Top Banner

Click here to load reader

Database Security. Objectives Scope of database security. Why database security is a serious concern for an organization. Type of threats that can affect

Dec 25, 2015

ReportDownload

Documents

  • Slide 1
  • Database Security
  • Slide 2
  • Objectives Scope of database security. Why database security is a serious concern for an organization. Type of threats that can affect a database system. How to protect a computer system using computer-based controls. Security measures provided by Microsoft Access http://arief.ismy.web.id
  • Slide 3
  • Why do we have to secure our data? Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource. Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential. http://arief.ismy.web.id
  • Slide 4
  • Database Security Security refers to the protection of the database against unauthorized access, intentional or accidental. Database security refers to mechanisms that protect the database against intentional or accidental threats. Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database. Encompass hardware, software, people and data. http://arief.ismy.web.id
  • Slide 5
  • Database Security Reasons The increasing amounts of crucial corporate data being stored on computer The acceptance that any loss of this data could prove to be disastrous. http://arief.ismy.web.id
  • Slide 6
  • Database Security Reasons The increasing amounts of crucial corporate data being stored on computer The acceptance that any loss of this data could prove to be disastrous. http://arief.ismy.web.id
  • Slide 7
  • Database Security Involves measures/situations to avoid: Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of integrity Loss of availability http://arief.ismy.web.id
  • Slide 8
  • Database Security Threat Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization. Tangible: loss of hardware, software, data. Intangible: loss of credibility or client confidence. Problem: identify all possible threats http://arief.ismy.web.id
  • Slide 9
  • Summary of Threats to Computer Systems
  • Slide 10
  • http://arief.ismy.web.id Typical Multi-User Computer Environment
  • Slide 11
  • Countermeasures Computer based control for a multiuser environment: Authorization Access control Views Backup Recovery Integrity Encryption RAID technology
  • Slide 12
  • Authorization Authorization: the granting of a right or privilege that enables a subject to have legitimate access to a system or a systems object Privilege allows user to create and access some database objects Authentication: A mechanism that determines whether a user is who he or she claims to be
  • Slide 13
  • Access Control Access Control: granting and revoking of privilege. Granting is to give privilege Revoking is to delete privilege DBMS has two types of access control Discretionary Access Control allows user to grant and revoke privilege Mandatory Access Control is based on system-wide policies that cannot be changed by individual users
  • Slide 14
  • Views Views have flexible security mechanism by hiding parts of the database from certain users. Only authorized users can use a view but not to use its base relations.
  • Slide 15
  • Backup & Recovery Backup: the process of periodically copying the database and the log files to offline storage media Journaling: The process f keeping and maintaining a log file (or journal) of all changes made to database to enable recovery to be undertaken effectively in the event of failure
  • Slide 16
  • Integrity Integrity constraints contribute to maintaining a secure database system by preventing data from becoming invalid and hence giving misleading or incorrect results.
  • Slide 17
  • Encryption Encryption: the encoding of the data by special algorithm that renders the data unreadable by any program without the decryption key. Cryptosystem includes: Encryption key to encrypt data Encryption algorithm works with encryption key to encode data (from plaintext to ciphertext) Decryption key to decrypt data Decryption algorithm works with decryption key to decode data (from ciphertext to plaintext).
  • Slide 18
  • Cryptosystem Cryptosystem has two techniques: Symmetric encryption Use the same key for encryption and decryption Uses Data Encryption Standard (DES) developed by IBM Asymmetric encryption Use a different key for encryption and decryption Public key cryptosystem uses two keys: public key & private key. The most known asymetric encryption is RSA (Rivest, Shamir and Adleman).
  • Slide 19
  • RAID (Redundant Array of Independent Disks) Technology Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures. http://arief.ismy.web.id
  • Slide 20
  • RAID Technology Main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, cooling fans. Disk drives are most vulnerable components with shortest times between failure of any of the hardware components. http://arief.ismy.web.id
  • Slide 21
  • RAID Technology One solution is to provide a large disk array comprising an arrangement of several independent disks organized to improve reliability and increase performance. Redundant Array of Independent Disks http://arief.ismy.web.id
  • Slide 22
  • RAID Technology Performance is increased through data striping: the data is segmented into equal- size partitions (the striping unit), which are transparently distributed across multiple disks. Parallel services Reliability is improved through storing redundant information across the disks using a parity scheme or an error-correcting scheme. http://arief.ismy.web.id
  • Slide 23
  • Security in Microsoft Access DBMS Provides two methods for securing a database: setting a password for opening a database (system security); user-level security, which can be used to limit the parts of the database that a user can read or update (data security). http://arief.ismy.web.id
  • Slide 24
  • Securing the DreamHome Database Using a Password http://arief.ismy.web.id
  • Slide 25
  • User and Group Accounts Dialog Box for the DreamHome Database http://arief.ismy.web.id
  • Slide 26
  • User and Group Permissions Dialog Box http://arief.ismy.web.id
  • Slide 27
  • Web Security The challenge: Privacy (inaccessible only for sender and receiver) Integrity (cannot be changed during transmission) Authenticity (the true sender) Non Fabrication (the true receiver) Non repudiation (true messages)
  • Slide 28
  • Proxy Servers Proxy server is placed between Web browser and Web server. Save results of all requests for a certain amount of time Used to filter requests
  • Slide 29
  • Firewall Type firewall: Packet filter Application gateway Circuit level gateway Proxy server
  • Slide 30
  • Message Digest Algorithm A message digest takes an arbitrarily sized string and generates a fixed length string A digest characteristic: It should be computationally infeasible to find another message that will generate the same digest It does not reveal anything about the message
  • Slide 31
  • Digital Signature DS consists of two pieces of information Its useful properties: Its authenticity can be verified It cannot be forged It is a function of the data signed and cannot be claimed to be the signature for any other data The signed data cannot be changed otherwise the signature will no longer verify data as being authentic Two DS techniques: Use message digest algorithm for part of their computation Digest a message and digitally sign the digest rather than the message
  • Slide 32
  • Digital Certificates DC is attachment to an electronic message used for security purposes to verify that sending the message is the right sender and provide the receiver with the means to encode the reply.
  • Slide 33
  • Group Homework Summarize the advantages and disadvantages of Secure Sockets Layer and secure HTTP Secure Electronic Transactions and Secure Transaction Technology Java Security ActiveX security