1 / 26

611518810-Database-Security

Database-Security

mhmad240
Download Presentation

611518810-Database-Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 1

  2. Outline • OverviewToDatabase Security. • WhatisDatabase Security • Whyneedofdatabasesecurity. • ConceptsofDatabaseSecurity. • SecurityProblems • SecurityControls

  3. OVERVIEW • In today’s world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. • Every day, hackers unleash attacks designed to steal confidential data, and an organization’s database servers are often the primary targets of these attacks. Databases are one of the most compromised assets . • “The reason databases are targeted so often is quite simple—they are at the heart of any organization, storing customer records and other confidential business data,”. • Organizations are not protecting these crucial assets well enough. • “When hackers and malicious insiders gain access to sensitive data, they can quickly extract value, inflict damage or impact business operations. • In addition to financial loss or reputation damage, breaches can result in regulatory violations, fines and legal fees. 3

  4. Whatisdatabase security? Database: Itisa collectionofinformationstored in acomputer. Security: Itisbeingfreefromdanger. DatabaseSecurity: Itisthe mechanismsthat protect the databaseagainstintentionalor accidentalthreats. 4

  5. Definitionof Database Security Database Security is definedastheprocessby which“Confidentiality,Integrity and Availability” of the database can be protected 5

  6. Whyneedofdatabasesecurity? Datawillbe easily corrupted If there is no security to databasewhat happens??? Itis importanttorestrictaccess tothe database fromauthorized usersto protectsensitive data. 6

  7. Conceptsof DatabaseSecurity Threeare 3mainaspects SecrecyorConfidentiality Integrity Availability 7

  8. SECRECY/ • Itisprotectingthedatabasefromunauthorizedusers. • Ensures that users are allowed to do the things they are tryingto do. • Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able toreadthe data. 8

  9. INTEGRITY • Protectingthedatabasefromauthorizedusers. • Ensuresthat what usersaretryingtodo iscorrect. • Forexamples, • An employee should be able to modifyhisor her own information. 9

  10. AVAILABILITY • Databasemusthavenotunplanneddowntime. • Toensurethis,followingstepsshouldbe taken • Restricttheamountofthestoragespacegivento each userin the database. • Limitthe numberof concurrentsessionsmadeavailableto each • databaseuser. • Backupthedataatperiodicintervalsto ensuredatarecoveryincase of applicationusers. 10

  11. SECURITY PROBLEMS

  12. Anycircumstanceoreventwiththepotential toadversely impact an IS through unauthorized access, destruction, disclosure,modificationofdata,and/ordenialofservice. • Thereare twokinds ofthreat. • Non-fraudulentThreat • fraudulentThreat

  13. 1.Non-fraudulent Threat • Naturaloraccidentaldisasters. • Errorsorbugs inhardware orsoftware. • Humanerrors.Often this is due to the lack of expertise required to implement security controls, enforce policies or conduct incident response processes • Excessive privileges. When workers are granted default database privileges that exceed the requirements of their job functions, these privileges can be abused. • Unmanaged sensitive data. Many companies struggle to maintain an accurate inventory of their databases and the critical data objects contained within them. “Forgotten databases may contain sensitive information, and new databases can emerge without visibility to the security team. Sensitive data in these databases will be exposed to threats if the required controls and permissions are not implemented.

  14. fraudulent Threat • Authorizedusers • Thosewhoabusetheirprivilegesand authority. • Hostileagents • Thoseimproperusers (outsiderorinsiders). • whoattackthe softwareand/orhardwaresystem,orread or writedatainadatabase.

  15. Fraudulent attacks…… • The most common database threats include: • Legitimate privilege abuse. Users may abuse legitimate database privileges for unauthorized purposes. • Malware. A perennial threat, malware is used to steal sensitive data via legitimate users using infected devices. • Database injection attacks. The two major types of database injection attacks are SQL injections that target traditional database systems and NoSQL injections that target “big data” platforms.

  16. Fraudulent attacks….. • Storage media exposure. Backup storage media is often completely unprotected from attack. As a result, numerous security breaches have involved the theft of database backup disks and tapes. Furthermore, failure to audit and monitor the activities of administrators who have low-level access to sensitive information can put your data at risk. Taking the appropriate measures to protect backup copies of sensitive data and monitor your most highly privileged users is not only a data security best practice, but also mandated by many regulations. • Exploitation of vulnerable databases. It generally takes organizations months to patch databases, during which time they remain vulnerable. Attackers know how to exploit unpatched databases or databases that still have default accounts and configuration parameters.

  17. DATABASEPROTECTION REQUIREMENTS ProtectionfromImproperAccess ProtectionfromInference IntegrityoftheDatabase UserAuthentication MultilevelProtection Confinement Managementand ProtectionofSensitiveData

  18. SECURITY CONTROLS 15

  19. Authorization- privileges,views. • Encryption-publickey /privatekey, secure • sockets. • Authentication– passwords. • Logical-firewalls,net proxies.

  20. AFIREWALLisdedicatedsoftware onanothercomputerwhich inspectsnetworktrafficpassing through itand denies (or) permits passage based on set of rules. Basically it is a piece of software that monitors all traffic that goes from your system to another via the InternetornetworkandViceVersa Database FirewallsareatypeofWebApplicationFirewallsthat monitordatabasestoidentifyandprotectagainstdatabasespecific attacksthatmostlyseekto accesssensitiveinformationstored inthe databases.

  21. Data encryptionenablestoencryptsensitivedata, suchas credit cardnumbers, storedintablecolumns. • Encrypteddata is decryptedfor adatabaseuser whohas accessto thedata. • Data encryption helps protect data stored on media in the event that the storagemediaor data filegetsstolen.

  22. As a security administrator, one can be sure that sensitive data is safe in casethe storagemediaor data filegetsstolen. • You do notneedtocreate triggers or viewstodecrypt data.Datafrom • tablesis decrypted forthedatabaseuser. • Database users need not be aware of the fact that the data they are accessingisstored inencryptedform. Data is transparentlydecryptedfor thedatabase users anddoesnotrequireanyactionon their part. • Applications need not be modified to handle encrypted data. Data encryption/decryption ismanagedby thedatabase.

  23. Readauthorization-allowsreading,butnot modificationof data • Insert authorization - allows insertion of new data, but not modificationof existingdata. • Updateauthorization-allowsmodification,but not deletionofdata. • Delete authorization-allows deletionofdata

  24. select:allowsreadaccess torelation, orthe ability to queryusing the view insert:theabilitytoinserttuples update: the ability toupdateusingtheSQLupdatestatement delete:the abilitytodeletetuples.

  25. Example: grant select on branchtoU1with grantoption gives U1the select privilegesonbranchand allows U1to grant this privilegetoothers Withgrantoption: allows a user who is granted aprivilegeto passthe privilegeon toother users.

More Related