90 likes | 115 Views
Data & Database Administration. Security Overview Physical Protection Network Protection Permissions Management Views as a Security Tool. Database Security. Database security is the management of risks and tradeoffs The risk of a loss Destruction of data Theft of data
E N D
Data & Database Administration • Security Overview • Physical Protection • Network Protection • Permissions Management • Views as a Security Tool
Database Security • Database security is the management of risks and tradeoffs • The risk of a loss • Destruction of data • Theft of data • Privacy issues (including legal liability) • Database corruption • Loss of availability • The cost of data security efforts
Database Security (cont.) Name some database security measures and their costs What sorts of risks to they protect against?
Security Action Categories • Physical Protection • Access Protection • Protection in Transit • Loss Prevention • Backup and Recovery plans covered next week
Physical Protection • Don’t forget the step of physically protecting access to your equipment and data • Lock the door! • Be aware of portable copies of data, who has them, where they are • Recent news stories
Network Protection • Use appropriate network access protections to guard against hacking into the network • Be aware of security threats • Weaknesses in the operating system • Database vulnerabilities • Application vulnerabilities • Expert consultation is desirable
Authorization Rules or Permissions • Authorization rules are permissions to perform certain actions on the database • Allow a user to view, edit, or add records to a table • Permissions are granted to • Individuals • Groups • Permissions are granted on • Entire database • Distinct objects (tables, views, indexes, etc.) • Specific columns or rows
Permissions • DBA is usually granted authority to do anything in the database • DBA may GRANT or REVOKE permissions to other users • May include permission to grant or revoke permission to others • Users may be assigned to a group and permissions granted to a group • Applications usually have security privileges established by the userid used in the connection string • Application must have appropriate permissions
Views as a Security Tool • Views are query definitions stored in the DB • A security measure may be to grant the user permission on the view but not to the underlying tables • WHERE clauses in the view definition query can restrict rows • Field list in the SELECT clause can restrict columns • Views may be used like any other table in the DB • See discussion of other security measures • Encryption, authentication