SlideShare a Scribd company logo

Database Security Fundamentals

Download as PPTX, PDF
A
Arpana shree

This document discusses database security. It begins by stating that as threats to databases have increased, security of databases is increasingly important. It then defines database security as protecting the confidentiality, integrity, and availability of database data. The document outlines some common database security threats like SQL injection, unauthorized access, password cracking, and network eavesdropping. It then discusses some methods of securing databases, including through firewalls and data encryption. Firewalls work by filtering database traffic according to rules, while data encryption scrambles data so it can only be read by authorized users. The document stresses the importance of restricting database access to authorized users and applications.

Technology
1 of 28
In this Chapter  Overview To Database Security. Why need of database security. What is Database Security Concepts of Database Security. Threats to Database and counter measures Methods of securing database. Through firewall Database Abstraction 5/2/2014Database security issues
Overview Threats and risk to database have increased, So there is a need for security of the database. The majority companies store sensitive data in database. E.g.: Credit card number If there is no security to database what happens??? Data will be easily corrupted It is important to restrict access to the database from authorized users to protect sensitive data. 5/2/2014Database security issues
Security risk to database includes Unauthorized database users Unauthorized Database Administrator Unauthorized access to Database Unauthorized alternation to available data Lack of access to Database services Sensitive data includes •Bank/Demat accounts •Credit card, Salary, Income tax data •University admissions, marks/grades •Land records, licenses 5/2/2014Database security issues
Definition of Database Security Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected 5/2/2014Database security issues
Database Security Concepts CONFIDENTIALITY INTERGRITY AVAILABILITY 5/2/2014Database security issues
Confidentiality Enforced by encrypting the data in the stored database Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. Encryption is rendering sensitive data unreadable to unauthorized users. 5/2/2014Database security issues
Integrity Enforced by defining which user has to be given permission to access the data in the database For Example: Data related to employee may have permission for viewing records and altering only the part of information like his contact details, where as the person like Human resource manager will have more privileges. 5/2/2014Database security issues
Availability Database must have not unplanned downtime. To ensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessions made available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users. 5/2/2014Database security issues
Threats to database SQL Injection. Unauthorized access Password Cracking. Network EavesDropping 5/2/2014Database security issues
SQL Injection A form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall Vulnerabilities: Poor Input validation to web application. Unsafe ,dynamically constructed SQL commands. Weak permissions that fail to restrict the application to Database Countermeasures Your application should constrain and sanitize input data before using it in SQL queries. Use type safe SQL parameters for data access. These can be used with stored procedures or dynamically constructed SQL command strings. Using SQL parameters ensures that input data is subject to type and length checks Use a SQL Server login that has restricted permissions in the database. Ideally, you should grant execute permissions only to selected stored procedures in the database and provide no direct table access. 5/2/2014Database security issues
Unauthorized Access Direct access to your database server should be restricted to specific client computers to prevent unauthorized server access. Vulnerabilities Failure to block the SQL Server port at the perimeter firewall Lack of IPSec or TCP/IP filtering policies Countermeasures Make sure that SQL Server ports are not visible from outside of the perimeter network. Within the perimeter, restrict direct access by unauthorized hosts, for example, by using IPSec or TCP/IP filters. 5/2/2014Database security issues
Password cracking A common first line of attack is to try to crack the passwords of well known account names, such as SA (the SQL Server administrator account). Vulnerabilities Weak or blank passwords Passwords that contain everyday words Countermeasures Create passwords for SQL Server login accounts that meet complexity requirements. Avoid passwords that contain common words found in the dictionary. 5/2/2014Database security issues
Network Eavesdropping Eavesdropping refers to unauthorized access of reading messages The deployment architecture of most applications includes a physical separation of the data access code from the database server. As a result, sensitive data, such as application-specific data or database login credentials, must be protected from network eavesdroppers. Vulnerabilities Insecure communication channels Passing credentials in clear text to the database; for example: Using SQL authentication instead of Windows authentication  Using SQL authentication without a server certificate Vulnerabilities Insecure communication channels Passing credentials in clear text to the database; for example: Using SQL authentication instead of Windows authentication  Using SQL authentication without a server certificate 5/2/2014Database security issues
Diagrammatic Representation 5/2/2014Database security issues
Methods of securing the database Authorization - privileges, views. Authentication – passwords. Encryption - public key / private key, secure sockets. Logical - firewalls, net proxies. 5/2/2014Database security issues
Security of the database through FIREWALLS A FIREWALL is dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of software that monitors all traffic that goes from your system to another via the Internet or network and Vice Versa Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. 5/2/2014Database security issues
How Database FIREWALL works The Database Firewalls include a set of pre-defined, customizable security audit policies and they can identify database attacks based on threat patterns called signatures. The SQL input statements (or) queries are compared to these signatures, which are updated frequently by the vendors to identify known attacks on the database. But all the attacks on the databases may not be familiar. Database Firewalls build (or come with) white list of approved SQL commands(or) statements that are safe. All the input commands are compared with this white list and only those that are already present in the white list are sent to the database. 5/2/2014Database security issues
Diagrammatic Representation 5/2/2014Database security issues
Advantages of using FIREWALL Database Firewalls maintains the black list of certain specific and potentially harmful commands(or) SQL statements and do not allow these type of inputs. Database Firewalls identifies the database, operating system and protocol vulnerabilities in the databases and intimate the administrator, who can take steps to patch them. Database Firewalls monitors for database responses (from the DB server) to block potential data leakage. Database Firewalls notifies the suspicious activities, instead of blocking them right away. Database Firewalls can evaluate factors like IP address, time, location, type of applications (source), etc from which the abnormal database access requests are emanating and then decide whether to block them or not, based on these factors as per the policies set by the administrator. 5/2/2014Database security issues
Security of the database Through Abstraction Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns. Encrypted data is decrypted for a database user who has access to the data. Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 5/2/2014Database security issues
How data Encryption Works Data encryption is a key-based access control system. Even if the encrypted data is retrieved, it cannot be understood until authorized decryption occurs, which is automatic for users authorized to access the table. When a table contains encrypted columns, a single key is used regardless of the number of encrypted columns. This key is called the column encryption key. The column encryption keys for all tables, containing encrypted columns, are encrypted with the database server master encryption key and stored in a dictionary table in the database. The master encryption key is stored in an external security module that is outside the database and accessible only to the security administrator. 5/2/2014Database security issues
Case: Oracle Server 5/2/2014Database security issues
Advantages of Data Encryption As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen. You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user. Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part. Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 5/2/2014Database security issues
Authorization Read authorization - allows reading, butnot modification of data Insert authorization - allows insertion of new data, but not modification of existing data. Update authorization - allows modification, but not deletion of data. Delete authorization - allows deletion of data 5/2/2014Database security issues
Privileges in Database select: allows read access to relation, or the ability to query using the view insert: the ability to insert tuples update: the ability to update using the SQL update statement delete: the ability to delete tuples. 5/2/2014Database security issues
Privilege To Grant Privileges With grant option: allows a user who is granted a privilege to pass the privilege on to other users. Example: grant select on branch to U1 with grant option gives U1 the select privileges on branch and allows U1 to grant this privilege to others 5/2/2014Database security issues
THANK YOU 5/2/2014Database security issues

Recommended

Database security
Database securityDatabase security
Database securityMurchana Borah
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 

Recommended

Database security
Database securityDatabase security
Database securityMurchana Borah
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Backing Up and Recovery
Backing Up and RecoveryBacking Up and Recovery
Backing Up and RecoveryMaham Huda
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systemsSecurePass
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Database security
Database securityDatabase security
Database securityCAS
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Chapter1
Chapter1Chapter1
Chapter1Jafar Nesargi
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database backup & recovery
Database backup & recoveryDatabase backup & recovery
Database backup & recoveryMustafa Khan
 
Database backup and recovery basics
Database backup and recovery basicsDatabase backup and recovery basics
Database backup and recovery basicsShahed Mohamed
 
DBMS an Example
DBMS an ExampleDBMS an Example
DBMS an ExampleDr. C.V. Suresh Babu
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Distributed database
Distributed databaseDistributed database
Distributed databaseReachLocal Services India
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITYWasim Raza
 
Database security
Database securityDatabase security
Database securityMehrdad Jingoism
 

More Related Content

What's hot

Backing Up and Recovery
Backing Up and RecoveryBacking Up and Recovery
Backing Up and RecoveryMaham Huda
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systemsSecurePass
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Database security
Database securityDatabase security
Database securityCAS
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database backup & recovery
Database backup & recoveryDatabase backup & recovery
Database backup & recoveryMustafa Khan
 
Database backup and recovery basics
Database backup and recovery basicsDatabase backup and recovery basics
Database backup and recovery basicsShahed Mohamed
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 

What's hot (20)

Backing Up and Recovery
Backing Up and RecoveryBacking Up and Recovery
Backing Up and Recovery
 
Database security
Database securityDatabase security
Database security
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
 
Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systems
 
Database security
Database securityDatabase security
Database security
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
03 cia
03 cia03 cia
03 cia
 
Database security
Database securityDatabase security
Database security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Chapter1
Chapter1Chapter1
Chapter1
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
 
Database backup & recovery
Database backup & recoveryDatabase backup & recovery
Database backup & recovery
 
Database backup and recovery basics
Database backup and recovery basicsDatabase backup and recovery basics
Database backup and recovery basics
 
DBMS an Example
DBMS an ExampleDBMS an Example
DBMS an Example
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Distributed database
Distributed databaseDistributed database
Distributed database
 

Similar to Database Security Fundamentals

Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptxFarhanaMariyam1
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Sensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSSensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSKAMLESH HINGWE
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure worldGianluca Sartori
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxvrickens
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...Anar Godjaev
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxsiti829412
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
A Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseA Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseShivnandan Singh
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
Security Misconfiguration.pptx
Security Misconfiguration.pptxSecurity Misconfiguration.pptx
Security Misconfiguration.pptxKalyani Raut
 
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET Journal
 

Similar to Database Security Fundamentals (20)

DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
 
Database security
Database securityDatabase security
Database security
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
 
Database Security - IK
Database Security - IKDatabase Security - IK
Database Security - IK
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
Sensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaSSensitive Data Protection in DBaaS
Sensitive Data Protection in DBaaS
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docx
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
A Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseA Review Report on Security Threats on Database
A Review Report on Security Threats on Database
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Dstca
DstcaDstca
Dstca
 
Security Misconfiguration.pptx
Security Misconfiguration.pptxSecurity Misconfiguration.pptx
Security Misconfiguration.pptx
 
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
 
Farheen
Farheen Farheen
Farheen
 
Database security2 adebiaye
Database security2 adebiayeDatabase security2 adebiaye
Database security2 adebiaye
 

More from Arpana shree

Banking locker security using Image processing
Banking locker security using Image processingBanking locker security using Image processing
Banking locker security using Image processingArpana shree
 
Graphical Password authentication using Hmac
Graphical Password authentication using HmacGraphical Password authentication using Hmac
Graphical Password authentication using HmacArpana shree
 
Enumerated data types in C
Enumerated data types in CEnumerated data types in C
Enumerated data types in CArpana shree
 
Intellectual property rights
Intellectual property rightsIntellectual property rights
Intellectual property rightsArpana shree
 
Two factor autentication in Gmail
Two factor autentication in GmailTwo factor autentication in Gmail
Two factor autentication in GmailArpana shree
 
System Z operating system
System Z operating systemSystem Z operating system
System Z operating systemArpana shree
 

More from Arpana shree (9)

Evo mouse
Evo mouseEvo mouse
Evo mouse
 
Cryptography
CryptographyCryptography
Cryptography
 
Banking locker security using Image processing
Banking locker security using Image processingBanking locker security using Image processing
Banking locker security using Image processing
 
Graphical Password authentication using Hmac
Graphical Password authentication using HmacGraphical Password authentication using Hmac
Graphical Password authentication using Hmac
 
Enumerated data types in C
Enumerated data types in CEnumerated data types in C
Enumerated data types in C
 
Intellectual property rights
Intellectual property rightsIntellectual property rights
Intellectual property rights
 
Two factor autentication in Gmail
Two factor autentication in GmailTwo factor autentication in Gmail
Two factor autentication in Gmail
 
System Z operating system
System Z operating systemSystem Z operating system
System Z operating system
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Database Security Fundamentals

  • 1.
  • 2. In this Chapter  Overview To Database Security. Why need of database security. What is Database Security Concepts of Database Security. Threats to Database and counter measures Methods of securing database. Through firewall Database Abstraction 5/2/2014Database security issues
  • 3. Overview Threats and risk to database have increased, So there is a need for security of the database. The majority companies store sensitive data in database. E.g.: Credit card number If there is no security to database what happens??? Data will be easily corrupted It is important to restrict access to the database from authorized users to protect sensitive data. 5/2/2014Database security issues
  • 4. Security risk to database includes Unauthorized database users Unauthorized Database Administrator Unauthorized access to Database Unauthorized alternation to available data Lack of access to Database services Sensitive data includes •Bank/Demat accounts •Credit card, Salary, Income tax data •University admissions, marks/grades •Land records, licenses 5/2/2014Database security issues
  • 5. Definition of Database Security Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected 5/2/2014Database security issues
  • 7. Confidentiality Enforced by encrypting the data in the stored database Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. Encryption is rendering sensitive data unreadable to unauthorized users. 5/2/2014Database security issues
  • 8. Integrity Enforced by defining which user has to be given permission to access the data in the database For Example: Data related to employee may have permission for viewing records and altering only the part of information like his contact details, where as the person like Human resource manager will have more privileges. 5/2/2014Database security issues
  • 9. Availability Database must have not unplanned downtime. To ensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessions made available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users. 5/2/2014Database security issues
  • 10. Threats to database SQL Injection. Unauthorized access Password Cracking. Network EavesDropping 5/2/2014Database security issues
  • 11. SQL Injection A form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall Vulnerabilities: Poor Input validation to web application. Unsafe ,dynamically constructed SQL commands. Weak permissions that fail to restrict the application to Database Countermeasures Your application should constrain and sanitize input data before using it in SQL queries. Use type safe SQL parameters for data access. These can be used with stored procedures or dynamically constructed SQL command strings. Using SQL parameters ensures that input data is subject to type and length checks Use a SQL Server login that has restricted permissions in the database. Ideally, you should grant execute permissions only to selected stored procedures in the database and provide no direct table access. 5/2/2014Database security issues
  • 12. Unauthorized Access Direct access to your database server should be restricted to specific client computers to prevent unauthorized server access. Vulnerabilities Failure to block the SQL Server port at the perimeter firewall Lack of IPSec or TCP/IP filtering policies Countermeasures Make sure that SQL Server ports are not visible from outside of the perimeter network. Within the perimeter, restrict direct access by unauthorized hosts, for example, by using IPSec or TCP/IP filters. 5/2/2014Database security issues
  • 13. Password cracking A common first line of attack is to try to crack the passwords of well known account names, such as SA (the SQL Server administrator account). Vulnerabilities Weak or blank passwords Passwords that contain everyday words Countermeasures Create passwords for SQL Server login accounts that meet complexity requirements. Avoid passwords that contain common words found in the dictionary. 5/2/2014Database security issues
  • 14. Network Eavesdropping Eavesdropping refers to unauthorized access of reading messages The deployment architecture of most applications includes a physical separation of the data access code from the database server. As a result, sensitive data, such as application-specific data or database login credentials, must be protected from network eavesdroppers. Vulnerabilities Insecure communication channels Passing credentials in clear text to the database; for example: Using SQL authentication instead of Windows authentication  Using SQL authentication without a server certificate Vulnerabilities Insecure communication channels Passing credentials in clear text to the database; for example: Using SQL authentication instead of Windows authentication  Using SQL authentication without a server certificate 5/2/2014Database security issues
  • 16. Methods of securing the database Authorization - privileges, views. Authentication – passwords. Encryption - public key / private key, secure sockets. Logical - firewalls, net proxies. 5/2/2014Database security issues
  • 17. Security of the database through FIREWALLS A FIREWALL is dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of software that monitors all traffic that goes from your system to another via the Internet or network and Vice Versa Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. 5/2/2014Database security issues
  • 18. How Database FIREWALL works The Database Firewalls include a set of pre-defined, customizable security audit policies and they can identify database attacks based on threat patterns called signatures. The SQL input statements (or) queries are compared to these signatures, which are updated frequently by the vendors to identify known attacks on the database. But all the attacks on the databases may not be familiar. Database Firewalls build (or come with) white list of approved SQL commands(or) statements that are safe. All the input commands are compared with this white list and only those that are already present in the white list are sent to the database. 5/2/2014Database security issues
  • 20. Advantages of using FIREWALL Database Firewalls maintains the black list of certain specific and potentially harmful commands(or) SQL statements and do not allow these type of inputs. Database Firewalls identifies the database, operating system and protocol vulnerabilities in the databases and intimate the administrator, who can take steps to patch them. Database Firewalls monitors for database responses (from the DB server) to block potential data leakage. Database Firewalls notifies the suspicious activities, instead of blocking them right away. Database Firewalls can evaluate factors like IP address, time, location, type of applications (source), etc from which the abnormal database access requests are emanating and then decide whether to block them or not, based on these factors as per the policies set by the administrator. 5/2/2014Database security issues
  • 21. Security of the database Through Abstraction Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns. Encrypted data is decrypted for a database user who has access to the data. Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 5/2/2014Database security issues
  • 22. How data Encryption Works Data encryption is a key-based access control system. Even if the encrypted data is retrieved, it cannot be understood until authorized decryption occurs, which is automatic for users authorized to access the table. When a table contains encrypted columns, a single key is used regardless of the number of encrypted columns. This key is called the column encryption key. The column encryption keys for all tables, containing encrypted columns, are encrypted with the database server master encryption key and stored in a dictionary table in the database. The master encryption key is stored in an external security module that is outside the database and accessible only to the security administrator. 5/2/2014Database security issues
  • 24. Advantages of Data Encryption As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen. You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user. Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part. Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 5/2/2014Database security issues
  • 25. Authorization Read authorization - allows reading, butnot modification of data Insert authorization - allows insertion of new data, but not modification of existing data. Update authorization - allows modification, but not deletion of data. Delete authorization - allows deletion of data 5/2/2014Database security issues
  • 26. Privileges in Database select: allows read access to relation, or the ability to query using the view insert: the ability to insert tuples update: the ability to update using the SQL update statement delete: the ability to delete tuples. 5/2/2014Database security issues
  • 27. Privilege To Grant Privileges With grant option: allows a user who is granted a privilege to pass the privilege on to other users. Example: grant select on branch to U1 with grant option gives U1 the select privileges on branch and allows U1 to grant this privilege to others 5/2/2014Database security issues