✓ Training courses on the importance of security and how to guard
assets
✓ Establishment of security policies and procedures
Applications ✓ Authentication of users who access applications
✓ Business rules
✓ Single sign-on ( A method for signing on once for different
applications and web sites)
Network ✓ Firewalls to block network intruders
✓ Virtual Private Network (VPN)
✓ Authentication
37. Database Security Methods …
Database Component
Protected Security Methods
OS ✓ Authentication
✓ Intrusion Detection
✓ Password Policies
✓ User accounts
DBMS ✓ Authentication
✓ Audit Mechanism
✓ Database resource limits
✓ Password poilicy
Data files ✓ File permission
✓ Access Monitoring
Data ✓ Data Validation
✓ Data Constraints
✓ Data Encryption
✓ Data Access
38. Database Security Methodology
The below figure presents database security methodology side by side
with the software development life cycle (SDLC) methodology
39. Database Security Methodology…
The following list presents the definition of each phase of the
database security methodology
Identification – Entails the identification and investigation of resources
required and policies to be adopted
Assessment – This phase includes analysis of vulnerabilities, threats and
risks for both aspects of DB security
Physical – Data files
Logical – Memory and Code
Design – This phase results in a blueprint of the adopted security model
that is used to enforce the security
Implementation – Code is developed or tools are purchased to implement the
blueprint outlined in the previous phase
Evaluation – Evaluate the security implementation by testing the system
against attacks, hardware failure, natural disasters and human
errors
Auditing – After the system goes into production , security audits should
be performed periodically to ensure the security state of the
system
40. Database Security Definition Revisited
At the start of the chapter database security was defined as
“the degree to which all the data is fully protected from tampering and
unauthorised acts”.
After discussing a lot of database security , various information systems and
information security the definition of database security can be expanded as
follows:
Database security is a collection of security polices and procedures, data
constraints, security methods , security tools blended together to implement
all necessary measures to secure the integrity, accessibility and confidentiality
of every component of the database environment.
41. Operating System Security Fundamentals
An Operating System (OS) is a collection of programs that allows the to
operate the computer hardware.
✓ OS is also known as “ RESOURCE MANAGER”
✓ OS is one of the main access point in DBMS
✓ A computer system has three layers
▪ The inner layer represents the hardware
▪ The middle layer is OS
▪ The outer layer is all different software
42. Operating System Security Fundamentals …
An OS is having number of key functions and capabilities as outlined
in the following list
✓ Multitasking
✓ Multisharing
✓ Managing computer resources
✓ Controls the flow of activities
✓ Provides a user interface to operate the computer
✓ Administers user actions and accounts
✓ Runs software utilities and programs
✓ Provides functionalities to enforce the security measures
✓ Schedules the jobs and tasks to be run
✓ Provides tools to configure the OS and hardware
43. Operating System Security Fundamentals …
There are different vendors of OS
✓ Windows by Microsoft
✓ UNIX by companies such as Sun Microsystems, HP and IBM
✓ LINUX “flavours” from various vendors such as Red Hat
✓ Macintosh by Apple
44. The OS Security Environment
✓ A compromised OS can compromise a
Database Environment
✓ Physically protect the computer running
the OS( Padlocks, Chain locks, Guards,
Cameras)
✓ Model :
▪ Bank Building – OS
▪ Safe – DB
▪ Money - Data
45. The Components of an OS Security Environment
✓ The three components (layers) of
the OS are represented in the figure
✓ Memory component is the hardware
memory available on the system
✓ Files component consists of files
stored on the disk
✓ Service component compromise
such OS features and functions as
N/W services, File Management and
Web services
46. Services
✓ The main component of OS security environment is services.
✓ It consists of functionality that the OS offers as part of its core utilities.
✓ Users employ these utilities to gain access to OS and all the features
the users are authorised to use.
✓ If the services are not secured and configured properly , each service
becomes a vulnerability and access point and can lead to a security
threat.
47. Files
✓ Files are another one component of OS.
✓ It has more actions
✓ File Permission
✓ File Transfer
✓ File Sharing
48. Files …
File Permission
• Every OS has a method of implementing file permission to grant read, write or
execute privileges to different users.
• The following figure gives how the file permissions are assigned to a user in
windows
49. Files …
✓ In UNIX, file permissions work differently than windows.
✓ For each file there are three permission settings
✓ Each setting consists of rwx ( r – read, w – write and x – execute)
1. First rwx is Owner of the file
2. Second rwx is Group to which owner belongs
3. Third rwx is All other users
✓ The given images gives the details of UNIX file permission.
50. Files …
✓ File Transfer – moving the file from one location to another location in a
disk/web/cloud
✓ FTP is an Internet service that allows transferring files from one computer to
another
✓ FTP clients and servers transmit usernames and passwords in plaintext
format( Not Encrypted). This means any hacker can sniff network traffic and
be able to get the logon information easily.
✓ Files also transferred as plaintext format
✓ A root account cannot be used to transfer file using FTP
✓ Anonymous FTP is the ability to log on to the FTP server without being
authenticated.
✓ This method is usually used to provide access to files in the public domain.
51. Files …
✓ Here are some best practices for transferring files
✓ Never use the normal FTP Utility. Instead, use the secure FTP utility , if
possible.
✓ Make two FTP directories: one for file uploads with write permission
only and another one file is for file downloads with read permission.
✓ Use specific accounts for FTP that do not have access to any files or
directories outside the file UPLOAD and DOWNLOAD directories.
✓ Turn on logging , and scan the FTP logs for unusual activities on a
regular basis.
✓ Allow only authorized operators to have FTP privileges.
52. Files …
✓ Sharing files naturally leads to security risks and threats
✓ The peer-to-peer technology is on rise( very well developed now)
✓ Peer-to-Peer programs allow users to share the files over internet
✓ If you were conduct a survey of users that use Peer-to-Peer programs,
majority of the users’ machines are infected with some sort of virus,
spyware, or worm.
✓ Most companies prohibit the use of such programs.
✓ The main reason for blocking these programs are
▪ Malicious Code
▪ Adware and spyware
▪ Privacy and confidentiality
▪ Pornography
▪ Copy right issues
53. Memory
✓ You may wonder how memory is an access points to security violations
✓ There are many badly written programs and utilities that could change
the content of memory
✓ Although these programs do not perform deliberate destructions acts.
✓ On the other hand , programs that intentionally damage or scan data
in memory are the type that not only can harm the data integrity, but
may also exploit data for illegal use.
54. Authentication Methods
✓ Authentication is the fundamental service of the OS
✓ It is a process to very the user identity
✓ Most security administrators implement two types of
authentication methods
✓ Physical authentication method allows physical entrance to the
company properties
✓ Most companies use magnetic cards and card readers to control the entry to
a building office, laboratory or data center.
✓ The Digital authentication method is a process of verifying the identify
of the user by means of digital mechanism or software
55. Digital Authentication used by many OS
✓ Digital Certificate
▪ Widely used in e-commerce
▪ Is a passport that identifies and verifies the holder of the certificate
▪ Is an electronic file issued by a trusted party ( Known as certificate authority ) and cannot
be forged or tampered with.
✓ Digital Token (Security Token)
▪ Is a small electronic device that users keep with them to be used for authentication to a
computer or network system.
▪ This device displays a unique number to the token holder, which is used as a PIN
( Personal Identification Number) as the password
✓ Digital Card
▪ Also known as security card or smart card
▪ Similar to credit card in dimensions but instead of magnetic strip
▪ It has an electronic circuit that stores the user identification information
✓ Kerberos
▪ Developed by Massachusetts Institute of Technology (MIT) , USA
▪ It is to enable two parties to exchange information over an open network by assigning a
unique key. Called ticket , to each user.
▪ The ticket is used to encrypt communicated messages
56. Digital Authentication used by many OS …
✓ Lightweight Directory Access Protocol (LDAP)
▪ Developed by University of Michigan, USA
▪ Uses centralized directory database storing information about people,
offices and machines in a hierarchical manner
▪ LDAP directory can be easily distributed to many network servers.
▪ You can use LADP to store information about
• Users (User name and User id)
• Passwords
• Internal telephone directory
• Security keys
▪ Use LADP for these following reasons
• LDAP can be used across all platforms ( OS independent )
• Easy to maintain
• Can be employed for multiple purposes
▪ LDAP architecture is Client / Server based
57. Digital Authentication used by many OS …
✓ NTLM (Network LAN Manager)
▪ Was developed by Microsoft
▪ Employs challenge / response authentication protocol uses an encryption
and decryption mechanism to send and receive passwords over the network.
▪ This method is no longer used or supported by new versions of Windows OS
✓ Public Key Infrastructure (PKI)
▪ Also known as Public Key Encryption
▪ It is a method in which a user keeps a private key and the authentication
firm holds a public key .
▪ The private key usually kept as digital certificate on the users system.
✓ RADIUS ( Remote Authentication Dial-In User Services )
▪ It is a method commonly used by a network device to provide centralized
authentication mechanism.
▪ It is Client / Server based, uses a dial-up server, a Virtual Private Network
(VPN) , or a Wireless Access Point communicating to a RADIUS server
58. Digital Authentication used by many OS …
✓ SSL (Secure Sockets Layers)
▪ Was developed by Netscape Communications
▪ To provide secure communication between client and server.
▪ SSL is a method in which authentication information is transmit
over the network in encrypted form.
▪ Commonly used by websites to source client communications.
✓ SRP ( Secure Remote Password )
▪ Was developed by Stanford University, USA
▪ It is a protocol in which the password is not secure locally in an
encrypted or plain text form.
▪ Very easy to install.
▪ Does not require client or server configuration .
▪ This method is invulnerable to brute force or dictionary attacks.
59. Authorization
✓ Authentication is the process of providing that users really are who
they claim to be.
✓ Authorization is the process that decides whether users are permitted
to perform the functions to they request.
✓ Authorization is not performed until the user is authenticated.
✓ Authorization deals with privileges and rights that have been granted
to the user.
60. User Administration
✓ Administrators use this functionality to create user
accounts, set password policies and grant privileges to
user.
✓ Improper use of this feature can lead to security risks and
threats.
✓ Note : User Administration and Password policies will be
discussed in Next Unit (Chapter III and Chapter IV in Text
book)
61. Vulnerabilities of OS
✓ The top vulnerabilities to UNIX Systems
▪
▪
▪
▪
BIND Domain Name System
RPC (Remote Procedure Call)
Apache Web Server
General UNIX authentication accounts with
no / weak passwords
▪
▪
▪
Clear text services
Sendmail
SNMP (Simple Network Management
Protocol
▪
▪
Secure Shell
Misconfiguration of Enterprise Services
NIS/ NFS
▪ Open SSL ( Secure Socket Layer)
✓ The top vulnerabilities to Windows
Systems
▪ IIS (Internet Information Server)
▪
▪
▪
MSSQL (Microsoft SQL Server)
Windows Authentication
IE (Internet Explorer)
▪
▪
Windows Remote Access Services
MDAC (Microsoft Data Access
Components)
▪
▪
▪
WSH ( windows Scripting Host)
Microsoft Outlook and Outlook Express
Windows Peer-to-Peer File Sharing (P2P)
▪ SNMP (Simple Network Management
Protocol
62. E-mail Security
✓ E-mail may be the tool most frequently used by hackers to exploit viruses, worms,
and other computer system invaders.
✓ E-mail is widely used by public and private organizations as a means of communication
✓ E-mail was the medium used in many of the most famous worm and virus attacks
✓ For example :
▪ Love Bug Worm
▪ I LOVE YOU worm
▪ Mydoom worm
▪ Melissa virus
✓ E-mail is not only to used to send viruses and worms, nut to send spam e-mail, private and
confidential data as well as offensive messages
✓ To prevent from these activities ,
▪ Do not configure e-mail server on a machine in which the sensitive data resides
▪ Do not disclose the e-mail server technical details
64. References :
1) Hassan A. Afyouni, “Database Security and Auditing”, Third Edition, Cengage
Learning, 2009
2) Charu C. Aggarwal, Philip S Yu, “Privacy Preserving Data Mining”: Models and
Algorithms, Kluwer Academic Publishers, 2008
3) Ron Ben Natan, ”Implementing Database Security and Auditing”, Elsevier Digital
Press, 2005.
65. DATABASE SECURITY AND PRIVACY
UNIT II : ADMINISTRATION OF USERS & PROFILES,
PASSWORD POLICIES,PRIVILEGES AND ROLES
✓ Administration of Users
▪ Introduction
▪ Authentication
▪ Creating Users
✓ SQL Server
▪ User Removing
▪ Modifying Users
▪ Default Users
✓ Remote Users
✓ Database Links
✓ Linked Servers
✓ Remote Servers
✓ Practices for administrators and Managers- Best Practices
✓ Profiles, Password Policies, Privileges and Roles
▪ Introduction
▪ Defining and Using Profiles
▪ Designing and Implementing Password Policies
✓ Granting and Revoking User Privileges
✓ Creating, Assigning and Revoking User Roles-Best Practices
66. Administration of Users
✓ Introduction
▪ Authentication and Authorization are essential services for every
OS
▪ Another service is Administration of Users
▪ Administrators use this functionality
• Creating users
• Set Password Policies
• Grant privileges
67. Documentation of User Administration
✓ At every type of organization, many security violations are caused by negligence
and ignorance and in particular by failing to consider documentation
✓ Documentation is a main part of administration process
✓ There top three excuses for failing to incorporate documentation
▪ Lack of Time
▪ Belief that the administration process is already in documented in the
system
▪ Reluctance to complicate a process that is simple
✓ Everything is documented for two reasons
▪ To provide a paper trail to retrace exactly what happened when breach of
security occurs
▪ To ensure administration consistency
68. Documentation of User Administration …
Documentation in Administration context includes the following
✓ Administration Policies
▪ Documentation includes all policies for handling new and terminated employees, managers,
system and database administrator, database managers, operation managers, and human
resources.
▪ A detailed document should describe guidelines for every task that is required for all common
administrative situations.
✓ Security Procedures
▪ This is an outline of a step-by-step process for performing administrative task according to
company policies.
✓ Procedures implementation scripts and programs
▪ This is documentation of any script or program used to perform an administrative task.
▪ This includes user’s manual and operational manual
69. Documentation of User Administration …
Documentation in Administration context includes the following …
✓ Predefined roles description
▪ This provides the full description of all predefined roles, outlining all
tasks for which the role is responsible and the role’s relationship to
other roles
✓ Administration staff and management
▪ This is usually a detailed description of each administration staff and
management position.
▪ This document includes an organizational chart.
70. Department Approval
Operational Approval
Account application Completion
Documentation of User Administration …
Many companies develop procedures and forms used to perform any security-related
process. The following figure presents a sample process of creating a database user
account that you can customize per your business requirements and company policies.
DBA Completes all the paper work and documentation for new employees
DBA provides list of access operations that are necessary for employees to
perform their jobs
DBA completes the database user account application form
DBA obtains department Manger’s approval on the application
DBA obtains operational Manger’s approval on the application
DBA or Operator creates the account
Account holder verifies access
Test Access
Implement Access
Access Identification
Document Completion
71. Creating users
✓ Creating users is one of the main tasks you will perform as a
database operator or DBA
✓ In most organization , this process is standardized , well
documented, and surely managed
✓ The DBA had written a script to create a user for every developer
working on the project
✓ This script granted privileges to read and write data to the
database scheme
✓ Regardless of the database you use , creating the user is generally
an easy task once a policy is documented and followed
73. Creating users …
user
✓ Specify the name of the user to be created. This name can contain only characters from
your database character set and must follow the rules described in the section "Schema
Object Naming Rules". Oracle recommends that the user name contain at least one
single-byte character regardless of whether the database character set also contains
multibyte characters.
IDENTIFIED Clause
✓ The IDENTIFIED clause lets you indicate how Oracle Database authenticates the user.
BY password
✓ The BY password clause lets you creates a local user and indicates that the user must
specify password to log on to the database. Passwords are case sensitive. Any
subsequent CONNECT string used to connect this user to the database must specify the
password using the same case (upper, lower, or mixed) that is used in
this CREATE USER statement or a subsequent ALTER USER statement. Passwords can
contain any single-byte, multibyte, or special characters, or any combination of these,
from your database character set
EXTERNALLY Clause
✓ Specify EXTERNALLY to create an external user. Such a user must be authenticated by
an external service, such as an operating system or a third-party service. In this case,
Oracle Database relies on authentication by the operating system or third-party service to
ensure that a specific external user has access to a specific database user.
74. Creating users …
AS 'certificate_DN'
✓ This clause is required for and used for SSL-authenticated external users only.
The certificate_DN is the distinguished name in the user's PKI certificate in the
user's wallet.
GLOBALLY Clause
✓ The GLOBALLY clause lets you create a global user. Such a user must be
authorized by the enterprise directory service (Oracle Internet Directory).
DEFAULT TABLESPACE Clause
✓ Specify the default tablespace for objects that the user creates. If you omit this
clause, then the user's objects are stored in the database default tablespace. If no
default tablespace has been specified for the database, then the user's objects are
stored in the SYSTEM tablespace.
✓ Restriction on Default Tablespaces You cannot specify a locally managed
temporary tablespace, including an undo tablespace, or a dictionary-managed
temporary tablespace, as a user's default tablespace.
75. Creating users …
TEMPORARY TABLESPACE Clause
✓ Specify the tablespace or tablespace group for the user's temporary segments. If you omit this
clause, then the user's temporary segments are stored in the database default temporary
tablespace or, if none has been specified, in the SYSTEM tablespace.
✓ Specify tablespace to indicate the user's temporary tablespace.
✓ Specify tablespace_group_name to indicate that the user can save temporary segments in any
tablespace in the tablespace group specified by tablespace_group_name.
✓ Restrictions on Temporary Tablespace
▪ This clause is subject to the following restrictions:
▪ The tablespace must be a temporary tablespace and must have a standard block size.
▪ The tablespace cannot be an undo tablespace or a tablespace with automatic segment-
space management.
76. Creating users …
✓ QUOTA Clause
▪ Use the QUOTA clause to specify the maximum amount of space the user can
allocate in the tablespace.
▪ A CREATE USER statement can have multiple QUOTA clauses for multiple
tablespaces.
▪ UNLIMITED lets the user allocate space in the tablespace without bound.
▪ Restriction on the QUOTA Clause You cannot specify this clause for a
temporary tablespace.
✓ PASSWORD EXPIRE Clause
▪ Specify PASSWORD EXPIRE if you want the user's password to expire. This
setting forces the user or the DBA to change the password before the user can
log in to the database.
✓ ACCOUNT Clause
▪ Specify ACCOUNT LOCK to lock the user's account and disable access.
Specify ACCOUNT UNLOCK to unlock the user's account and enable access to
the account.
77. Creating users …
✓ The following create user statement implements the creation of
user called bmnantha
SQL> CREATE USER bmnantha IDENTIFIED BY bmnantha23
2 DEFAULT TABLESPACE users
3 TEMPORARY TABLESPACE temp
4 QUOTA 25M ON users
5 PROFILE default
6 PASSWORD EXPIRE
7 ACCOUNT UNLOCK
8 /
User created
✓ Once the user is created you can modify a user account with an
ALTER USER statement using clause listed in the previous
example
78. DBA_USERS View
✓ DBA_USERS describes all users of the database.
Column Datatype NULL Description
USER
NAME
VARCHAR2(30) NOT NULL Name of the user
USER_ID NUMBER NOT NULL ID number of the user
PASSWORD VARCHAR2(30) This column is deprecated in favor of
the AUTHENTICATION_TYPE column
ACCOUNT_
STATUS
VARCHAR2(32) NOT NULL Account status:
✓ OPEN
✓ EXPIRED
✓ EXPIRED(GRACE)
✓ LOCKED(TIMED)
✓ LOCKED
✓ EXPIRED & LOCKED(TIMED)
✓ EXPIRED(GRACE) & LOCKED(TIMED)
✓ EXPIRED & LOCKED
✓ EXPIRED(GRACE) & LOCKED
79. DBA_USERS View …
Column Datatype NULL Description
LOCK_DATE DATE Date the account was locked if account
status was LOCKED
EXPIRY_DATE DATE Date of expiration of the account
DEFAULT_
TABLESPACE
VARCHAR2(30) NOT NULL Default tablespace for data
TEMPORARY_
TABLESPACE
VARCHAR2(30) NOT NULL Name of the default tablespace for
temporary tables or the name of a
tablespace group
CREATED DATE NOT NULL User creation date
PROFILE VARCHAR2(30) NOT NULL User resource profile name
INITIAL_RSRC
_CONSUMER_
GROUP
VARCHAR2(30) Initial resource consumer group for the user
80. DBA_USERS View …
Column Datatype NULL Description
EXTERNAL_
NAME
VARCHAR2(4000) User external name
PASSWORD_
VERSIONS
VARCHAR2(8) Database version in which the password was
created or changed
EDITIONS_
ENABLED
VARCHAR2(1) Indicates whether editions have been enabled
for the corresponding user (Y) or not (N)
AUTHENTICATI
ON_TYPE
VARCHAR2(8) Indicates the authentication mechanism for the
user:
✓ EXTERNAL - CREATE
USER user1 IDENTIFIED EXTERNALLY;
✓ GLOBAL - CREATE
USER user2 IDENTIFIED GLOBALLY;
✓ PASSWORD - CREATE
USER user3 IDENTIFIED BY user3;
81. Creating a SQL Server User
✓ To create a login id in SQL server can be member of SYSTEMADMIN OR
SECURITYADMIN
✓ There are two types of login IDs:
▪ Windows Integrated (Trusted) Logins
▪ User can associate a Microsoft Windows account or group with
either the server in which SQL Server is installed or the domain in
which the server is a member
▪ SQL Server Login
82. Creating a SQL Server User …
Creating Windows integrated Logins
✓ From the command Line
To create a new login associated with a Window account (Windows Integrated) , in the
Query Analyser tool use the SP_GRANTLOGIN system Procedure .
✓ The syntax is as follows:
✓ The login syntax is the fully qualified name of the Windows user account
in the form of machine_nameuser_name for local Windows users.
✓ domainusername for Windows domain accounts.
✓ Windows integrated login can also be associated can also be associated
with windows groups on either the local server or domain
sp_grantlogin [@login =] ‘login’
83. exec sp_grantlogin ‘myserverbmnantha’
exec sp_grantlogin ‘mydomainmanish’
exec sp_grantlogin ‘myserversql_dba
Creating a SQL Server User …
For example,
✓ If you have a local windows account named ‘bmnantha’ on the SQL Server itself
where the server name is myserver, you enter the following
✓ For windows domain account named ‘manish’ in the mydomain, you are entering
the following
✓ To associate local windows group called SQL_DBA , you are entering
✓ NOTE : A login must be between 1 to 128 characters in length and cannot contain
any spaces.
84. Creating a SQL Server User from Enterprise Manager
To create a new login associated with a Windows account (Windows Integrated) in Enterprise Manager,
take the following steps
1. Open Enterprise Manager
85. SQL Serve Login …
2. Expand the server group in which your server is functioning
3. Expand the server you want to create the login for
4. Expand the security container
5. Click Logins
6. On the menu bar , click action , then click new login
86. SQL Serve Login …
7. Type the name of user
8. Depending on the type of Windows account you are creating , select either
the local server name or the domain name from the domain drop-down
list. Enterprise Manager automatically fills in
the machine or domain name in front of the username
9. Select the default database for the login from the Database drop-down list.
10. Select the default language for the login from the language drop-down list.
88. SQL Serve Login …
sp_addlogin [@loginame = ] ‘login’
[ , [ @passwrd = ] ‘password’ ]
[ , [ @dbdef=] ‘database’]
[ , [ @deflanguage = ] ‘language’]
[ , [ @sid =] sid]
[ , [ @encryptopt =] ‘encryption_opotion’]
✓ The second type of login is a SQL Server Login, sometimes called a SQL Server
active login.
✓ This login associated with a windows account, instead , it is a security account
created within SQL Server itself.
✓ Creating SQL Server Logins from command line
▪ To create a SQL Server login from the Query analyzer , you use the
SP_ADDLOGIN system stored procedure.
▪ The syntax is as follows :
@loginame – choose for the login
@dbdef – Name of the default database for the user, The default is NULL
@deflanguage – The default language for the user.
The default is the current default language of the SQL Server Instance
@sid – Security Identification Number (SID).
The default is NULL, if it is NULL SQL Server
automatically generates SID for the login
@encryptopt – Specifies weather or not to encrypt the password in the database
89. SQL Serve Login …
exec sp_addlogin ‘bmnantha’ , ‘manish’
exec sp_addlogin ‘bmnantha’, ‘manish’, ‘Northwind’
For example
✓ To create a SQL Server login named ‘bmnantha’ with password ‘manish’
you issue the following command
✓ To specify a default database of Northwind for bmnantha, enter the
following
90. SQL Serve Login …
From Enterprise Manager
To create a new SQL Server login in Enterprise Manager , follow these steps
1. Open Enterprise Manager
2. Expand the server group your is in
3. Expand the server you want to create the login for.
4. Expand the Security container
5. Click Logins
6. On the menu bar , Click Action, then click New Login
7. Type the name of the user, in this case , bmnantha
8. Click the SQL Server Authentication option button
9. Provide a password for the user in the password textbox. The password is marked as
you type
10. Click OK
91. SQL Serve Login …
The following figure gives the Server login properties – new login screen
(Latest Version)
92. Removing Users
✓ Removing an ORACLE User
SQL > DROP USER SCOTT;
User Dropped
✓ If the user does not have any objects , the command is successfully executed. If the user own
any objects CASECADE option should be used
SQL> DROP USER SCOTT CASCADE;
User Dropped
✓ SQL Server: Removing Windows Integrated Logins
From the command Line : Use the SP_DENYLOGIN system procedures
sp_denylogin [ @loginame = ] ‘login’
✓ The following statement drop the login account bmnantha.
exec sp_denylogin ‘myserverbmnantha’
✓ From the Enterprise Manager
To drop the login in Enterprise Manager simply highlight the desired login and choose delete
from the action menu
93. Modifying Users
The existing user account can be changed such as password, database,
tablespace, quota, password profile, account by the DBA
✓ Modifying an ORACLE User
SQL > ALTER USER SCOTT IDENTIFIED BY LION;
User Altered
✓ SQL Server : Modifying Windows Integrated Login Attributes
✓ From the Command Line
The default database for the user initially set to master, to change the
database SP_DEFAULTDB system stored procedure is used.
sp_default [ @loginame = ] ‘login’ ,
[ @defdb =] ‘database’
✓ To change the default database to the login mydomainbmnantha , issue the
following statement
exec sp_defaultdb ‘mydomain bmnantha’ ,’Northwind’
94. Default Users
✓ ORACLE default users, will be created at the time of ORACLE software
installation
▪ SYS (Super user will all DBA rights , can’t be changed)
▪ SYSTEM (With Minimal DBA rights
▪ SCOTT (User without DBA rights)
✓ SQL server default users, will be created at the time of SQL Server
software installation
▪ SA ( System Administrator , It is equivalent to SYS in Oracle and can’t be
changed)
▪ BUILT-INAdministrators ( Associated with the local administrators’ group
on the Windows server)
95. Remote Users
✓ All the DB user accounts are created and stored in the DB regardless of
whether they are connected locally or remotely.
✓ When a user logs on to the DB through the machine where the DB is
located , called as Local user.
✓ When a user logs on to the DB through the machine where the DB is
not located , called as remote user.
✓ ORACLE10g , remote users can be authenticated by the OS provided
the REMOTE_OS_AUTHENT initialization parameter is set to TRUE.
If the parameter is set to FALSE , user can’t login from remote.
✓ SQL Server does not support this type of remote user authentication.
96. Database Links
DB2
DB LINK
✓ It is a connection from one DB to another DB
✓ The linked DBs can be like
▪ Both be ORACLE10g
▪ Both be SQL Server
▪ Mix of ORACLE10g and SQL Server
✓ A DB link enables a user to perform Data Manipulation Language (DML) or
any other valid SQL statements on a DB.
✓ The following figure gives the architecture of DB Link
✓ In Oracle 10g ,DB Links can be created in two ways as
1. Public – Which makes the database links accessible by every user in DB
2.Private – Which gives the ownership of the database to a user
The DB is not accessible by any other user unless the user has
been access by the owner
DB1
97. Database Links …
SQL > CONNECT SYSTEM@DB1
Enter password: ******
Connected
SQL > CREATE PUBLIC DATABASE LINK DB2
2 CONNECT TO CURRENT_USER
3 USING ‘DB2’
4 /
Database link created
Authentication Methods
✓ Authentication methods for connecting ORACLE10g DB using DB link
mechanism.
✓ There are three types of authentication methods when creating a DB link.
✓ Authentication Method 1: CURRENT USER
▪ This authentication method orders ORACLE10g to use the current user
credentials for authentication to the DB to which the user is trying to link.
98. Database Links …
SQL > CREATE PUBLIC DATABASE LINK DB2
2 CONNECT TO SCOTT IDENTIFIED BY TIGER
3 USING ‘DB2’
4 /
Database link created
✓ Authentication Method 2: FIXED USER
This authentication method orders ORACLE10g to use the user
password provided in this clause for authentication to the DB to
which the user is trying to link.
99. Database Links …
SQL > CREATE PUBLIC DATABASE LINK DB2
2 USING ‘DB2’
3 /
Database link created
✓ Authentication Method 3: CONNECT USER
This authentication method orders ORACLE10g to use
credentials of the connected user who has an existing account in
the database to which the user is trying to link.
100. Linked Servers
Server manish
Server bmnantha
Linked Server
✓ Linked serves allow you to connect to almost any object Linking
Embedding Database (OLEDB) or Open Database Connectivity .
✓ Microsoft SQL Server 2000 also uses the concept of linked serves.
✓ OLEDB is a Microsoft component that allows Windows applications to
connect and access different database systems.
✓ ODBC is a Microsoft protocol used for connecting Windows
applications to different DB systems
✓ The following figure represents the Linked server architecture using SQL
Server
102. Remote Servers
✓ Along the same line as Linked Servers , you can communicate with
another SQL server by creating remote server
✓ Instead of using OLEDB , communications occurs across a Remote
Procedure Call (RPC)
103. Best Practices for Administrators and Managers
✓ The DBA job is never ending and very challenging
✓ DBA is constantly performing other administrative tasks such as backup,
recovery and performance tuning.
✓ To make wise decisions DBA have the sizable responsibility of keeping up
with database practices, database technology and database security issues.
✓ These are the best practices for administrating users, privileges , and roles.
▪ Follow you company ‘s procedures and policies to create , remove or modify
database users.
▪ Always change the default password and never write it, or save it in a file that
neither encrypted nor safe.
▪ Never share the user accounts with anyone , especially DBA accounts.
▪ Always document and create logs for changes to removals of database user
accounts.
104. Best Practices for Administrators and
Managers …
✓ These are the best practices for administrating users, privileges , and
roles…
▪ Never remove an account even if it is out dated, Instead disable or revoke
connections privileges of the account.
▪ Give access permission to users only as required and use different logins
and passwords for different applications.
▪ Educate users, developers and administrators on user administration best
practices as well as the company policies and procedures.
▪ Keep abreast (up-to date) of database and security technology. Should be
aware of all new vulnerabilities that may increase database security risks.
▪ Constantly review and modify the procedures as necessary to be in line up
with the company’s policies and procedures. Keep procedures up to date
with the dynamic nature of database and security technology
105. Profiles, Password Policies, Privileges and
Roles
Introduction
✓ The key to the house is the password
✓ Put the scenario into the context of computer passwords.
✓ For home security , in addition to changing the key , you might install an
alarm, , motion detector, camera, etc.,
✓ A company’s user accounts should have equal protection.
✓ The company needs to protect its assets and enforce stringent (strict,
precise, and exacting) guidelines to protect the keys to computer accounts.
✓ This key is the password
106. Defining and Using Profiles
• A profile is a security concept that describes the limitation of database
resources that are granted database uses.
• A profile is a way of defining database user behaviour to prevent users
from wasting resources such as memory and CPU consumption
• For this reason some DBMSs have implemented the profile concept.
• Not every DBMS offers profile concept.
• ORACLE does and Microsoft SQL Server 2000 doesn’t.
107. Defining and Using Profiles…
RESOURCES
PASSWORD
PROFILE
✓ Creating Profiles in ORACLE
✓ A profile in ORACLE helps define two elements of Security
✓ Restrictions on Resources
✓ Implementation of password policy
✓ The following figure shows the two aspects of a profile in ORACLE
Aging
Usage
Verification
CPU
Memory
Connections
108. Defining and Using Profiles…
ORACLE allows you to create a profiles using the CREATE PROFILE
statement. The full syntax of the statement follows
Create profile
Resource parameters Password parameters
109. Defining and Using Profiles…
Resource Limits
Password Limits
CREATE PROFILE Profile_name
LIMIT
SESSIONS_PER_USER number
CPU_PER_SESSION hunderth of seconds
CPU_PER_CALL hunderth of seconds
CONNECT_TIME UNLIMITED minutes
IDLE_TIME minutes
LOGICAL_READS_PER_SESSION DEFAULT db_blocks
LOGICAL_READS_PER_CALL DEFAULT db blocks
COMPOSITE_LIMIT DEFAULT number
PRIVATE_SGA bytes
FAILED_LOGIN_ATTEMPTS number
PASSWORD_LIFE_TIME days
PASSWORD_REUSE_TIME number
PASSWORD_REUSE_MAX number
PASSWORD_LOCK_TIME days
PASSWORD_GRACE_TIME days
PASSWORD_VERIFY_FUNCTION function_name;
110. Defining and Using Profiles…
✓ In this syntax:
▪ First, specify the name of the profile that you want to create.
▪ Second, specify the LIMIT on either database resources or password
✓ Resource Parameters
▪ SESSIONS_PER_USER – specify the number of concurrent sessions that a user can have when
connecting to the Oracle database.
▪ CPU_PER_SESSION – specify the CPU time limit for a user session, represented in hundredth of
seconds.
▪ CPU_PER_CALL – specify the CPU time limit for a call such as a parse, execute, or fetch,
expressed in hundredths of seconds.
▪ CONNECT_TIME – specify the total elapsed time limit for a user session, expressed in minutes.
▪ IDLE_TIME – specify the number of minutes allowed periods of continuous inactive time during a
user session. Note that the long-running queries and other operations will not subject to this
limit.
▪ LOGICAL_READS_PER_SESSION – specify the allowed number of data blocks read in a user
session, including blocks read from both memory and disk.
▪ LOGICAL_READS_PER_CALL – specify the allowed number of data blocks read for a call to
process a SQL statement.
▪ PRIVATE_SGA – specify the amount of private memory space that a session can allocate in the
shared pool of the system global area (SGA).
▪ COMPOSITE_LIMIT – specify the total resource cost for a session, expressed in service units. The
total service units are calculated as a weighted sum of
of CPU_PER_SESSION CONNECT_TIME, LOGICAL_READS_PER_SESSION,
111. Defining and Using Profiles…
✓ Password_parameters
▪ You use the following clauses to set the limits for password parameters:
▪ FAILED_LOGIN_ATTEMPTS – Specify the number of consecutive failed login attempts
before the user is locked. The default is 10 times.
▪ PASSWORD_LIFE_TIME – specify the number of days that a user can use the same
password for authentication. The default value is 180 days.
▪ PASSWORD_REUSE_TIME – specify the number of days before a user can reuse a
password.
▪ PASSWORD_REUSE_MAX – specify the number of password changes required before
the current password can be reused. Note that you must set values for
both PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX parameters make
these parameters take effect.
▪ PASSWORD_LOCK_TIME – specify the number of days that Oracle will lock an
account after a specified number of a consecutive failed login. The default is 1 day if you
omit this clause.
▪ PASSWORD_GRACE_TIME – specify the number of days after the grace period starts
during which a warning is issued and login is allowed. The default is 7 days when you
omit this clause.
✓ Note that to create a new profile, your user needs to have the CREATE PROFILE system
privilege.
112. Defining and Using Profiles…
Setting Profile Resource Limits: Example The following statement
creates the profile app_user:
SQL> CREATE PROFILE app_user
2 LIMIT
3 SESSIONS_PER_USER UNLIMITED
4 CPU_PER_SESSION UNLIMITED
5 CPU_PER_CALL 3000
6 CONNECT_TIME 45
7 IDLE_TIME 15
8 LOGICAL_READS_PER_SESSION DEFAULT
9 LOGICAL_READS_PER_CALL 1000
10 PRIVATE_SGA 15K
11 COMPOSITE_LIMIT 5000000;
12 /
Profile created
113. Defining and Using Profiles…
✓ To view all profiles created in the database , query the data dictionary view,
DBA_PROFILES
SQL> select * from dba_profiles where profile = 'DEFAULT';
PROFILE RESOURCE_NAME RESOURCE_TYPE LIMIT
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_GRACE_TIME PASSWORD UNLIMITED
16 rows selected.
114. Defining and Using Profiles…
✓ To Modify a limit for profile , you use ALTER PROFILE as follows
SQL> ALTER PROFILE APP_USER
2 LIMIT IDLE_TIME 30;
Profile altered
✓ To assign a profile , use ALTER USER as follows
SQL> ALTER USER BMNANTHA PROFILE APP_USER
2 /
User altered
✓ In SQL Server 2000 or 2005 profiles of similar objects are not available
115. Designing and Implementing password policies
✓ Password is key to opening the user account.
✓ The stronger the password, the longer it takes a hacker to break it.
✓ Many hackers security violations begin with breaking password.
✓ If you joining any financial company the orientation program on
security administration including password selection, password
storage, and the company’s policies on password.
116. Designing and Implementing password policies …
✓ Password policy is a set of guidelines that enhances the
robustness of the password and reduces the likelihood of its
being broken
✓ Importance of Password Policies
▪ The frontline defence of your account is your password.
▪ If your password is weak, the hacker can break in, destroy your
data, and violate your sense of security .
▪ For this specific reason, most of the companies invest
considerable resources to strengthen authentication by adopting
technological measures that protect their assets.
117. Designing and Implementing password policies …
Designing password policies
✓ Most companies use a standard set of guidelines for their password policies
✓ These guidelines can comprise one or more of the following
✓ Password Complexity – A set of guidelines used when selecting
password, for example minimum 8
characters, 1 special character, 1 Capital
letter, etc.,
The purpose of password complexity is to
decrease the chances of a hacker guessing or
breaking a password.
✓ Password Aging – Indication of how long the password
can be used before it expires
✓ Password usage – Indication of how many times the same
password can be used
✓ Password storage – A method of storing a password in an
encrypted manner
118. Designing and Implementing password policies …
✓ Implementing Password Policies
✓ How to implement password policy depends on whether or not DBMS provides
functions that support password security
✓ ORACLE has invested heavily in providing mechanism to enforce security ,
including implementation of password policies.
✓ Whereas a Microsoft SQL Server depends on the OS to implement password
policies.
120. Designing and Implementing password policies …
✓ Oracle password security profile parameters
✓ Here are the password security parameters:
▪ failed_login_attempts - This is the number of failed login attempts before locking the
Oracle user account. The default in 11g is 10 failed attempts.
▪ password_grace_time - This is the grace period after the password_life_time limit is
exceeded.
▪ password_life_time - This is how long an existing password is valid. The default in
11g forces a password change every 180 days.
▪ password_lock_time - This is the number of days that must pass after an account is
locked before it is unlocked. It specifies how long to lock the
account after the failed login attempts is met. The default in 11g
is one day.
▪ password_reuse_max - This is the number of times that you may reuse a password and
is intended to prevent repeating password cycles (north, south,
east, west).
▪ password_reuse_time - This parameter specifies a time limit before a previous
password can be re-entered. To allow unlimited use of
previously used passwords, set password_reuse_time to
UNLIMITED.
▪ password_verify_function - This allows you to specify the name of a custom password
verification function.
121. Designing and Implementing password policies …
✓ Profile creation using ORACLE Enterprise Manager Security Tools
122. Designing and Implementing password policies …
Password Policies in SQL Server
✓ Microsoft SQL Server 2000 as a stand-alone product, does not provide for password policy
enforcement when logging on a SQL Server
✓ Microsoft architecture follows a model known as an Integrated Server System.
✓ In this method all the server applications and the resources they provide are tightly
integrated with the Windows server system and its security architecture.
✓ Password policy enforcement in a SQL Server environment handled by implementing SQL
server in Windows authentication mode and applying polices within the Windows Server
System
✓ There are two authentication protocols supported by Windows
▪ NTLM (Network LAN Manager)
▪ Kerberos 5
123. Designing and Implementing password policies …
NTLM
✓ NTLM authenticates using a challenge / response methodology
✓ When the user attempt to access a resource , the server hosting the
resource “challenges” , user to prove his / her identity.
✓ User then issue a “response” to that challenge
✓ If the response is correct then the user is authenticated to the server.
✓ The server goes through an authorization process for the requested
resource.
124. Workstation Server
Message 1
Message 2
Message 3
Designing and Implementing password policies …
✓ Authentication process consists of three messages
✓ Message 1 : Sent from the client to the server and is the initial request for authentication
✓ Message 2 : Sent from the server to client, contains challenge ( Eight bytes of Random
Data)
✓ Message 3 : Sent from client to server , contains response to the challenge
✓ The response is a 24-byte DES encrypted hash of the 8 byte challenge that can be decrypted
only by a set of DES keys created using the user’s password.
✓ The benefit to NTLM is that password are verified without ever actually sending the
password across the Web
125. Designing and Implementing password policies …
Kerberos
✓ Kerberos authentication differs from NTLM in many ways.
✓ Instead of using password encrypt / decrypt challenge / response messages, a secret key,
known only to the server and client and also unique to the session, used to encrypt the
handshake data.
✓ This allows not only for the server to validate the authenticity of client , but for the client
to validate the authenticity of the server.
✓ This is an important difference and is one the reason Kerberos is more secure than NTLM
✓ Kerberos authentication requires a trusted third resource known as Key Distribution
Center (KDC).
✓ The KDC generates the secret key for each session established.
✓ The new session ticket , containing the new key, has a time-out value associated with it.
126. Designing and Implementing password policies …
✓ Once the secret key is obtained from the KDC
▪ The client encrypts its request for a resource with the secret key.
▪ The server decrypts the message using the same key, decrypts just
on time stamp on the message and send back to client.
▪ This tells the server and the client has the same key for the session
which is established.
127. Workstation Server
Clients wants to access a Server
KDC issues key : Kclient {Scs for Server} , ticket = Kserver {Scs for Client}
KDC generates a key and issues a session ticket to the client
Workstation Server
Scs { Client Credentials , time}, ticket = Kserver { Scs for Client }
Scs { time }
Client sends authentication proof to the server
Designing and Implementing password policies …
The following figures explain the authentication process in Kerberos
128. Granting and Revoking User Privileges
✓ Privilege is a method to permit or deny access to data or to perform
database operations (Data Manipulation)
✓ Privileges in ORACLE
▪ System Privileges – Privileges granted only by DBA or users who have
been granted the administration option.
▪ Object Privileges – Privileges granted to an ORACLE user by the scheme
owner of a database object or a user who has been
granted the GRANT option.
129. Granting and Revoking User Privileges …
✓ Object Privileges:
All DML are come
into object privileges
▪ INSERT
▪ UPDATE
▪ DELETE
▪ SELECT
▪ INDEX
▪ REFERENCES
✓ System Privileges :
There are more than 100
system privileges in
ORACLE , these are some
important frequently used
privileges
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
CREATE USER
CREATE SESSION
CREATE ROLE
CREATE PROCEDURE
CREATE TRIGGER
CREATE TABLESPACE
CREATE TYPE
CREATE DATABASE LINK
CREATE TABLE
CREATE VIEW
CREATE SEQUENCE
DROP VIEW
DROP USER
DRO P TABLE
130. Granting and Revoking User Privileges …
SQL GRANT Command
SQL GRANT is a command used to provide access or privileges on
the database objects to the users.
✓ The Syntax for the GRANT command is:
GRANT privilege_name ON object_name TO {user_name |PUBLIC
|role_name} [WITH GRANT OPTION];
✓ privilege_name is the access right or privilege granted to the user. Some of the access
rights are ALL, EXECUTE, and SELECT.
✓ object_name is the name of an database object like TABLE, VIEW, STORED PROC and
SEQUENCE.
✓ user_name is the name of the user to whom an access right is being granted.
✓ PUBLIC is used to grant access rights to all users.
✓ ROLES are a set of privileges grouped together.
✓ WITH GRANT OPTION - allows a user to grant access rights to other users.
Eaxmple :
SQL > Grant select on emp to bmnantha;
Grant succeeded
The schema owner of emp object gave select privilege to user bmnantha
131. Granting and Revoking User Privileges …
SQL REVOKE Command:
The REVOKE command removes user access rights or privileges to the
database objects.
✓ The Syntax for the REVOKE command is:
REVOKE privilege_name ON object_name
FROM {user_name |PUBLIC |role_name}
✓ Example :
SQL > Revoke select on emp from bmnantha;
Revoke succeeded
The schema owner of emp object get back the select privilege to user
bmnantha
132. Granting and Revoking User Privileges …
Privileges in SQL Server
✓ SQL Server has four levels of permissions
▪ System or Server level
▪ Database level
▪ Table (Object) level
▪ Column level
✓ Note : It is important to note that having server or database level permission
doesn’t mean you have access to subordinate objects.
133. Granting and Revoking User Privileges …
Privileges in SQL Server
Server Privileges
✓ Sysadmin – Can perform any function within the system
✓ Serveradmin – Can perform certain server-level functions.
✓ Setupadmin – Can manage linked servers and startup procedures
✓ Securityadmin – Can manage logons, change passwords
✓ Processadmin – Can manage processes running
✓ Dbcreator – Create, Alter and Drop Databases
✓ Diskadmin – Can manage the disk files for the server and database
✓ Bulkadmin – Can insert bulk insert operations
134. Granting and Revoking User Privileges …
Privileges in SQL Server
Database Privileges – Fixed Database Roles
✓ db_owner – Have complete access to the database
✓ db_accessadmin – Can add or remove users
✓ db_securityadmin – Can change all permissions, object ownership, roles and role
membership
✓ db_ddladmin – Can execute all DDL statements
✓ db_backupoperator – Can execute DBCC statements ( DBCC is a SQL Server tool
used for DB performance)
✓ db_datareader – Can issue SELECT and READTEXT statements
✓ db_datawriter – Can issue INSERT, UPDATE, DELETE and UPDATENEXT
statements
✓ db_denydatareader – Explicitly denied SELECT and READTEXT statements
✓ db_denydatawriter – Explicitly denied INSERT, UPDATE, DELETE and
UPDATENEXT statements
135. Granting and Revoking User Privileges …
Privileges in SQL Server
Database Privileges – Statement permissions
✓ CREATE TABLE
✓ CREATE VIEW
✓ CREATE PROCEDURE
✓ CREATE FUNCTION
✓ CREATE DEFAULT
✓ CREATE ROLE
✓ BACKUP DATABASE
✓ BACKUP LOG
136. Granting and Revoking User Privileges …
Privileges in SQL Server
Table and Database Objects privileges and Column level privileges
✓ Same as ORACLE Grant and Revoke command.
✓ Refer Slide numbers : 68 and 69
137. Creating , Assigning and Revoking User Roles
Creating role with ORACLE
✓ NOT IDENTIFIED Clause - Specify NOT IDENTIFIED to indicate that this role is
authorized by the database and that no password is
required to enable the role.
✓ IDENTIFIED Clause - Use the IDENTIFIED clause to indicate that a user must be
authorized by the specified method before the role is
enabled with the SET ROLE statement.
138. CREATE ROLE dw_manager;
CREATE ROLE dw_manager IDENTIFIED BY warehouse;
CREATE ROLE warehouse_user IDENTIFIED GLOBALLY;
CREATE ROLE warehouse_user IDENTIFIED EXTERNALLY;
Creating , Assigning and Revoking User Roles …
Creating role with ORACLE – Example
✓ The following statement creates the role dw_manager:
▪ Users who are subsequently granted the dw_manager role will inherit all of the
privileges that have been granted to this role.
✓ You can add a layer of security to roles by specifying a password, as in the following
example:
▪ Users who are subsequently granted the dw_manager role must specify the
password warehouse to enable the role with the SET ROLE statement.
✓ The following statement creates global role warehouse_user:
✓ The following statement creates the same role as an external role:
139. Creating , Assigning and Revoking User Roles …
SQL > GRANT CREATE SESSION TO dw_manager;
Grant succeeded
SQL > GRANT dw_manager to bm_nantha;
Grant succeeded
Assigning Role to User in ORACLE - Example
✓ To assign privileges to role issue the following statement
✓ To assign a role to a user (Ex: bm_nantha) issue the following
statement
140. sp_addrole [ @rolename = ] ‘role’ [ , [ @ownername = ] ‘owner’ ]
use northwind
exec sp_addrole ‘sales’
exec sp_addrolemember ‘sales’ , ‘bm_nantha’
Creating , Assigning and Revoking User Roles …
Create Roles with SQL Server
✓ To create a new database role using Query Analyzer , execute the
SP_ADDROLE system stored procedure
@rolename – The name of the new role
@ownername – The owner of new role , default is dbo
✓ To add the role of “sales” to the database Northwind
✓ To add the user bm_nantha to the role sales
141. Creating , Assigning and Revoking User Roles …
DROP ROLE dw_manager;
use northwind
exec sp_droprolemember ‘sales’ , ‘jason’
Dropping a Role in ORACLE
✓ Example : To drop the role dw_manager, issue the following statement
Dropping a Role in SQL Server
✓ Example : To drop the user ‘bm_nantha’ from the role sales, issue the following
statement
142. Creating , Assigning and Revoking User Roles
Best Practices
✓ Never store passwords in plain text, make sure it is encrypted
✓ Change passwords frequently
✓ Make sure the passwords are complex
✓ Pick password that you can remember
✓ Use roles to control administer privileges
✓ Should report the compromise or loss of password security
✓ Should report to security any violation of company guidelines like roles, profiles,
privileges, passwords, etc.,
✓ Never give / share the password
✓ Never give the password over the phone
✓ Never type your password in an e-mail
✓ Use Windows integrated security mode for securing SQL Server
✓ Use Kerberos
✓ When Configuring Policies:
Require complex passwords , Set an account lockout threshold Do not allow
passwords to automatically reset , Expire end-user passwords , Enforce password
history
144. References :
1) Hassan A. Afyouni, “Database Security and Auditing”, Third Edition,
Cengage Learning, 2009
2) Charu C. Aggarwal, Philip S Yu, “Privacy Preserving Data Mining”:
Models and Algorithms, Kluwer Academic Publishers, 2008
3) Ron Ben Natan, ”Implementing Database Security and Auditing”,
Elsevier Digital Press, 2005.
4) http://adrem.ua.ac.be/sites/adrem.ua.ac.be/files/securitybook.pdf
5) www.docs.oracle.com
145. UNIT III - Database Application Security Models &
Virtual Private Databases
✓ Introduction
✓ Types of Users
✓ Security Models
✓ Application Types
✓ Application Security Models
✓ Data Encryption
✓ Overview of VPD
✓ Implementation of VPD using Views
✓ Application Context in Oracle
✓ Implementing Oracle VPD
✓ Viewing VPD Policies and Application contexts using
Data Dictionary
✓ Policy Manager Implementing Row
✓ Column level Security with SQL Server
146. Introduction
✓ A Database user being used to log on ( be authenticated ) to an
application
✓ For each application user , a database account must be created and
assign specific privileges.
✓ Application
▪ A program that solves a problem or performs a specific business
function
✓ Database
▪ A collection of related data files used by an applications
✓ DBMS
▪ A collection of programs that maintain data files (Database)
147. Types of Users
✓ Application Administrator – Has application privileges to administer application
users and their roles ( do not require any special database privileges )
✓ Application owner – User who owns application tables and objects
✓ Application user – Perform tasks within the application
✓ DBA – Perform any administration tasks
✓ Database user- user account that has database roles and/or privileges assigned
to it
✓ Proxy user – User is employed to work on behalf of an application user
✓ Schema owner - User that owns database objects
✓ Virtual user – An account that has access to the database through another
database account; a virtual user is referred to in some cases as a proxy user
151. Security Models…
Access Modes Model
✓ This model based on the Take-Grant models
✓ It uses both subject and object
✓ Object is the main security entity
✓ Access mode indicates that the subject can perform any task or not
✓ There are two modes
▪ Static Modes
▪ Dynamic Modes
152. Security Models…
Access Modes – Static Modes
Access Mode Level Description
Use 1 Allows the subject to access the object without
modifying
Read 2 Allows the subject to read the content of the object
Update 3 Allows the subject to modify the content of the object
Create 4 Allows the subject to add instance to the object
Delete 4 Allows the subject to remove instance to the object
153. Security Models…
Access Modes – Dynamic Modes
Access Mode Level Description
Grant 1
Allows the subject to grant any static access mode to any
other subject
Revoke 1
Allows the subject to revoke a granted static access mode
from the subject
Delegate 2
Allows the subject to grant the grant privileges to other
subjects
Abrogate 2
Allows the subject to grant the revoke privileges to other
subjects
154. Application Types
✓ Mainframe applications
✓ Client / Server Applications
✓ Web Applications
✓ Data warehouse applications
155. Workstation Mainframe
Server
CODE
DB
Server
Application Types …
Mainframe applications
✓ Years back computing in corporations was centralized in the Management Information
System(MIS)
✓ MIS department is responsible for all information
✓ MIS mainly developed for Mainframe projects The following figure is Mainframe
application architecture
156. Application Types …
Client / Server Applications
✓ To overcome the limitations in MIS department the client / server architecture was
introduced
✓ It is based on a business model, client request and the server respond
✓ Client / Server architecture became a dominating configuration for all applications
▪ Flexible
▪ Scalable
▪ Processing power
✓ Three main components typically found in Client / Server architecture
▪ User interface component – Represents all screens, reports, etc.,
▪ Business logic component – Contains all the codes related to data
validations
▪ Data access component – Contains all the codes related to retrieves,
inserts, deletes and updates
157. CLIENT
Tier 5
Tier 4
Business
Logic
Tier 3
Business
Logic
Tier 2
User
Interface
Tier 1
SERVER
Application Types …
Client / Server Applications
✓ A client / server application consists of minimum of two tiers .
✓ Normally four to five tiers is the maximum configuration
✓ The following figure represents the logical components of a client server architecture
158. Application Types …
Client Server
Business
Logic
DB
Server
Data
Access
User
Interface
Client / Server Applications
✓ The following figure represents the physical architecture of a client/server
application
✓ The data access component of client server architecture is the component
responsible for retrieving and manipulating data.
✓ The security model should be embedded in this component.
159. Application Types …
CLIENT
Web Applications
✓ Client server application once dominated but not for long.
✓ Another architecture evolved with rise of dot-com and Web-based companies
✓ The new client / server architecture is based on the web and it is referred as a web
application or a Web-based application
✓ Web application uses HTTP protocol to connect and communicate to the server.
✓ Web pages are embedded with other web services.
✓ The following figure represents the logic components of Web application
architecture
Web browser layer Tier 1
Web server layer Tier 2
Application server layer Tier 3
Business logic layer Tier 4
Database server layer Tier 5
SERVER
160. Application Types …
Components of Web application
✓ Web browser layer - Atypical browser program that allows user to
navigate through web pages found on the internet.
✓ Web server layer – A software program residing on a computer
connected to Internet
✓ Application server layer - A software program residing on a computer that is
used for data processing
✓ Business logic layer – A software program that implements business rules
✓ Database server layer – A software program that stores and manages data
161. Application Types …
✓ The following figure shows a physical architecture that is typical for a
web-based application.
✓ In this architecture , each layer resides on a separate computer
✓ One or more web application layers could be housed on one computer
✓ The main reason for separating web application layers to reside on different
computers is to distribute the processing load
Server
Client
DB
Server
Internet
Business
Logic
Web
Server
Application
Server
162. Application Types …
Data Warehouse Applications
✓ DW is subject oriented , time variant, non volatile and integrated system.
✓ DWs are decision support system.
✓ DW is a collection of many types of data taken from different data sources.
✓ The architecture of these types of data warehousing applications is typically of
a database server on which the application resides.
✓ The DW is accessed by software applications or reporting applications called
OLAP ( OnLine Analytical Processing)
163. Application Types …
✓ The following figure shows the Physical and Logical structure of a data
warehouse
Server
Client Server
DB
Server
DB
Server
Transform
Data Application
Server
Server
Data
Warehouse
Database
DB
Server
Application
Data
Source
166. Application Security Models
✓ Database role based
✓ Application role based
✓ Application function based
✓ Application role and function based
✓ Application table based
167. Application Security Models …
Security Model based on Database Roles
✓ This model depends on the application to authenticate the application users
by maintaining an end users in a table with their encrypted passwords
✓ In this model each end user is assigned a database role
✓ The user can access whatever the privileges are assigned to the role
✓ In this model proxy user needed to activate assigned roles
✓ The following figure shows the data model for this application (Security data
model based on database roles)
APPLICATION USERS APPLICATION USERS ROLES
ROLE_NAME
CTL_INS_DTIM
CTL_UPD_DTIM
CTL_USER_USER
CTL_USER_STAT
APP_USER-ID (FK)
APP-USERNAME
APP_ENC_PASSWORD
FIRST_NAME
LAST_NAME
CTL_INS_DTIM
CTL_UPD_DTIM
CTL_UPD_USER
CTL_REC_STAT
APP_USER_ID
169. Application Security Models …
Tables used in security data model based on database roles
TABLE NAME DESCRIPTION
APPLICATION_USERS
Stores and maintain all end users of the
applications with their encrypted
passwords
APPLICATIONS_USERS_ROLES
Contains all roles defined by the
application and for each role that a
privilege is assigned , the privileges can be
read, write or read/write
170. Authorization table
All application tables are owned
by schema owner including
authorization table
Application Security Models …
Architecture of a security data model based on database roles
Application
End User
Schema Owner
Proxy user has read access
to authorization table and
Is assigned to all application
roles
Application User with
no database privileges
Contains three columns:
Username, password and role
171. Application Security Models …
The following points on this type of security model are worth noting:
✓ This model uses the DB role functionality
✓ Therefore it is DB independent
✓ If the roles are implemented poorly , the model does not work properly
✓ Privileges to table are also DB dependent
✓ Can isolate the application security from the DB
✓ Maintenance of the application security does not require specific DB privileges
✓ Password must be surely encrypted
✓ The application must use proxy users to log on and connect to the application
database and activate specific roles for each database session
172. Application Security Models …
Implementation in ORACLE
1. Creating the users by entering the following code:
Creating Application Owner
SQL > CREATE USER APP_OWNER IDENTIFIED BY APP_OWNER
2 DEFAULT TABLESPACE USERS
3 TEMPORARY TABLESPACE TEMP
4 QUOTA UNLIMITED ON USERS;
User created
SQL> GRANT RESOURCE, CREATE SESSION TO APP_OWNER;
Grant succeeded
Creating Proxy User
SQL > CREATE USER APP_PROXY IDENTIFIED BY APP_PROXY
2 DEFAULT TABLESPACE USERS
3 TEMPORARY TABLESPACE TEMP;
User created
SQL> GRANT CREATE SESSION TO APP_PROXY;
Grant succeeded
174. Application Security Models …
Creating Application Roles
SQL> CONNECT SYSTEM@DB
Enter password: *******
Connected
SQL> CREATE ROLE APP_MGR;
Role created
SQL> CREATE ROLE APP_SUP;
Role created
SQL> CREATE ROLE APP_CLERK;
Role created
SQL> GRANT APP_MGR, APP_SUP, APP_CLERK TO APP_PROXY;
Grant succeeded
SQL> ALTER USER “APP_PROX” DEFAULT ROLE NONE;
User altered
175. Application Security Models …
Assign grants
SQL> CONNECT APP_OWNER@DB
Enter password : *********
Connected
SQL> GRANT SELECT,INSERT,UPDATE,DELETE ON CUSTOMER TO APP_MGR;
Grant succeeded
SQL> GRANT SELECT,INSERT,UPDATE,DELETE ON CUSTOMER TO APP_SUP;
Grant succeeded
SQL> GRANT SELECTON CUSTOMER TO APP_CLREK;
Grant succeeded
SQL > GRANT SELECT ON AUTH_TABLE TO APP_PROXY;
Grant succeeded
176. Application Security Models …
2. Add rows to the CUSTOMER table
SQL> CONN APP_OWNER@DB
Enter password : *********
Connected
SQL> INSERT INTO CUSTOMERS VALUES (1, ‘Tom’);
1 row inserted
SQL> INSERT INTO CUSTOMERS VALUES (2, ‘Linda’);
1 row inserted
SQL> COMMIT
Commit complete
177. Application Security Models …
3. Add a row for an application user called APP_USER:
SQL> INSERT INTO AUTH_TABLE VALUES (100, ’APP_USER’
‘d323deq4fdfgdgg’, ‘APP_CLERK’);
1 row inserted
4. Now assume that APP_USER is trying to log in through PROXY_USER.
Your application should look up the role of the user by using the SELECT
statement and activating that role:
SQL> SELECT APP_ROLE FROM AUTH_TABLE WHERE APP_USERNAME =
‘APP_USER’;
APP_ROLE
APP_CLERK
178. Application Security Models …
5.Activate the role for this specific APP_USER session:
SQL> CONN APP_PROXYUSER
Enter password : **********
Connected
SQL> SET ROLE APP_CLERK;
Role set
SQL> SELECT * FROM SESSION_ROLES;
ROLE
APP_CLERK
179. Application Security Models …
Implementation in SQL Server
✓ In SQL Server 2000 you are using application roles.
✓ Application roles are the special roles you create in the database, that are then
activated at the time of authorization.
✓ Application roles requires a password and cannot contain members
✓ Application roles are inactive by default
✓ Application roles can be activated using the SP_SETAPPROLE , system stored
procedure
180. sp_addapprole [ @rolename = ] ‘role’, [@password =] ‘password’
exec sp_addapprole ‘clerk’, ‘Clerk@ccess’
Application Security Models …
Creating Application Roles using the command line
✓ To create an application role in the Query Analyzer, use the SP_ADDPROFILE
system-stored procedure
Where :
@rolename – The name of the application role ( The value must be a valid
identifier and cannot already exist in the database)
@password – The password required to activate the role. (SQL Server stores
the password as an encrypted hash)
Example :
To create the application role of clerk for your Pharmacy database , use this command
181. Application Security Models …
Creating Application Roles using SQL
Server Enterprise Manager
Follow the steps
1. Open Enterprise Manager
2. Expand the Role container for your
Pharmacy database. Right click in the
right pane, the select New Database
Role
3. Type the name db_accessadmin in the
name box
4. Select Application Role under
Database role type
5. Enter password db@ccess in the text
box
6. Click OK to create the role.
182. Application Security Models …
sp_dropapprole [@rolename = ] ‘role’
Dropping application Roles using Command line
✓ To drop an application role , using the Query Analyzer ,use the
SP_DROPAPPROLE system-stored procedure
Where
@rolename – The Application role to drop.
Dropping application Roles using Enterprising Manager
✓ Follow the steps
1. Open Enterprise Manager
2. Expand the roles container of the database from which you are dropping
the role
3. Select and Delete the desired role
183. Application Security Models …
APP_ROLE_NAME
APP_ROLE_DESCRIPTION
APP_ROLE_PRIVILEGE
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_ROLE_ID
Security Model based on Application Roles
✓ Depends on the application authenticate the application users.
✓ Authentication is accomplished by maintaining all end users in a table with their
encrypted passwords.
✓ Each end user is assigned an application role to read / write specific modules of
the applications.
✓ The following table contains the description of tables used for this model.
APPLICATION_USERS
APPLICATION USERS
APP_ROLE_ID (FK)
APP_USERNAME
APP_ENC_PASSWORD
FIRST_NAME
LAST_NAME
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_USER_ID
184. Application Security Models …
Authorization table
All application tables are owned
by schema owner including
authorization table
Architecture of Security Model based on Application Roles
Application
End User
Schema Owner
Application User with
no database privileges
Contains three columns:
Username, password and role
185. Application Security Models …
Security Model based on Application Roles
✓ When considering this security model , keeps this point in mind
▪ This model is primitive and does not allow the flexibility required to make
changes necessary for security
▪ Privileges are limited to any combination like read, add, read / update /
admin and so on
✓ The following list presents characteristics of this security model
▪ Isolating the application security from the database
▪ Only one role is assigned to an application user
▪ This lowers the risk of database violations
▪ Passwords must be securely encrypted
▪ The application must use a real database user to log on and connect to the
application database
186. Application Security Models …
APP_FUNCTION_PRIVILEGE_OPERATION
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_FUNCTION_PRIVILEGE_ID
Security Model based on Application Functions
✓ Based on application functions depends on the application to authenticate the
application users
✓ Application divided into functions
✓ The following figure represents a data model for this type of application
APPLICATION_USERS APPLICATION_USERS_FUNCTIONS APPLICATION_FUNCTIONS
APPLICATION_FUNCTION_PRIVILEGE
APP_FUNCTION_NAME
APP_FUNCTION_DESCRIPTION
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_FUNCTION_ID
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_USER_ID (FK)
APP_FUNCTION_ID (FK)
APP_FUNCTION_PRIVILEGE_ID (FK)
APP_ROLE_ID (FK)
APP_USERNAME
APP_ENC_PASSWORD
FIRST_NAME
LAST_NAME
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_USER_ID
187. Application
End User
Schema Owner
Authorization
tables owned
by application
owner
Application User with
no database privileges
Contains three columns:
Username, password and role
All application tables are owned
by schema owner including
authorization table
Application Security Models …
Architecture of Security Model based on Application Functions
Schema Owner
188. Application Security Models …
The following list presenting the characteristics of this security model
▪ Isolating the application security from the database
▪ Only one role is assigned to an application user
▪ This lowers the risk of database violations
▪ Passwords must be securely encrypted
▪ The application must use a real database user to log on and connect to the
application database
▪ The application must be designed in a granular module.
189. Application Security Models …
Security model based on Application Roles and Functions
✓ It is a combination of both the role and function security model
✓ Depends on the application to authenticate the application users
✓ The application authenticates users by maintaining all end users in a table with
their encrypted passwords
✓ Applications are divided into functions and roles are assigned to functions that
are in turn assigned to users.
✓ This model is highly flexible in implementing application security.
190. Application Security Models …
APP_USERNAME
APP_ENC_PASSWORD
FIRST_NAME
LAST_NAME
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_USER_ID
CTL_INS_DTIM
CTL_UPD_DTIM
CTL_USER_USER
CTL_USER_STAT
APP_USER-ID (FK)
APP_ROLE_ID (FK)
✓ The following figure represents a data model for Security Model Based
on Application showing the ER Diagram
APPLICATION_USERS
APPLICATION_FUNCTIONS
APPLICATION USERS ROLES
APPLICATION_ ROLE_FUNCTIONS
APPLICATION _ROLES
APPLICATION_FUNCTION_PRIVILEGE
APP_FUNCTION_PRIVILEGE_DESCRIPTION
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_FUNCTION_PRIVILEGE_ID
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_FUNCTION_ID (FK)
APP_ROLE_PRIVILEGE (FK)
APP_ROLE-ID (FK)
APP_FUNCTION_NAME
APP_FUNCTION_DESCRIPTION
CTL_INS_DTTM
CTL_UPD_DTTM
CTL_UPD_USER
CTL_REC_STAT
APP_FUNCTION_ID
APP_ROLE-ID
APP_ROLE_NAME
APP_ROLE_DESCRIPTION
APP_ROLE_PRIVILEGE
CTL_INS_DTIM
CTL_UPD_DTIM
CTL_USER_USER
CTL_USER_STAT