More Related Content
What's hot
What's hot (20)
Similar to Database security
Similar to Database security (20)
Recently uploaded
Recently uploaded (20)
Database security
- 2. Introduction Database: It is a collection Of information stored in a Computer. What is Security ? It is being free from danger. Database security It is mechanism that protect the database against intentional or accidental threats.
- 3. Why need of database Security? If there is no security to database What Happens ??? Data will be easily corrupted It is important to restrict access to the database from authorized users to protect sensitive data.
- 5. Main aspects of database security Theft and Fraud Loss of confidentiality Loss of privacy Loss of integrity Loss of availability
- 6. Threats Threat is any intentional or accidental event that may adversely affect the system Examples of threats: - Using another person’s log-in name to access data - Unauthorized copying data - Program/Data alteration - Illegal entry by hacker -Viruses
- 7. There are two kinds of threat Non-fraudulent threat: Natural or accidental disasters Error or bugs in hardware or software. Human errors Fraudulent threat. Authorized Users Those who abuse their authority. Hostile agents Those improper users(outsider or insiders). Who attack the software and hardware system, or read or write data in a database.
- 8. Loss of confidentiality It is protecting data from unauthorized users. Ensures that the users are allowed to do things they are trying to do. Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read data.
- 9. Loss of integrity It is protecting data from unauthorized users. Ensures that what users are trying to do is correct. For example An employee should be able to modify his or her own information
- 10. Loss of availability Database must have not unplanned downtime. To ensure this following steps should be taken. Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessions made available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.
- 11. Countermeasures Computer-Based Controls: - Authorization -Views - Backup and Recovery - Integrity - Encryption - RAID Technology
- 12. Authorization The granting of a privilege that enable a user to have a legitimate access to a system. They are sometimes referred as access controls. The process of authorization involves authenticating the user requesting access to objects.
- 13. Authenticating A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.
- 14. Closed Vs Open Systems Closed Systems: Some DBMS required authorization for authorized DBMS users to access specific objects. Open Systems: Allow users to have complete access to all objects within the database.
- 15. Views The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. The user is not aware of the existence of any attributes or rows that are missing from the view
- 16. Backup & Recovery Is the process of periodically taking a copy of the database and log file on to offline storage media. DBMS should provide backup facilities to assist with the recovery of a database failure.
- 17. Integrity Maintaining a secure database system by preventing data from becoming invalid.
- 18. Encryption The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key. It also protects the data transmitted over communication lines.
- 19. RAID Redundant Array of Independent Disks The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. One solution is the use of RAID technology. RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.