SlideShare a Scribd company logo

Chapter 11Database Control Issues Security, Backup an.docx

Download as DOCX, PDF
K
keturahhazelhurst

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency BLCN-534: Fundamentals of Database Systems Chapter ObjectivesList the major data control issues handled by database management systems. List and describe the types of data security breaches. List and describe the types of data security measures.Describe the concept of backup and recovery. Describe the major backup and recovery techniques. Explain the problem of disaster recovery. Describe the concept of concurrency control. Describe such concurrency control issues and measures as the lost update problem, locks and deadlock, and versioning. 11-* Database Control IssuesDifferent corporate resources have different management requirements.Money must be protected from theftEquipment must be secured against misuseBuildings may require security guards Data is a corporate resource and has its own peculiar concerns, which we call database control issues.Data securityBackup and recoveryConcurrency control 11-* Database Control IssuesData Security - protecting the data from theft, from malicious destruction, from unauthorized updating, etc. Backup and Recovery - having procedures in place to recreate data that has been lost, for any reason. Concurrency Control - problems that can occur when two or more transactions or users attempt to update a piece of data simultaneously. 11-* The Importance of Data SecurityGood data security is absolutely critical to every company and organization. A data security breach can dramatically affect a company’s ability to continue normal functioning. Customer data, which, for example, can be financial, medical, or legal in nature, must be carefully guarded. 11-* Types of Data Security BreachesUnauthorized Data Access - someone obtains data that she is not authorized to see. Unauthorized Data or Program Modification - someone changes the value of stored data that they are not entitled to change. Malicious Mischief - someone can corrupt or even erase some of a company’s data; hardware can be damaged, making data unusable. 11-* Methods of Breaching Data Security 11-* Methods of Breaching Data SecurityUnauthorized Computer AccessIntercepting Data CommunicationsStealing Disks or ComputersComputer VirusesDamaging Computer Hardware 11-* Unauthorized Computer AccessBy “hacking” or gaining access from outside of the company.Some hackers are software experts.Some hackers have stolen identification names and passwords and can enter a computer looking like legitimate users. Legitimate users, e.g., employees stealing data 11-* Intercepting Data Communications “Wiretapping” Data can be stolen while it is being transmitted. Twisted-pair telephone wire or coaxial cable can be tapped. Data bounced off satellites may be intercepted. Light pulses with fiber-optic transmission cannot be easily tapped. 11-* Stealing Disks or Computers Flash Disks, and CDs all have the potential of being stolen. Laptop computers can be stolen. ...

Education
1 of 16
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency BLCN-534: Fundamentals of Database Systems Chapter ObjectivesList the major data control issues handled by database management systems. List and describe the types of data security breaches. List and describe the types of data security measures.Describe the concept of backup and recovery. Describe the major backup and recovery techniques. Explain the problem of disaster recovery. Describe the concept of concurrency control. Describe such concurrency control issues and measures as the lost update problem, locks and deadlock, and versioning. 11-* Database Control IssuesDifferent corporate resources have different management requirements.Money must be protected from theftEquipment must be secured against misuseBuildings may require security guards Data is a corporate resource and has its own peculiar concerns, which we call database control issues.Data securityBackup and recoveryConcurrency control
11-* Database Control IssuesData Security - protecting the data from theft, from malicious destruction, from unauthorized updating, etc. Backup and Recovery - having procedures in place to recreate data that has been lost, for any reason. Concurrency Control - problems that can occur when two or more transactions or users attempt to update a piece of data simultaneously. 11-* The Importance of Data SecurityGood data security is absolutely critical to every company and organization. A data security breach can dramatically affect a company’s ability to continue normal functioning. Customer data, which, for example, can be financial, medical, or legal in nature, must be carefully guarded. 11-* Types of Data Security BreachesUnauthorized Data Access - someone obtains data that she is not authorized to see. Unauthorized Data or Program Modification - someone changes the value of stored data that they are not entitled to change. Malicious Mischief - someone can corrupt or even erase some of a company’s data; hardware can be damaged, making data unusable. 11-*
Methods of Breaching Data Security 11-* Methods of Breaching Data SecurityUnauthorized Computer AccessIntercepting Data CommunicationsStealing Disks or ComputersComputer VirusesDamaging Computer Hardware 11-* Unauthorized Computer AccessBy “hacking” or gaining access from outside of the company.Some hackers are software experts.Some hackers have stolen identification names and passwords and can enter a computer looking like legitimate users. Legitimate users, e.g., employees stealing data 11-* Intercepting Data Communications “Wiretapping” Data can be stolen while it is being transmitted. Twisted-pair telephone wire or coaxial cable can be tapped. Data bounced off satellites may be intercepted. Light pulses with fiber-optic transmission cannot be easily tapped. 11-*
Stealing Disks or Computers Flash Disks, and CDs all have the potential of being stolen. Laptop computers can be stolen. Even desktop computers have been stolen from company offices. 11-* Computer VirusesA malicious piece of software that is capable of copying itself and “spreading” from computer to computer on diskettes and through telecommunications lines. Computer viruses that travel along data communications lines are also called worms. 11-* Damaging Computer HardwareMight be either deliberate or accidental.FiresCoffee spillsHurricanesDisgruntled or newly fired employees with hammers or whatever other hard objects were handy. 11-* Types of Data Security Measures 11-* Physical Security of Company PremisesDon’t put the computer
in the basement because of the possibility of floods. Don’t put the computer on the ground floor because of the possibility of a truck driving into the building, accidentally or on purpose. 11-* Physical Security of Company Premises Don’t put the computer above the eighth floor because that’s as high as fire truck ladders can reach. Don’t put the computer on the top floor of the building because it is subject to helicopter landing and attack. 11-* Physical Security of Company PremisesIf you occupy at least three floors of the building, don’t put the computer on your topmost floor because its ceiling is another company’s floor, and don’t put the computer on your bottommost floor because its floor is another company’s ceiling. 11-* Physical Security of Company PremisesWhatever floor you put the computer on, keep it in an interior space away from the windows. 11-* Physical Security: Limit AccessAccess should be limited to those people who have a legitimate need to be in the computer
room.Control access to the room. 11-* Physical Security: Access to RoomRequire something people know, such as a secret code to be punched in.Require people have something, such as a magnetic stripe card, possibly combined with a secret code.Use some human part that can be measured or scanned. These biometric systems can be based on fingerprints, the dimensions and positions of facial features, retinal blood vessel patterns, or voice patterns. 11-* Controlled Access to the Computer SystemFirst line of defense:Identification tagPassword 11-* PasswordMust be kept secret.Must be changed periodically.Must not be written down.Should not appear on the terminal screen when typed.Should be user-created. 11-* Access to the DatabaseRestrict access to specific data so that only specific people can retrieve or modify it.Some systems have such controls in the operating system or in other utility software.An additional layer of passwords may also be introduced. 11-*
Access to the DatabaseAt the DBMS level a user cannot simply access any data he wants to; users have to be given explicit authorization to access data.Use views (CREATE VIEW)Use SQL GRANT command. 11-* The SQL GRANT Command GRANT privileges ON (view or table) TO users [ WITH GRANT OPTION]. GRANT SELECT ON SALESPERSON TO GLENN; 11-* Data Encryption Data is changed, bit-by-bit or character-by-character, into a form that looks totally garbled. Data can be stored, transmitted, etc. encrypted. To be used, data must be decrypted. 11-* Data EncryptionEncryption generally involves a data conversion algorithm and a secret key.The recipient must be aware of both the algorithm and the secret key so that it can work the algorithm in reverse and decrypt the data. 11-*
Data Encryption TechniquesSymmetric or private key encryptionAsymmetric or public key encryption 11-* Symmetric EncryptionRequire the same long bit-by-bit key for encrypting and decrypting the data.Transmitting the private key may compromise the key. 11-* Asymmetric EncryptionUses two different keys:Public key - used for encrypting the dataPrivate key - used for decrypting the dataProcess tends to be slower than symmetric encryption. 11-* SSL TechnologySecure Socket LayerA combination of private key and public key encryption.Used on the World Wide Web. 11-* SSL - Usage ExampleA person at home who wants to buy something from an online store.Her PC and its WWW browser are the client.The online store’s computer is the server. 11-*
SSL - Usage ExampleBoth sides want to conduct the secure transaction using private key technology.They have the problem of one side picking a private key and getting it to the other side in a secure manner.How do they do it? 11-* SSL - Usage ExampleThe client contacts the serverThe server sends the client its public key for its public key algorithm.No one cares if this public key is stolen.The client, using a random number generator, creates a “session key.”the key for the private key algorithm with which the secure transaction will be conducted 11-* SSL - Usage Example The problem: How is the client going to securely transmit the session key it generated to the server, since both must have it to use the private key algorithm for the transaction? 11-* SSL - Usage ExampleThe client is going to send the session key to the server securely, using a public key algorithm and the server’s public key.The client encrypts the session key using the server’s public keyThe client transmits the encrypted session key to the server with the public key algorithm. 11-* SSL - Usage ExampleOnce the session key has been securely
transmitted to the server, both the client and the server have it and the secure transaction can proceed using the private key algorithm. 11-* Antivirus SoftwareUsed to combat computer viruses.Two basic methods:Virus signatures - portions of the virus code that are considered to be unique to it. Monitoring - software constantly monitors the computer environment to watch for requests or commands for any unusual activity. 11-* FirewallsSoftware or a combination of hardware and software that protects a company’s computer and its data against external attack via data communications lines.Different kinds of firewalls. 11-* Firewall: Proxy ServerA firewall that is a combination of hardware and software.The proxy server takes apart the incoming message, extracts the legitimate pieces of data, reformats the data for the company’s mainframe, and passes the data on to the company’s main computer. 11-* Training Employees in Good Security PracticesLog off your computer or at least lock your office door when you leave your
office.Don’t write your computer password down anywhere.Don’t respond to any unusual requests for information about the computer system from anyone over the telephone. 11-* Training Employees in Good Security PracticesDon’t leave flash disks or other storage media lying around your office.Don’t take flash disks or other storage media out of the building.Don’t assume that a stranger in the building is there legitimately without checking. 11-* Backup and RecoveryWe have to assume that from time to time something will go wrong with our data, and so we have to have the tools available to correct or reconstruct it. 11-* Backup Copies and JournalsTwo basic but very important tasks:backing up the databasemaintaining a journal 11-* BackupOn a regularly scheduled basis, a company’s databases must be backed up or copied.The backup copy must be put in a safe place, away from the original in the computer system. 11-*
Maintaining a JournalTracks all changes that take place in the data.Updates to existing recordsInsertion of new recordsDeletion of existing recordsDoes not track read operations, because they do not change the data. 11-* Database LogStarted immediately after the data is backup up.Two types:Change log / before and after image logRecords data value before and after a changeTransaction logKeeps a record of the program that changed the data and all of the inputs that the program used. 11-* (Roll) Forward RecoveryAssume a database table has been lost.To recreate this table:Ready the last backup copy of the table.Ready the logRoll forward in the log, applying the changes that were made to the table since the last backup. 11-* Forward Recovery 11-* Change LogOnly the last one of the changes to the particular piece of data, which shows the value of this piece of data at the point that the table was destroyed, needs to be used in updating the database copy in the roll-forward operation. 11-*
Backward Recovery or RollbackSuppose that in the midst of normal operation an error is discovered that involves a piece of recently updated data.The discovered error, and all other changes that were made to the database since the error was discovered, must be backed out. 11-* Backward RecoveryStart with the database in its current state.The log is positioned at the last entry. 11-* Backward Recovery A recovery program proceeds backwards through the log, resetting each updated data value in the database to its “before image,” until it reaches the point where the error was made. 11-* Duplicate or Mirrored Databases Two copies of the entire database are maintained, and both are updated simultaneously. 11-* Duplicate or Mirrored Databases Advantage: If one system is destroyed, the applications that use the database can just keep on running with the duplicate
database. Disadvantage: This is a relatively expensive proposition. 11-* Disaster RecoveryRebuilding an entire information system or significant parts of one, after a catastrophic natural disaster such as:a hurricanea tornadoa earthquakea building collapsea major fire 11-* Being Prepared for Disaster RecoveryMaintain totally mirrored systems (not just databases) in different cities.Contract with a company that maintains hardware similar to yours (a hot site) so that you can be up and running again quickly after a disaster.Build a computer center that is relatively disaster proof. 11-* Being Prepared for Disaster RecoveryMaintain space (a cold site) with electrical connections, air conditioning, etc., into which new hardware can be moved if need be.Make a reciprocal arrangement with another company with hardware similar to yours to aid each other in case one suffers a disaster. 11-* Concurrency ControlMany people using today’s applications systems will require access to the same data at the same time.Two or more users attempting to update some data
simultaneously will conflict. 11-* The Lost Update Problem 11-* Locks and DeadlockWhen a user begins an update operation on a piece of data, the DBMS locks that data. Any attempt to begin another update operation on that same piece of data will be blocked, or “locked out,” until the first update operation is completed and its lock on the data is released. 11-* LocksPrevents the Lost Update Problem.Granularity of lock can vary.Entire tableRecord levelEtc. 11-* DeadlockTwo or more transactions must each update the same, multiple pieces of data.They each wait endlessly for the other to release the data that each has already locked.Also called the deadly embrace. 11-* Deadlock 11-*
Handling DeadlockDeadlock PreventionDifficult to accomplish Deadlock DetectionAllow deadlock to occurDetect occurrenceAbort one of the deadlocked transactions 11-* VersioningDoes not involve locks at all.Each transaction is given a copy or “version” of the data that it needs for an update operation.Each transaction records its result in its own copy of the data.Then each transaction tries to update the actual database with its result. 11-* VersioningMonitoring software checks to see if there is a conflict between two or more transactions trying to update the same data at the same time.If there is, the software allows one of the transactions to update the database and makes the other(s) start over again. 11-*

Recommended

ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
Irsandi Hasan
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
Mohammad512578
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
ITExamAnswers.net
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
Intel IT Center
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
SYYULIANISKOMMT
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
Procore Technologies
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 

Recommended

ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
Irsandi Hasan
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
Mohammad512578
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
ITExamAnswers.net
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
Intel IT Center
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
SYYULIANISKOMMT
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
Procore Technologies
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Network Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptxNetwork Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptx
SamatarHussein
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
Khristine Botin
 
120019_top5_security
120019_top5_security120019_top5_security
120019_top5_security
Jessica Hirst
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
TI Safe
 
What is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdfWhat is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdf
federaleyecare
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
infosec train
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
LennartF
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
Sakamsivasankarreddy
 
Network Security 2016
Network Security 2016 Network Security 2016
Network Security 2016
Mukesh Pathak
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
Anne ndolo
 
Wireless security
Wireless securityWireless security
Wireless security
Nguyen Minh Thu
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
Srishti Ahuja
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
New internet security
New internet securityNew internet security
New internet security
university of mumbai
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
university of mumbai
 
Itc chapter # 11
Itc chapter # 11Itc chapter # 11
Itc chapter # 11
National university of modern languages
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
Divyank Jindal
 
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
keturahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx
keturahhazelhurst
 

More Related Content

Similar to Chapter 11Database Control Issues Security, Backup an.docx

120019_top5_security
120019_top5_security120019_top5_security
120019_top5_security
Jessica Hirst
 
What is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdfWhat is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdf
federaleyecare
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
Divyank Jindal
 

Similar to Chapter 11Database Control Issues Security, Backup an.docx (20)

Network Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptxNetwork Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptx
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
 
120019_top5_security
120019_top5_security120019_top5_security
120019_top5_security
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Cyber security
Cyber securityCyber security
Cyber security
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
What is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdfWhat is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdf
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
 
Network Security 2016
Network Security 2016 Network Security 2016
Network Security 2016
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Wireless security
Wireless securityWireless security
Wireless security
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
New internet security
New internet securityNew internet security
New internet security
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
Itc chapter # 11
Itc chapter # 11Itc chapter # 11
Itc chapter # 11
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 

More from keturahhazelhurst

1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx
keturahhazelhurst
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx
keturahhazelhurst
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx
keturahhazelhurst
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
keturahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
keturahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx
keturahhazelhurst
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx
keturahhazelhurst
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx
keturahhazelhurst
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx
keturahhazelhurst
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx
keturahhazelhurst
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx
keturahhazelhurst
 

More from keturahhazelhurst (20)

1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx
 
1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx
 
1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx
 
1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx
 
1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx
 
1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx
 
1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx
 
1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx
 
1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx
 

Recently uploaded

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sean M. Fox
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
中 央社
 
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
中 央社
 

Recently uploaded (20)

diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxPSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopale-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopal
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management
 
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 

Chapter 11Database Control Issues Security, Backup an.docx

  • 1. Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency BLCN-534: Fundamentals of Database Systems Chapter ObjectivesList the major data control issues handled by database management systems. List and describe the types of data security breaches. List and describe the types of data security measures.Describe the concept of backup and recovery. Describe the major backup and recovery techniques. Explain the problem of disaster recovery. Describe the concept of concurrency control. Describe such concurrency control issues and measures as the lost update problem, locks and deadlock, and versioning. 11-* Database Control IssuesDifferent corporate resources have different management requirements.Money must be protected from theftEquipment must be secured against misuseBuildings may require security guards Data is a corporate resource and has its own peculiar concerns, which we call database control issues.Data securityBackup and recoveryConcurrency control
  • 2. 11-* Database Control IssuesData Security - protecting the data from theft, from malicious destruction, from unauthorized updating, etc. Backup and Recovery - having procedures in place to recreate data that has been lost, for any reason. Concurrency Control - problems that can occur when two or more transactions or users attempt to update a piece of data simultaneously. 11-* The Importance of Data SecurityGood data security is absolutely critical to every company and organization. A data security breach can dramatically affect a company’s ability to continue normal functioning. Customer data, which, for example, can be financial, medical, or legal in nature, must be carefully guarded. 11-* Types of Data Security BreachesUnauthorized Data Access - someone obtains data that she is not authorized to see. Unauthorized Data or Program Modification - someone changes the value of stored data that they are not entitled to change. Malicious Mischief - someone can corrupt or even erase some of a company’s data; hardware can be damaged, making data unusable. 11-*
  • 3. Methods of Breaching Data Security 11-* Methods of Breaching Data SecurityUnauthorized Computer AccessIntercepting Data CommunicationsStealing Disks or ComputersComputer VirusesDamaging Computer Hardware 11-* Unauthorized Computer AccessBy “hacking” or gaining access from outside of the company.Some hackers are software experts.Some hackers have stolen identification names and passwords and can enter a computer looking like legitimate users. Legitimate users, e.g., employees stealing data 11-* Intercepting Data Communications “Wiretapping” Data can be stolen while it is being transmitted. Twisted-pair telephone wire or coaxial cable can be tapped. Data bounced off satellites may be intercepted. Light pulses with fiber-optic transmission cannot be easily tapped. 11-*
  • 4. Stealing Disks or Computers Flash Disks, and CDs all have the potential of being stolen. Laptop computers can be stolen. Even desktop computers have been stolen from company offices. 11-* Computer VirusesA malicious piece of software that is capable of copying itself and “spreading” from computer to computer on diskettes and through telecommunications lines. Computer viruses that travel along data communications lines are also called worms. 11-* Damaging Computer HardwareMight be either deliberate or accidental.FiresCoffee spillsHurricanesDisgruntled or newly fired employees with hammers or whatever other hard objects were handy. 11-* Types of Data Security Measures 11-* Physical Security of Company PremisesDon’t put the computer
  • 5. in the basement because of the possibility of floods. Don’t put the computer on the ground floor because of the possibility of a truck driving into the building, accidentally or on purpose. 11-* Physical Security of Company Premises Don’t put the computer above the eighth floor because that’s as high as fire truck ladders can reach. Don’t put the computer on the top floor of the building because it is subject to helicopter landing and attack. 11-* Physical Security of Company PremisesIf you occupy at least three floors of the building, don’t put the computer on your topmost floor because its ceiling is another company’s floor, and don’t put the computer on your bottommost floor because its floor is another company’s ceiling. 11-* Physical Security of Company PremisesWhatever floor you put the computer on, keep it in an interior space away from the windows. 11-* Physical Security: Limit AccessAccess should be limited to those people who have a legitimate need to be in the computer
  • 6. room.Control access to the room. 11-* Physical Security: Access to RoomRequire something people know, such as a secret code to be punched in.Require people have something, such as a magnetic stripe card, possibly combined with a secret code.Use some human part that can be measured or scanned. These biometric systems can be based on fingerprints, the dimensions and positions of facial features, retinal blood vessel patterns, or voice patterns. 11-* Controlled Access to the Computer SystemFirst line of defense:Identification tagPassword 11-* PasswordMust be kept secret.Must be changed periodically.Must not be written down.Should not appear on the terminal screen when typed.Should be user-created. 11-* Access to the DatabaseRestrict access to specific data so that only specific people can retrieve or modify it.Some systems have such controls in the operating system or in other utility software.An additional layer of passwords may also be introduced. 11-*
  • 7. Access to the DatabaseAt the DBMS level a user cannot simply access any data he wants to; users have to be given explicit authorization to access data.Use views (CREATE VIEW)Use SQL GRANT command. 11-* The SQL GRANT Command GRANT privileges ON (view or table) TO users [ WITH GRANT OPTION]. GRANT SELECT ON SALESPERSON TO GLENN; 11-* Data Encryption Data is changed, bit-by-bit or character-by-character, into a form that looks totally garbled. Data can be stored, transmitted, etc. encrypted. To be used, data must be decrypted. 11-* Data EncryptionEncryption generally involves a data conversion algorithm and a secret key.The recipient must be aware of both the algorithm and the secret key so that it can work the algorithm in reverse and decrypt the data. 11-*
  • 8. Data Encryption TechniquesSymmetric or private key encryptionAsymmetric or public key encryption 11-* Symmetric EncryptionRequire the same long bit-by-bit key for encrypting and decrypting the data.Transmitting the private key may compromise the key. 11-* Asymmetric EncryptionUses two different keys:Public key - used for encrypting the dataPrivate key - used for decrypting the dataProcess tends to be slower than symmetric encryption. 11-* SSL TechnologySecure Socket LayerA combination of private key and public key encryption.Used on the World Wide Web. 11-* SSL - Usage ExampleA person at home who wants to buy something from an online store.Her PC and its WWW browser are the client.The online store’s computer is the server. 11-*
  • 9. SSL - Usage ExampleBoth sides want to conduct the secure transaction using private key technology.They have the problem of one side picking a private key and getting it to the other side in a secure manner.How do they do it? 11-* SSL - Usage ExampleThe client contacts the serverThe server sends the client its public key for its public key algorithm.No one cares if this public key is stolen.The client, using a random number generator, creates a “session key.”the key for the private key algorithm with which the secure transaction will be conducted 11-* SSL - Usage Example The problem: How is the client going to securely transmit the session key it generated to the server, since both must have it to use the private key algorithm for the transaction? 11-* SSL - Usage ExampleThe client is going to send the session key to the server securely, using a public key algorithm and the server’s public key.The client encrypts the session key using the server’s public keyThe client transmits the encrypted session key to the server with the public key algorithm. 11-* SSL - Usage ExampleOnce the session key has been securely
  • 10. transmitted to the server, both the client and the server have it and the secure transaction can proceed using the private key algorithm. 11-* Antivirus SoftwareUsed to combat computer viruses.Two basic methods:Virus signatures - portions of the virus code that are considered to be unique to it. Monitoring - software constantly monitors the computer environment to watch for requests or commands for any unusual activity. 11-* FirewallsSoftware or a combination of hardware and software that protects a company’s computer and its data against external attack via data communications lines.Different kinds of firewalls. 11-* Firewall: Proxy ServerA firewall that is a combination of hardware and software.The proxy server takes apart the incoming message, extracts the legitimate pieces of data, reformats the data for the company’s mainframe, and passes the data on to the company’s main computer. 11-* Training Employees in Good Security PracticesLog off your computer or at least lock your office door when you leave your
  • 11. office.Don’t write your computer password down anywhere.Don’t respond to any unusual requests for information about the computer system from anyone over the telephone. 11-* Training Employees in Good Security PracticesDon’t leave flash disks or other storage media lying around your office.Don’t take flash disks or other storage media out of the building.Don’t assume that a stranger in the building is there legitimately without checking. 11-* Backup and RecoveryWe have to assume that from time to time something will go wrong with our data, and so we have to have the tools available to correct or reconstruct it. 11-* Backup Copies and JournalsTwo basic but very important tasks:backing up the databasemaintaining a journal 11-* BackupOn a regularly scheduled basis, a company’s databases must be backed up or copied.The backup copy must be put in a safe place, away from the original in the computer system. 11-*
  • 12. Maintaining a JournalTracks all changes that take place in the data.Updates to existing recordsInsertion of new recordsDeletion of existing recordsDoes not track read operations, because they do not change the data. 11-* Database LogStarted immediately after the data is backup up.Two types:Change log / before and after image logRecords data value before and after a changeTransaction logKeeps a record of the program that changed the data and all of the inputs that the program used. 11-* (Roll) Forward RecoveryAssume a database table has been lost.To recreate this table:Ready the last backup copy of the table.Ready the logRoll forward in the log, applying the changes that were made to the table since the last backup. 11-* Forward Recovery 11-* Change LogOnly the last one of the changes to the particular piece of data, which shows the value of this piece of data at the point that the table was destroyed, needs to be used in updating the database copy in the roll-forward operation. 11-*
  • 13. Backward Recovery or RollbackSuppose that in the midst of normal operation an error is discovered that involves a piece of recently updated data.The discovered error, and all other changes that were made to the database since the error was discovered, must be backed out. 11-* Backward RecoveryStart with the database in its current state.The log is positioned at the last entry. 11-* Backward Recovery A recovery program proceeds backwards through the log, resetting each updated data value in the database to its “before image,” until it reaches the point where the error was made. 11-* Duplicate or Mirrored Databases Two copies of the entire database are maintained, and both are updated simultaneously. 11-* Duplicate or Mirrored Databases Advantage: If one system is destroyed, the applications that use the database can just keep on running with the duplicate
  • 14. database. Disadvantage: This is a relatively expensive proposition. 11-* Disaster RecoveryRebuilding an entire information system or significant parts of one, after a catastrophic natural disaster such as:a hurricanea tornadoa earthquakea building collapsea major fire 11-* Being Prepared for Disaster RecoveryMaintain totally mirrored systems (not just databases) in different cities.Contract with a company that maintains hardware similar to yours (a hot site) so that you can be up and running again quickly after a disaster.Build a computer center that is relatively disaster proof. 11-* Being Prepared for Disaster RecoveryMaintain space (a cold site) with electrical connections, air conditioning, etc., into which new hardware can be moved if need be.Make a reciprocal arrangement with another company with hardware similar to yours to aid each other in case one suffers a disaster. 11-* Concurrency ControlMany people using today’s applications systems will require access to the same data at the same time.Two or more users attempting to update some data
  • 15. simultaneously will conflict. 11-* The Lost Update Problem 11-* Locks and DeadlockWhen a user begins an update operation on a piece of data, the DBMS locks that data. Any attempt to begin another update operation on that same piece of data will be blocked, or “locked out,” until the first update operation is completed and its lock on the data is released. 11-* LocksPrevents the Lost Update Problem.Granularity of lock can vary.Entire tableRecord levelEtc. 11-* DeadlockTwo or more transactions must each update the same, multiple pieces of data.They each wait endlessly for the other to release the data that each has already locked.Also called the deadly embrace. 11-* Deadlock 11-*
  • 16. Handling DeadlockDeadlock PreventionDifficult to accomplish Deadlock DetectionAllow deadlock to occurDetect occurrenceAbort one of the deadlocked transactions 11-* VersioningDoes not involve locks at all.Each transaction is given a copy or “version” of the data that it needs for an update operation.Each transaction records its result in its own copy of the data.Then each transaction tries to update the actual database with its result. 11-* VersioningMonitoring software checks to see if there is a conflict between two or more transactions trying to update the same data at the same time.If there is, the software allows one of the transactions to update the database and makes the other(s) start over again. 11-*