This document discusses database security, threats, and countermeasures. It defines database security as protecting the confidentiality, integrity, and availability of database data. Common threats include unauthorized access, data corruption, and network issues. Countermeasures include access control, authorization, encryption, backups, and firewalls. Firewalls monitor network traffic to identify and block harmful queries. Encryption uses keys to securely store and decrypt data. Authorization controls user permissions. These controls help secure database data from both intentional and accidental threats.

1. Database Security, Threats &
Countermeasures
1
PREPARED BY : YourName
UniversityName, City, Country
EMAIL : YourEmailAddress

2. What is Database Security.?
DataBase
2
It is a collection of information stored in computer

3. What is Database Security.?
DataBase
It is a collection of information stored in computer
Security
3
It is being free from danger

4. What is Database Security.?
Database Security
It is the mechanism that protect the database against intentional or
accidental threats.
Or
Protection from malicious attempts to steal (view) or modify data.
DataBase
It is a collection of information stored in computer
Security
4
It is being free from danger

5. Security risk to database includes
5
• Bank Accounts
• Credit card, salary, income tax data
• University Admissions, marks/grades
• Land records, licences

6. What is Threats.?
6
Threats – Any situation or event, whether intentional or accidental, that may
adversely affect a system and consequently the organization.
• Computer System
• Databases

7. Threats
Hardware :
Fire/Flood/Bomb
Data corruption
due to power loss
7
DBMS & Application s/w :
Failure of security mechanism
giving greater access
Theft of program
Database :
Unauthorized access or
copying of data
Data corruption
Communication Networks :
Wire tapping
Breaking or disconnection of
cables

8. Definition of Database Security
Database security is defined as the process by which “Confidentiality, integrity, and
Availability” of the database can be protected.
8
Countermeasure
• Authorization
• Access Control
• Views
• Backup and Recovery
• Encryption
• RAID Technology

9. Database Security Concepts
9
Three main aspects :
• Confidentiality
• Integrity
• Availability
Threats to database :
• Loss of Integrity
• Loss of Availability
• Loss of Confidentiality

10. Confidentiality
• No one can read our data / communication unless we want them to
• It is protecting the database from unauthorized users.
• Ensures that users are allowed to do the things they are trying to do.
• For example :
• The employees should not see the salaries of their managers.
Data
10

11. Integrity
• No one can manipulate our data / processing / communication unless we want them
to
• Protecting the database from authorized users
• Ensures that what users are trying to do is correct
• For example :
• An employee should be able to modify his or her own information
Data
11

12. Availability
• We can access our data / conduct our processing / use our communication
capabilities when we want to
• Authorized users should be able to access data for legal purpose as necessary
• For example
• Payment orders regarding taxes should be made on time by the tax law
Data
Availability
12

13. Relationship between Confidentiality,
Integrity and Availability
Confidentiality
Integrity
Secure
Availability
Data
13

14. Methods for securing the Database
14
• Authorization – privileges, vies.
• Encryption – public key / private key, secure sockets.
• Authentication – passwords
• Logical – firewalls, net proxies.

15. Security of the database through
FIREWALLS
15
• A FIREWALL is dedicated software on another computer which inspects network
traffic passing through it and denies (or) permits passage based on set of rules.
• Basically it is a piece of software that monitors all traffic that goes from your system
to another via the internet or network and vice versa.
• Database FIREWALLS are type of Web Application Firewalls that monitor databases
to identify and protect against database specific attack that mostly seek to access
sensitive information stored in the database.

16. How database FIREWALL works
16
• The database firewalls includes a set of pre-defined, customizable security audit
policies and they can identify database attacks based on threat patterns called
signatures.
• The SQL input statements (or) queries are compared to these signatures, which are
updated frequently by the vendors to identify known attacks on the databases.
• Database firewalls build (or come with) white list of approved SQL Commands (or)
statements that are safe.
• All the input commands are compared with this white list and only those that are
already present in the white list are sent to the database.

17. Advantages of using FIREWALLS
17
• Database firewalls maintains the black list of certain specific and potential harmful
commands (or) SQL statements and do not allow this type of inputs.
• Database firewalls identifies the database, operating system and protocol
vulnerabilities in the databases and intimate the administrator, who can take steps
to patch them.
• Database firewalls monitors for database responses (from the db server) to block
potential data leakage.
• Database firewalls notifies the suspicious activity, instead of blocking them right
away.

18. How data encryption works
18
• Data encryption is a key-based access control system. Even if the encrypted data is
received, it cannot be understood until authorized decryption occurs, which is
automatic for users authorized to access the tables.
• When a table contains the encrypted columns, a single key is used regardless of the
number of encrypted columns. This key is called the column encryption key.
• The column encryption key for all tables, containing encrypted columns, are
encrypted with the database server master encryption key and stored in a dictionary
table in the database.
• The master encryption key is stored in an external security module that is outside the
database and accessible only to the security administrator.

19. Advantages of Data Encryption
19
• As a security administrator, one can sure that sensitive data is safe in case the storage
media or data file gets stolen.
• You do not need to create triggers or views to decrypt data. Data from tables is
decrypted for the database user.
• Database users need not be aware of the fact that the data they are accessing is
stored in encrypted form. Data is transparently decrypted for the database users and
does not require an action on their part.
• Applications need not be modified to handle encrypted data. Data
encryption/decryption is managed by the database.

20. Authorization
20
• Read Authorization – allows reading, but not modification of data
• Insert authorization – allows insertion of new data, but not modification of existing
data
• Update authorization – allows modification, but not deletion of data
• Delete authorization – allows deletion of data.

21. Security Controls
21
• Type of Database Security controls
1. Flow Control
2. Inference Control
3. Access Control

22. Flow Control
22
• Flow controls regulates the distribution (flow) of information among accessible
objects.
• A flow between object X and object Y occurs when a statement reads values from X
and writes into Y.
• Copying data from X to Y is the typical example of information flow.

23. Inference Control
23
• Inference control aim at protecting data from indirect deletion.
• Information inference occurs when: a set X of data items to be read by a user can be
used to get the set Y of data.
• An inference channel is a channel where users can find an item X and then use X to
get Y as Y=f(X)

24. Access Control
24
• Access control in information system are responsible for ensuring that all direct
accesses to the system objects occur base on models and rules fixed by protection
policies.
• An access control system includes :
• Subjects (Users, processes)
• Who access objects (data, programs)
• Through operations (‘read’ , ‘write’, ‘run’)

25. Conclusion
25
• The goal of database security is to protect your critical and confidential data from
unauthorized access.
• Each organization should have a data security policy, which is a set of high-level
guidelines determined by:
• User requirements.
• Environmental aspects.
• Internal regulations.
• Governmental laws.

26. Thank you 
26