Uploaded byRabiaIftikhar10
PPT, PDF349 views

Database Security

Databases store an organization's logically related data in tables with rows and columns. They hold important customer, employee, and financial information. Ensuring database security and restricting access to authorized users only is important for protecting sensitive information and the organization. Common database security threats include weak passwords, SQL injection attacks, and excessive access privileges. Organizations must implement strong authentication, authorization, and encryption to protect private data in databases from theft or misuse.

Software
In this document
Powered by AI

Introduction to databases as collections of related data organized in a structured format.

Highlighting the sensitivity of database information, including customer and financial data, and their security.

Control user access to sensitive data, ensuring that unauthorized users are restricted from sensitive areas.

Listing key security threats: weak passwords, SQL injection, user privileges, and data management issues.

Examining security loopholes that hackers exploit and measures to prevent these vulnerabilities.

Discusses the implications of unauthorized access to sensitive information leading to identity theft.

Legislative requirements for encrypting sensitive data to prevent theft, alongside examples of weak encryption.

Password-based and challenge-response authentication systems, emphasizing the importance of protecting data privacy.

Traits of good encryption techniques, emphasizing ease of use for authorized users and security against intrusions.

Embed presentation

Download to read offline
Database  Database is the collection of logically related data that satisfy the needs of an organization.  Data is organized into rows, columns and tables.  Data gets updated, expanded and deleted as new information is added.  Databases hold the backbone of an organization.
Database security  Databases often contain extremely sensitive information that must be protected from security vulnerabilities and exploits.  It contain customers, employee info, financial data for both the company and its customers, and much more are all held in databases.  Database security and integrity are important aspects of an organization’s security.
Database Security  It is not desirable for all users to see the entire logical model.  Security considerations may require that certain data be hidden from users.  To do so, applications must authenticate users, and ensure that users are only allowed to carry out authorized tasks.
 For example, in a university, payroll personnel need to see only that part of the database that has financial information. For example,  SELECT ID, name, dept name FROM instructor
• According to technology Application Security, the following are the top 10 threats related to databases: • Default or weak passwords, SQL injection, Excessive user and group privileges, Unnecessary DBMS features enabled, Broken configuration management, Buffer overflows, Privilege escalation, Denial of service, Un-patched RDBMS, Unencrypted data, Privacy
Security Loopholes  In this section, we first describe several security loopholes that can permit hackers to carry out actions.  The authentication and authorization carried out by the application, and explain how to prevent such loopholes.
 Many databases today store sensitive customer information, such as credit card numbers, names, fingerprints, signatures, and identification numbers such as, social-security numbers.  A criminal who gets access to such data can use it for a variety of illegal activities such as purchasing goods using a credit-card number, or even acquiring a credit card in someone else’s name.
 Organizations such as credit-card companies use knowledge of personal information as a way of identifying who is requesting a service or goods.  Leakage of such personal information allows a criminal to impersonate someone else and get access to service or goods; such impersonation is referred to as identity theft.
Encrypted  Thus, applications that store such sensitive data must take great care to protect them from theft.  To reduce the chance of sensitive information being acquired by criminals, many countries and states today require by law that any database storing such sensitive information must store the information in an encrypted form.
 There are a vast number of techniques for the encryption of data. Simple encryption techniques may not provide adequate security, since it may be easy for an unauthorized user to break the code.  As an example of a weak encryption technique, consider the substitution of each character with the next character in the alphabet. Thus, Perry ridge Becomes Qfsszsjehf.
 Password-based authentication is used widely by operating systems as well as databases.  A more secure scheme involves a challenge– response system. The database system sends a challenge string to the user.  The user encrypts the challenge string using a secret password as encryption key and then returns the result.  Encryption of certain sensitive data stored in databases is a legal requirement in many countries and states.
 Apattention to security, to prevent attacks such as SQL injection attacks and cross-site scripting attacks  Aplication developers must pay careful Protecting the privacy of data is an important task for database applications.
Properties  A good encryption technique has the following properties:  It is relatively simple for authorized users to encrypt and decrypt data.  It depends on the algorithm called the encryption key, which is used to encrypt data.  Its decryption key is extremely difficult for an intruder to determine, even if the intruder has access to encrypted data.
Database Security

More Related Content

PPTX
2 phase locking protocol DBMS
byDhananjaysinh Jhala
 
PPT
Database security
byCAS
 
PPT
key distribution in network security
bybabak danyal
 
PPTX
Acid properties
byAbhilasha Lahigude
 
PPTX
Data cube computation
byRashmi Sheikh
 
PPTX
Database recovery
byVritti Malhotra
 
PPTX
Concurrency control
bySoumyajit Dutta
 
PPTX
Memory forensics.pptx
by9905234521
 
2 phase locking protocol DBMS
byDhananjaysinh Jhala
 
Database security
byCAS
 
key distribution in network security
bybabak danyal
 
Acid properties
byAbhilasha Lahigude
 
Data cube computation
byRashmi Sheikh
 
Database recovery
byVritti Malhotra
 
Concurrency control
bySoumyajit Dutta
 
Memory forensics.pptx
by9905234521
 

What's hot

PPT
16. Concurrency Control in DBMS
bykoolkampus
 
PPTX
Lock based protocols
byChethanMp7
 
PPT
2. Entity Relationship Model in DBMS
bykoolkampus
 
PPT
Abstract data types
byPoojith Chowdhary
 
PDF
Data security and Integrity
byZaid Shabbir
 
PPTX
Dbms 4NF & 5NF
bySoham Kansodaria
 
PPT
Data structures using c
byProf. Dr. K. Adisesha
 
PPTX
B+ Tree
byMujahid Hussain Jalbani
 
PPTX
Sql queries presentation
byNITISH KUMAR
 
PPT
RC4&RC5
byMohamed El-Serngawy
 
PPT
Transaction management and concurrency control
byDhani Ahmad
 
PPTX
Unit 2 oracle9i
byDrkhanchanaR
 
PPT
17. Recovery System in DBMS
bykoolkampus
 
PPTX
Double DES & Triple DES
byHemant Sharma
 
PPTX
Introduction to data structure
byNUPOORAWSARMOL
 
PPTX
DBMS Integrity rule
byGirdharRatne
 
PPTX
Entity (types, attibute types)
byZaheer Soomro
 
PPT
concurrency-control
bySaranya Natarajan
 
PPTX
Transaction management DBMS
byMegha Patel
 
PPTX
Log based and Recovery with concurrent transaction
bynikunjandy
 
16. Concurrency Control in DBMS
bykoolkampus
 
Lock based protocols
byChethanMp7
 
2. Entity Relationship Model in DBMS
bykoolkampus
 
Abstract data types
byPoojith Chowdhary
 
Data security and Integrity
byZaid Shabbir
 
Dbms 4NF & 5NF
bySoham Kansodaria
 
Data structures using c
byProf. Dr. K. Adisesha
 
B+ Tree
byMujahid Hussain Jalbani
 
Sql queries presentation
byNITISH KUMAR
 
RC4&RC5
byMohamed El-Serngawy
 
Transaction management and concurrency control
byDhani Ahmad
 
Unit 2 oracle9i
byDrkhanchanaR
 
17. Recovery System in DBMS
bykoolkampus
 
Double DES & Triple DES
byHemant Sharma
 
Introduction to data structure
byNUPOORAWSARMOL
 
DBMS Integrity rule
byGirdharRatne
 
Entity (types, attibute types)
byZaheer Soomro
 
concurrency-control
bySaranya Natarajan
 
Transaction management DBMS
byMegha Patel
 
Log based and Recovery with concurrent transaction
bynikunjandy
 

Similar to Database Security

PPTX
Database security
bySoftware Engineering
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
PPTX
Database security in database management.pptx
byFarhanaMariyam1
 
PDF
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
PPTX
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
PDF
uu (2).pdf
byuzairAsif268
 
PPT
DBSecurity-Overview.ppt
byuzairAsif268
 
PPT
DBSecurity-Overview database securityPPT
byPriyankaPatil919748
 
PPTX
Unit 2 - Chapter 7 (Database Security).pptx
bySakshiGawde6
 
PPTX
Database security
byMaryamAsghar9
 
PPTX
Database security
byArpana shree
 
PPTX
203135 Muhammad Usama.pptx
bymuhammadusama257191
 
PPTX
Database security and security in networks
byPrachi Gulihar
 
PPTX
Database Security Management
byAhsin Yousaf
 
PPT
Dstca
byajay vj
 
PPTX
Database security
byZubair Rahim
 
PPTX
47890finalpresentation-180407201958.pptx
byNareenAsad
 
PPTX
Database Security And Authentication
bySudeb Das
 
PPTX
DBMS SECURITY
byWasim Raza
 
PPTX
Data base security & integrity
byPooja Dixit
 
Database security
bySoftware Engineering
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
Database security in database management.pptx
byFarhanaMariyam1
 
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
uu (2).pdf
byuzairAsif268
 
DBSecurity-Overview.ppt
byuzairAsif268
 
DBSecurity-Overview database securityPPT
byPriyankaPatil919748
 
Unit 2 - Chapter 7 (Database Security).pptx
bySakshiGawde6
 
Database security
byMaryamAsghar9
 
Database security
byArpana shree
 
203135 Muhammad Usama.pptx
bymuhammadusama257191
 
Database security and security in networks
byPrachi Gulihar
 
Database Security Management
byAhsin Yousaf
 
Dstca
byajay vj
 
Database security
byZubair Rahim
 
47890finalpresentation-180407201958.pptx
byNareenAsad
 
Database Security And Authentication
bySudeb Das
 
DBMS SECURITY
byWasim Raza
 
Data base security & integrity
byPooja Dixit
 

Recently uploaded

PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PDF
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
PDF
One Agent to Rule Them All - The Fellowship of AI Agents
byIvo Andreev
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PPTX
AI Agent Overview - Why we need AI Agent
byAlokGope
 
PPTX
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
PDF
Solved First Semester B.C.A. C Programming Question Paper – Jan/Feb 2025
byKuvempu University
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PPTX
Custom chat gpt integration services.pptx
byChetu
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
PPTX
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PDF
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
PDF
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PPTX
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PPTX
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
One Agent to Rule Them All - The Fellowship of AI Agents
byIvo Andreev
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
AI Agent Overview - Why we need AI Agent
byAlokGope
 
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
Solved First Semester B.C.A. C Programming Question Paper – Jan/Feb 2025
byKuvempu University
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
Custom chat gpt integration services.pptx
byChetu
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
Coding Assessment Tools .pdf
byCodexpro
 
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 

Database Security

  • 1.
    Database  Database isthe collection of logically related data that satisfy the needs of an organization.  Data is organized into rows, columns and tables.  Data gets updated, expanded and deleted as new information is added.  Databases hold the backbone of an organization.
  • 2.
    Database security  Databasesoften contain extremely sensitive information that must be protected from security vulnerabilities and exploits.  It contain customers, employee info, financial data for both the company and its customers, and much more are all held in databases.  Database security and integrity are important aspects of an organization’s security.
  • 3.
    Database Security  Itis not desirable for all users to see the entire logical model.  Security considerations may require that certain data be hidden from users.  To do so, applications must authenticate users, and ensure that users are only allowed to carry out authorized tasks.
  • 4.
     For example,in a university, payroll personnel need to see only that part of the database that has financial information. For example,  SELECT ID, name, dept name FROM instructor
  • 5.
    • According totechnology Application Security, the following are the top 10 threats related to databases: • Default or weak passwords, SQL injection, Excessive user and group privileges, Unnecessary DBMS features enabled, Broken configuration management, Buffer overflows, Privilege escalation, Denial of service, Un-patched RDBMS, Unencrypted data, Privacy
  • 6.
    Security Loopholes  Inthis section, we first describe several security loopholes that can permit hackers to carry out actions.  The authentication and authorization carried out by the application, and explain how to prevent such loopholes.
  • 7.
     Many databasestoday store sensitive customer information, such as credit card numbers, names, fingerprints, signatures, and identification numbers such as, social-security numbers.  A criminal who gets access to such data can use it for a variety of illegal activities such as purchasing goods using a credit-card number, or even acquiring a credit card in someone else’s name.
  • 8.
     Organizations suchas credit-card companies use knowledge of personal information as a way of identifying who is requesting a service or goods.  Leakage of such personal information allows a criminal to impersonate someone else and get access to service or goods; such impersonation is referred to as identity theft.
  • 9.
    Encrypted  Thus, applicationsthat store such sensitive data must take great care to protect them from theft.  To reduce the chance of sensitive information being acquired by criminals, many countries and states today require by law that any database storing such sensitive information must store the information in an encrypted form.
  • 10.
     There area vast number of techniques for the encryption of data. Simple encryption techniques may not provide adequate security, since it may be easy for an unauthorized user to break the code.  As an example of a weak encryption technique, consider the substitution of each character with the next character in the alphabet. Thus, Perry ridge Becomes Qfsszsjehf.
  • 11.
     Password-based authenticationis used widely by operating systems as well as databases.  A more secure scheme involves a challenge– response system. The database system sends a challenge string to the user.  The user encrypts the challenge string using a secret password as encryption key and then returns the result.  Encryption of certain sensitive data stored in databases is a legal requirement in many countries and states.
  • 12.
     Apattention tosecurity, to prevent attacks such as SQL injection attacks and cross-site scripting attacks  Aplication developers must pay careful Protecting the privacy of data is an important task for database applications.
  • 13.
    Properties  A goodencryption technique has the following properties:  It is relatively simple for authorized users to encrypt and decrypt data.  It depends on the algorithm called the encryption key, which is used to encrypt data.  Its decryption key is extremely difficult for an intruder to determine, even if the intruder has access to encrypted data.