SlideShare a Scribd company logo

5db-security.pdf

H
HODCA1

DATAASE Security

Technology
1 of 30
Download to read offline
Introduction
Introduction Most DBMS did not have a secure mechanisms for authentication and encryption until recently. DBA is required to have an additional skill-that of implementing security policies that protect one of the most valuable assets of company-its data. Database Security is degree to which all data is fully protected from tampering and unauthorized acts.
CIA Triangle
Three Key Objectives Confidentiality Data confidentiality Privacy Integrity Data integrity System integrity Availability
Confidentiality Addresses two aspects First aspect is prevention of unauthorized individuals from accessing secret information. Second aspect is process of safe guarding confidential information and disclosing secret information only to authorized individuals by means of classifying information
Confidentiality Classification Less More Control Few Many People
Integrity Consistent and valid data Data is considered to have integrity if it is accurate and has been tampered with intentionally or accidentally.
Degradation of data integrity Invalid data Redundant Data (lead to inconsistency and data anomalies) Inconsistent data (redundant data resides in several places, is not identical) Data Anomalies (occurs when one occurrence of the repeated data is changed and the other occurrences are not)
Degradation of data integrity Data read inconsistency (data changes that are made by the user are visible to others before changes are committed; indicates user does not always read the last committed data) Data non concurrency
Availability System should be available to individuals who are authorized to access the information.
Database security access points A security access point is place where database security must be protected and applied. People (secure data within the DB against violations caused by people) Applications (when granting security privileges to applications, be cautious, permissions shouldn’t too loose/too restrictive) Network
Database security access points OS (gateway to data, security credentials must be verified) DBMS Data Files (make use of encryption and permissions to protect data files belonging to database) Data
Data Integrity violation process Security Access points Are unprotected Data Integrity Violation Process of security gap resulting in security breach
Data Integrity violation process Security gaps are points at which security is missing, and thus system is vulnerable. Vulnerability is state in which an object can potentially be affected by a force or another object or even a situation but not necessarily is or will be. Threat is defined as security risk that has high possibility of becoming a system breach.
Database Security Levels
Database Security Levels VIEW database object is stored query that returns columns and rows from selected tables. Data provided by view object is protected by database system functionality that allows schema owners to grant or revoke privileges. Data files in which data resides are protected by database and that protection is enforced by OS file permissions. Finally database is secured by DBMS (through accounts and password mechanism, privileges, permissions to few)
Menaces to Databases Security Vulnerability Security Threat (security violation that can happen any time because of security vulnerability) Security Risk (A known security gap that company intentionally leaves open)
Types of Vulnerabilities Susceptible to attack Intruders, attackers exploit in our environment to start their attacks. Hackers usually explore the weak points of a system until they gain entry through gap in protection.
Types of Vulnerabilities Installation and configuration (results from default installation/configuration which is known publicly and we don’t enforce any security measures) User mistakes (due to carelessness in implementing procedures) Software (found in commercial softwares, patches not applied) Design and implementation (due to improper software analysis, design as well as coding deficiencies)
Types of Threats People (people intentionally/unitentionally inflict damage, e.g. hackers,terrorists) Malicious code (software code that is intentionally written to damage the components, e.g. viruses) Natural disasters Technological disasters (malfunction in equipment, e.g. network failure, hardware failure)
Virus Worm Back Door Trojan Horse Rootkits
Types of Risks People (loss of people who are vital components of DB, e.g. due to resignation) Hardware (results in hardware unavailability, down due to failure, malfunction) Data (data loss, corruption) Confidence (loss of public confidence in data produced by company)
Asset Types and their values Physical Assets (hardware, cars) Logical Assets (purchased softwares, OS, DB) Intangible Assets (business reputation, confidence) Human Assets (human skills, knowledge)
Security Methods People a.Security policies & procedures b.Process of identification and authentication c. Training courses on importance of security d.Physical limits on access to hardware and documents
Security Methods Applications a.Authentication of users who access b.Business rules c. Single sign on ( signing on once for different applications)
Security Methods Network a.Firewalls b.VPN c. Authentication
Security Methods OS a.Authentication b.Intrusion Detection c. Password Policy d.User Accounts
Security Methods DBMS a.Authentication b.Audit Mechanisms c. Database resource limits d.Password Policy
Security Methods Data Files a.File Permissions b.Access Monitoring Data a.Validation b.Data access c. Encryption d.Data constraints
Database Security Methodology Identification (investigation of resources reqd., policies to be adopted) Assessment (analysis of vulnerabilities, threats and risks) Design (blueprint of adopted security model) Implementation (code developed, tools purchased) Evaluation (testing system against attacks, failures, disasters) Auditing

Recommended

Database security
Database securityDatabase security
Database securityMehrdad Jingoism
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdfKarthick Panneerselvam
 
Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Chap05
Chap05Chap05
Chap05sumit621
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptxFarhanaMariyam1
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Dstca
DstcaDstca
Dstcaajay vj
 

Recommended

Database security
Database securityDatabase security
Database securityMehrdad Jingoism
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdfKarthick Panneerselvam
 
Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Chap05
Chap05Chap05
Chap05sumit621
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptxFarhanaMariyam1
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Dstca
DstcaDstca
Dstcaajay vj
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
Database security 12.pdf
Database security 12.pdfDatabase security 12.pdf
Database security 12.pdfShajanShajan2
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxExcel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxgitagrimston
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxglendar3
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxtodd581
 
Comparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptxComparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptxGreen University of Bangladesh
 
OPERATING SYSTEM
OPERATING SYSTEMOPERATING SYSTEM
OPERATING SYSTEMMuruganandamC3
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptxGreen University of Bangladesh
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
Chapter14 -- networking security
Chapter14 -- networking securityChapter14 -- networking security
Chapter14 -- networking securityRaja Waseem Akhtar
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Running head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxRunning head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup systemEngr. Md. Jamal Uddin Rayhan
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
Quick-Start-UNIX.pdf
Quick-Start-UNIX.pdfQuick-Start-UNIX.pdf
Quick-Start-UNIX.pdfHODCA1
 
12c-install.pdf
12c-install.pdf12c-install.pdf
12c-install.pdfHODCA1
 

More Related Content

Similar to 5db-security.pdf

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Database security 12.pdf
Database security 12.pdfDatabase security 12.pdf
Database security 12.pdfShajanShajan2
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxExcel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxgitagrimston
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxglendar3
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxtodd581
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Chapter14 -- networking security
Chapter14 -- networking securityChapter14 -- networking security
Chapter14 -- networking securityRaja Waseem Akhtar
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Running head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxRunning head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 

Similar to 5db-security.pdf (20)

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
Database security 12.pdf
Database security 12.pdfDatabase security 12.pdf
Database security 12.pdf
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxExcel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
 
Comparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptxComparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptx
 
OPERATING SYSTEM
OPERATING SYSTEMOPERATING SYSTEM
OPERATING SYSTEM
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
Chapter14 -- networking security
Chapter14 -- networking securityChapter14 -- networking security
Chapter14 -- networking security
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
 
Running head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxRunning head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docx
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 

More from HODCA1

Quick-Start-UNIX.pdf
Quick-Start-UNIX.pdfQuick-Start-UNIX.pdf
Quick-Start-UNIX.pdfHODCA1
 
12c-install.pdf
12c-install.pdf12c-install.pdf
12c-install.pdfHODCA1
 
mariadb-platform-high-availability-guide_whitepaper_1001.pdf
mariadb-platform-high-availability-guide_whitepaper_1001.pdfmariadb-platform-high-availability-guide_whitepaper_1001.pdf
mariadb-platform-high-availability-guide_whitepaper_1001.pdfHODCA1
 
D79232GC10_les01.ppt
D79232GC10_les01.pptD79232GC10_les01.ppt
D79232GC10_les01.pptHODCA1
 
rac_for_beginners_ppt.pdf
rac_for_beginners_ppt.pdfrac_for_beginners_ppt.pdf
rac_for_beginners_ppt.pdfHODCA1
 
ordbms.ppt
ordbms.pptordbms.ppt
ordbms.pptHODCA1
 
1DATABASE.pptx
1DATABASE.pptx1DATABASE.pptx
1DATABASE.pptxHODCA1
 
Oracle Instance Architecture.ppt
Oracle Instance Architecture.pptOracle Instance Architecture.ppt
Oracle Instance Architecture.pptHODCA1
 
agile_tutorial.pdf
agile_tutorial.pdfagile_tutorial.pdf
agile_tutorial.pdfHODCA1
 

More from HODCA1 (9)

Quick-Start-UNIX.pdf
Quick-Start-UNIX.pdfQuick-Start-UNIX.pdf
Quick-Start-UNIX.pdf
 
12c-install.pdf
12c-install.pdf12c-install.pdf
12c-install.pdf
 
mariadb-platform-high-availability-guide_whitepaper_1001.pdf
mariadb-platform-high-availability-guide_whitepaper_1001.pdfmariadb-platform-high-availability-guide_whitepaper_1001.pdf
mariadb-platform-high-availability-guide_whitepaper_1001.pdf
 
D79232GC10_les01.ppt
D79232GC10_les01.pptD79232GC10_les01.ppt
D79232GC10_les01.ppt
 
rac_for_beginners_ppt.pdf
rac_for_beginners_ppt.pdfrac_for_beginners_ppt.pdf
rac_for_beginners_ppt.pdf
 
ordbms.ppt
ordbms.pptordbms.ppt
ordbms.ppt
 
1DATABASE.pptx
1DATABASE.pptx1DATABASE.pptx
1DATABASE.pptx
 
Oracle Instance Architecture.ppt
Oracle Instance Architecture.pptOracle Instance Architecture.ppt
Oracle Instance Architecture.ppt
 
agile_tutorial.pdf
agile_tutorial.pdfagile_tutorial.pdf
agile_tutorial.pdf
 

Recently uploaded

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsVlad Stirbu
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform EngineeringJemma Hussein Allen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 

5db-security.pdf

  • 2. Introduction Most DBMS did not have a secure mechanisms for authentication and encryption until recently. DBA is required to have an additional skill-that of implementing security policies that protect one of the most valuable assets of company-its data. Database Security is degree to which all data is fully protected from tampering and unauthorized acts.
  • 4. Three Key Objectives Confidentiality Data confidentiality Privacy Integrity Data integrity System integrity Availability
  • 5. Confidentiality Addresses two aspects First aspect is prevention of unauthorized individuals from accessing secret information. Second aspect is process of safe guarding confidential information and disclosing secret information only to authorized individuals by means of classifying information
  • 7. Integrity Consistent and valid data Data is considered to have integrity if it is accurate and has been tampered with intentionally or accidentally.
  • 8. Degradation of data integrity Invalid data Redundant Data (lead to inconsistency and data anomalies) Inconsistent data (redundant data resides in several places, is not identical) Data Anomalies (occurs when one occurrence of the repeated data is changed and the other occurrences are not)
  • 9. Degradation of data integrity Data read inconsistency (data changes that are made by the user are visible to others before changes are committed; indicates user does not always read the last committed data) Data non concurrency
  • 10. Availability System should be available to individuals who are authorized to access the information.
  • 11. Database security access points A security access point is place where database security must be protected and applied. People (secure data within the DB against violations caused by people) Applications (when granting security privileges to applications, be cautious, permissions shouldn’t too loose/too restrictive) Network
  • 12. Database security access points OS (gateway to data, security credentials must be verified) DBMS Data Files (make use of encryption and permissions to protect data files belonging to database) Data
  • 13. Data Integrity violation process Security Access points Are unprotected Data Integrity Violation Process of security gap resulting in security breach
  • 14. Data Integrity violation process Security gaps are points at which security is missing, and thus system is vulnerable. Vulnerability is state in which an object can potentially be affected by a force or another object or even a situation but not necessarily is or will be. Threat is defined as security risk that has high possibility of becoming a system breach.
  • 16. Database Security Levels VIEW database object is stored query that returns columns and rows from selected tables. Data provided by view object is protected by database system functionality that allows schema owners to grant or revoke privileges. Data files in which data resides are protected by database and that protection is enforced by OS file permissions. Finally database is secured by DBMS (through accounts and password mechanism, privileges, permissions to few)
  • 17. Menaces to Databases Security Vulnerability Security Threat (security violation that can happen any time because of security vulnerability) Security Risk (A known security gap that company intentionally leaves open)
  • 18. Types of Vulnerabilities Susceptible to attack Intruders, attackers exploit in our environment to start their attacks. Hackers usually explore the weak points of a system until they gain entry through gap in protection.
  • 19. Types of Vulnerabilities Installation and configuration (results from default installation/configuration which is known publicly and we don’t enforce any security measures) User mistakes (due to carelessness in implementing procedures) Software (found in commercial softwares, patches not applied) Design and implementation (due to improper software analysis, design as well as coding deficiencies)
  • 20. Types of Threats People (people intentionally/unitentionally inflict damage, e.g. hackers,terrorists) Malicious code (software code that is intentionally written to damage the components, e.g. viruses) Natural disasters Technological disasters (malfunction in equipment, e.g. network failure, hardware failure)
  • 22. Types of Risks People (loss of people who are vital components of DB, e.g. due to resignation) Hardware (results in hardware unavailability, down due to failure, malfunction) Data (data loss, corruption) Confidence (loss of public confidence in data produced by company)
  • 23. Asset Types and their values Physical Assets (hardware, cars) Logical Assets (purchased softwares, OS, DB) Intangible Assets (business reputation, confidence) Human Assets (human skills, knowledge)
  • 24. Security Methods People a.Security policies & procedures b.Process of identification and authentication c. Training courses on importance of security d.Physical limits on access to hardware and documents
  • 25. Security Methods Applications a.Authentication of users who access b.Business rules c. Single sign on ( signing on once for different applications)
  • 28. Security Methods DBMS a.Authentication b.Audit Mechanisms c. Database resource limits d.Password Policy
  • 29. Security Methods Data Files a.File Permissions b.Access Monitoring Data a.Validation b.Data access c. Encryption d.Data constraints
  • 30. Database Security Methodology Identification (investigation of resources reqd., policies to be adopted) Assessment (analysis of vulnerabilities, threats and risks) Design (blueprint of adopted security model) Implementation (code developed, tools purchased) Evaluation (testing system against attacks, failures, disasters) Auditing