This presentation discusses database security. It begins by defining data and databases, and explaining why databases are needed. It then outlines different types of databases and provides examples. The presentation describes what database security entails and its goal to protect data and systems from unauthorized access and corruption. Finally, it details various database security measures that can be implemented, including separating servers, encrypting data, using strong authentication, monitoring privileges, and conducting security tests.

2. Presentation Topic
Explain different types of database and also give proper security
measure to improve security of database

3. Presented by
Ahmad Hassan (14658)
M.Usman (15208)
Abdullah Khalid (14420)
M.Bilal Ayub (12516)

4. What is data?
• A collection of unique, small pieces of information are defined as
the data. It can be used in many different ways, including as text,
numbers, media, bytes, etc. It can be stored on paper, in an
electronic memory, etc.
• The term "data" is derived from the Latin word "datum," which
meaning "a single piece of information."
• For example, information related any person, car, organization
like the address, phone number, email, color is data.

5. What is database?
• A database is a set of data that has been organized to easily access
and manage it. Typically it is stored electronically in the computer
system.
• This database is managed by the software called Database
management system (DBMS) like Microsoft Access etc. There
databases used in this modern world are MySQL, Sybase,
Informix etc.
• For example, data related about the customers of a store or users
of a online shopping website.

6. Why do we need database?
These are reasons why we need database:-
• To store all the data in one place.
• Multiple users can access and modify the database at a same time.
• To make data searchable and sortable we every user can easily
found it.
• To keep the data safe from unauthorized access.
• To access the data from any part of world with help of internet.

7. Types of database
 Centralized database
 Cloud database
 Commercial database
 Distributed database
 End-user database
 NoSQL database
 Object-oriented database
 Open-source database
 Operational database
 Relational database

8. Centralized Database
• A centralized database is one that runs completely from one
place. Larger organizations, like a business or university, often use
centralized databases. A central computer or database system
houses the database itself. Although the database is accessible to
users via a computer network, it's actually controlled and
maintained by a central computer.
• It’s main purpose to reduce data redundancy
• For example, mainframe computer which manages many
computers in a network.

9. Cloud database
• An online database is referred to as a cloud database. The data is
online accessible but is kept on a local hard drive or server. As
long as you have an Internet connection, you can easily access
your files. Any cloud database must include encryption because
all data must be secured during transmission over the internet.
• A cloud database can either create one on their own or pay a
service to store their data on their behalf.
• It’s main purpose is to manage data within an organization.
• For example, Google Docs, Gmail etc.

10. Commercial database
• A commercial database is designed and build for a commercial
business. This type of database is used for commercial purposes
only. Businesses evolve feature-rich databases, which they sell to
their customers. Commercial databases can differ in terms of
technology they use. The unique characteristic of commercial
database is user has to pay for using it.
• It’s main purpose is to meets the special needs of users according
to user feedback got by any organization.
• For example, Microsoft Access and Microsoft SQL Sever etc.

11. Distributed database
• A distributed database is one that is spread across several
different devices. Distributed databases operate across multiple
machines, such as various computers located nearby or across a
network. These all machines can share their data without any
administrative control.
• It’s main purpose is to deliver faster performance, better
dependability, and simplicity of expansion.
• For example, Apache ignite, Couchbase server etc.

12. End-user database
• In product development, the phrase "end-user" refers to the
consumer of the product. Therefore, a database that is primarily
used by one or more than one person is known as an end-user
database.
• It’s main purpose is to help the end-user store their data easily on
their machines.
• For example, spreadsheet or collection of files saved on your local
computer.

13. NoSQL database
• SQL stands for Structured query language. Data in a NoSQL
database is unstructured, or non-relational, and organized in a
hierarchy identical to a file folder system. They can process more
data more quickly thanks to this absence of structure, which also
makes it simpler to grow in the future. NoSQL databases are often
used in cloud computing.
• It’s main purpose is to deal easily with large amount of data and
heavy user loads on the system.
• For example, student cards catalog on the server.

14. Object-oriented database
• Data is represented as objects and classes in object-oriented
databases. A class is a collection of items, whereas an object is a
thing like a name or phone number. Object-oriented databases are
a type of relational database. When you need to efficiently
analyze a lot of complicated data object-oriented database are best
option for it.
• It’s main purpose to handle the complex data object with an
database system.
• For example, Vbase used for automation of industry..

15. Open-source database
• An open-source database is one that the general public is free to
use. Users can download or register for open source databases
without paying a fee. The term "open source" describes a
program that allows users to understand how it was created and is
available to their own modifications. Open-source databases are
much cheaper than commercial databases, but they do not have
advanced features found in commercial databases.
• It’s main purpose to let users create their own database
according to their requirement and business needs.
• For example, MySQL etc.

16. Operational database
• An operational database's function is to enable real-time data
modification by users. In corporate analytics and data
warehousing, operational databases are essential. They can be set
up either as relational databases or NoSQL, depending on needs.
On the other hand, operational databases let you add, alter, and
remove data whenever you choose.
• It’s main purpose to allow user to define, retrieve and mange data
in real time.
• For example, Apache Cassandra etc.

17. Relational database
• In comparison to NoSQL databases, relational databases are the
other main type of database. In this database data are stored in
tables and these tables are linked together using different keys
like primary key etc. A relational database stores organized
information about other data.. When data integrity is a problem
or scalability is not a top need, relational databases are frequently
the best option.
• It’s main purpose is to connect data in different tables, rows,
columns and understanding the relation between them.
• For example, database of the patient healthcare data.

18. What is database security?
• Database security is a set of practices and technologies used to
protect database management systems from malicious cyber
attacks and unauthorized use. Database security is a complex
task that includes information security disciplines application
security, data security, and endpoint security.
• The goal of database security is to protect against misuse, data
corruption, and intrusion, not only the data it also protect data
management system, applications that access the database. The
database security is protecting and strengthening the physical or
virtual server hosting the database, and the surrounding
computing and network environment.

19. The types of database security measures
 Separate Database Servers and Web Servers
 Database Encryption At Rest And In Transit
 Use Strong Authentication
 Continuously Discover Sensitive Data
 Separate Tests From Production
 Revoke Privileges Continuously
 Deploy Physical Database Security
 Ensure Database User Accounts are Secure
 Monitor Database Activity
 Conduct Security Tests

20. Separate database servers and web servers
• Separate your web server from your database server to improve
security by maintaining isolation and preventing cross movement.
With separate servers, attackers cannot access the database even
if they hack your admin account on the web server.
• These servers might need to communicate for specific tasks, but
they are not necessary for operating the database. When you
enable communication, ensure you limit the permissions to the
minimum required for successful operations. The principle of
least privilege helps restrict an attacker’s ability to damage your
database.

21. Database encryption at rest and in transit
• Strong encryption is a basic best practice for database security.
Encrypt all database connections using the Transport Layer
Security (TLS) protocol, protecting data in transit. You should
also encrypt any disks containing a data store to prevent data loss
or theft.
• Most commonly used encryption are AES, DES etc.

22. Use strong authentication
• Database authentication is the process of confirming that users or
service accounts attempting to connect to the database are who
they say they are. A related process is authorization, which
determines, based on the confirmed identity, what permissions
the users have on the database.
• Because databases are most critical part of system, all databases
should have strong authentication enabled.
• Best way is to use two-factor authentication, for example by
combining a password or PIN with something the user owns, such
as a security token or mobile phone.

23. Continuously discover sensitive data
• Many databases contain a mix of sensitive and non-sensitive
data. You need to continuously audit your data and identify which
tables or columns in your database are sensitive and require
special protection.
• If you don’t know where sensitive data present, you cannot protect
it, and this result in violations and data breaches.

24. Separate tests from production
• A common cause of data breaches is that sensitive production data is
stored on a database in a testing or staging environment, which is not
as well protected as the production environment.
• Test environments are physically separate from production
environments. Test environments have separate roles and permissions
than production environments. Test environments never contain real
production data. Instead, you should create synthetic or anonymized
datasets to enable testing on realistic data.
• There should be a controlled process for promoting a database from
testing to production and that has to free of bugs or security issues.

25. Revoke privileges continuously
• Users should have access to a database only as long as they need it
for their daily roles. When a user no longer requires a permission, it
must be revoked.
• Privilege creep is a common problem in database systems, where
additional privileges are granted as needed and are not revoked. A
good way to manage excessive privileges is a privilege access
management (PAM) system. These systems provide visibility of all
permissions granted to sensitive systems, and can assign “just in
time” privileges for individuals performing maintenance on a
database, revoking them automatically when maintenance is
complete.

26. Deploy physical database security
• Your data center or database server may be vulnerable to physical
infiltration by threat actors (both outside and within your
company). If infiltrators can physically access your database
server, they might steal or corrupt your data or install malware
that grants them remote access.
• Cyber-attacks that exploit physical security vulnerabilities may be
difficult to prevent or detect with digital security controls alone.
You should apply additional security measures to protect
physical assets, including machines, storage facilities, or
workspaces with access to sensitive data.

27. Ensure database user accounts are secure
• Restrict database access to the minimum number of users
required. Only provide the administrative privileges required to
complete a job, restricting access to the times your users need it.
Comprehensive access management might not be practical for
smaller organizations, but it is still important to manage
permissions via roles or groups and not grant them directly to
individual users.

28. Monitor database activity
• Monitor all logins and logout attempts to your database and
operating system. Regularly review the logs to identify anomalous
activity. You might set up an alerting system to notify relevant
individuals or teams of suspicious activity.
• Continuous monitoring allows you to identify compromised
accounts quickly if an attacker breaches your databases or an
employee performs a suspicious task. Monitoring also helps you
identify the creation of unauthorized accounts or when users
share accounts.

29. Conduct security tests
• After implementing your security policy, you need to test its
effectiveness regularly. Perform penetration testing to identify
unsecured aspects of your database and conduct frequent
vulnerability assessments. Security testing allows you to discover
and fix issues quickly before they result in a breach. Conduct all
security tests and scans before you launch the database.

30. Where to find database security solutions
and tools?
• Strengthen your security posture with Microsoft Zero Trust end-
to-end security and Azure database security. Use multilayered,
built-in security controls and unique threat intelligence to help
identify and protect against threats. The defense-in-depth design
of Azure services provides multi-layered security across physical
data centers, infrastructure, and operations.

31. How you can deploy database security?
• There are three layers of database security: the database level,
the access level, and the perimeter level. Security at the
database level occurs within the database itself, where the data
live. Access layer security focuses on controlling who can access
certain data or systems containing it. Security policy at the
perimeter level determines who can and cannot get into
databases. Each level requires unique security solutions.

32. Security Level Database Security Solutions
Database Level Masking
Tokenization
Encryption
Access Level Access Control Lists
Permissions
Perimeter Level Firewalls
Virtual Private Networks

33. Thank you for your attention