1 / 67

Ensuring Database Security in Modern Environments

Learn about the importance of database security in organizations, the goals of securing data, managing threats, user access control, and various threats to database security like loss of availability, integrity, confidentiality, and privacy.

ginapeterson
Download Presentation

Ensuring Database Security in Modern Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTRODUCTION Database security is an important issue in database management because of the sensitivity and importance of data and information of an organization. Thus, a database represents an essential resource of an organization that should be properly secured. The database environment is becoming more and more complex with the growing popularity and use of distributed databases with client/server architectures as compared to the mainframes.

  2. The access to the database has become more open through the Internets and corporate intranets. As a result, managing-database security effectively has also become more difficult and time consuming. Therefore, it is important for the data base administrator (DBA) to develop overall policies, procedures and appropriate controls to protect the databases.

  3. GOALS OF DATABASE SECURITY The goal of database security is the protection of data against threats such as accidental or intentional loss, destruction or misuse. These threats pose problems to the database integrity and access. Threats may be defined as any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization.

  4. A threat may be caused by a situation or event involving a person, action or circumstances that are likely to harm the organization. The harm may be tangible, such as loss of hardware, software, or data. Database security involves allowing or disallowing users from performing actions on the database and the objects within it, thus protecting the database from misuse. The database administrator (DBA) is responsible for the overall security of the database system.

  5. Therefore, the DBA of an organization must identify the most serious threats and enforce security to take appropriate control actions to minimize these threats. Any individual user (a person) or a user group (group of persons) needing to access database system, applies to DBA for a user account. The DBA then creates an account number and password for user to access the database on the basis of legitimate need and policy of the organization.

  6. The user afterwards logs in to the DBMS using the given account number and password whenever database access is needed. The DBMS checks for the validity of the user's entered account number and password. Then the valid user is permitted to use the DBMS and access the database. DBMS maintains these two fields of user account number and password by creating an encrypted table.

  7. DBMS keeps on appending this table by inserting a new record whenever a new account is created. When the account is cancelled, the corresponding record is deleted from the encrypted table

  8. Threats to Database Security Threats to database security may be direct, for example, browsing, changing or stealing of data by an authorized user access. To ensure a secure database, all parts of the system must be secure including the database, the hardware, the operating system, the network, the users, and even the building and housing the computer systems.

  9. Some of the threats that must be addressed in a comprehensive database security plan are as follows: Loss of availability. Loss of data integrity. Loss of confidentiality or secrecy. Loss of privacy. Theft and fraud. Accidental losses.

  10. Loss of availability Loss of availabilitymeans that the data, or the system, or both cannot be accessed by the users. This situation can arise due to sabotage of hardware, networks or applications. The loss of availability can seriously cause operational difficulties and affect the financial performance of an organization. Almost all organizations are now seeking virtually continuous operation, the so called 24 x 7 operations, that is, 24 hours a day and seven days a week.

  11. Loss of data integrity Loss of data integritycauses invalid or corrupted data, which may seriously affect the operation of an organization. Unless data integrity is restored through established backup and recovery procedures, an organization may suffer serious losses or make incorrect and expensive decisions based on the wrong or invalid data.

  12. Loss of confidentiality Loss of confidentialityrefers to loss of protecting or maintaining secrecy over critical data of the organization, which may have strategic value to the organization. Loss of confidentiality could lead to loss of competitiveness.

  13. Loss of privacy Loss of privacyrefers to loss of protecting data from individuals. Loss of privacy could lead to blackmail, bribery, and public embarrassment, stealing of user passwords or legal action being taken against the organization

  14. Theft and fraud Theft and fraud affect not only the database environment but also the entire organization. Since these situations are related to the involvement of people attention should be given to reduce the opportunity for the occurrence of these activities. For example, control of physical security, so that unauthorized personnel are not able to gain access to the computer room, should be established.

  15. Another example of a security procedure could be establishment of a firewall to protect from unauthorized access to inappropriate parts of the database through outside communication links. This will hamper people who are intent on theft or fraud. Theft and fraud do not necessarily alter data, as is the case for loss of confidentiality or loss of privacy.

  16. Accidental losses Accidental lossescould be unintentional threats including human error, software and hardware-caused breaches. Operating procedures, such as user Authorization, uniform software installation procedures and hardware maintenance schedules, can be established to address threats from accidental losses

  17. Types of Database Security Issues Legal and ethical issues: System-related issues: Organization-based issues: Policy-based issues:

  18. Legal and ethical issues: This issue is related to the rights to access of an individual user or user groups to access certain information. Certain private information cannot be accessed legally by unauthorized persons

  19. System-related issues: In system-related issues, various security functions are enforced at system levels, for example, at physical hardware level, at the DBMS level, or at the operating system level.

  20. Organization-based issues: In this case, some organizations identify multiple security levels and categories the data and users based on classifications, such as top secret, secret, confidential and unclassified. In such cases, the security policy of the organization must be enforced with respect to permitting access to various classifications of data.

  21. Policy-based issues: At the institutional, corporate or government level, at times, there is a policy about information that can be shared or made public and that which cannot be shared

  22. Authorization and Authentication Authorization is the process of a granting of right or privilege to the user(s) to have a legitimate access to a system or objects (database table) of the system. It is the culmination of the administrative policies of the organization, expressed as a set of rules that can be used to determine which user has what type of access to which portion of the database. The process of Authorization involves authentication of user(s) requesting access to objects.

  23. Authentication is a mechanism that determines whether a user is who he or she claims to be. In other words, an authentication checks whether a user operating upon the database is, in fact, allowed doing so. It verifies the identity of a person (user) or program connecting to a database. The simplest form of authentication consists of a secret password which must be presented when a connection is opened to a database.

  24. Password-based authentication is widely used by operating systems as well as databases. For more secure scheme, especially in network environment, other authentication schemes are used such as challenge-response system, digital signatures and so on.

  25. Authorization and authentication controls can be built into the software. Authorization rules are incorporated in the DBMSs that restrict access to data and also restrict the actions that people may take when they access data. For example, a user or a person using a particular password may be authorized to read any record in a database but cannot necessarily modify any of those records. For this reason, Authorization controls are sometimes referred to as access controls.

  26. Following two types of access control techniques are used in database security system: Discretionary access control. Mandatory access control.

  27. DISCRETIONARY ACCESS CONTROL Discretionary access control (also called security scheme) is based on the concept of access rights (also called privileges) and mechanism for giving users such privileges. It grants the privileges (access rights) to users on different objects, including the capability to access specific data files, records or fields in a specified mode, such as, read, insert, delete or update or combination of these.

  28. A user who creates a database object such as a table or a view automatically gets all applicable privilege on that object. The DBMS keeps track of how these privileges are granted to other users. Discretionary security schemes are very flexible. However, it has certain weaknesses, for example, a devious unauthorized user can trick an authorized user into disclosing sensitive data

  29. Granting/Revoking Privileges Granting and revoking privileges to the users is the responsibility of database administrator (DBA) of the DBMS. DBA classifies users and data in accordance with the policy of the organization. DBA privileged commands include commands for granting and revoking privileges to individual accounts, users or user groups. It performs the following types of actions:

  30. Account creation: Account creation action creates a new account and password for a user or a group of users to enable them to access the DBMS. Privilege granting: Privilege granting action permits the DBA to grant certain privileges (access rights) to certain accounts.

  31. Privilege revocation: Privilege revoking action permits the DBA to revoke (cancel) certain privileges (access rights) that were previously given to certain accounts. Security level assignment: Security level assignment action consists of assigning user accounts to the appropriate security classification level.

  32. The account level privilege assignment: At the account level privilege assignment, the DBA specifies the particular privileges that each account holds independently of the relations in the database. The account level privileges apply to the capabilities provided to the account itself and can include the following in SQL: CREATE SCHEMA privilege : to create a schema CREATE TABLE privilege : to create a table, CREATE VIEW privilege : to apply schema changes such as

  33. ALTER privilege : adding or removing attributes from relations DROP privilege - : to delete relation or views MODIFY privilege : to delete, insert, or update Tuples SELECT privilege : to retrieve information from the database using SELECT query

  34. ALTER privilege : adding or removing attributes from relations DROP privilege : to delete relation or views MODIFY privilege : to delete, insert, or update Tuples SELECT privilege : to retrieve information from the database using SELECT query

  35. The relation (or table) level privilege assignment At relation or table level of privilege assignment, the DBA controls the privilege to access each individual relation or view in the database. Privileges at the relation level specify for each user the individual relations on which each type of command can be applied. Some privileges also refer to individual attributes (columns) of relations.

  36. Granting and revoking of relation privileges is controlled by assigning an owner account for each relation R in a database. The owner account is typically the account that was used when the relation was first created. The owner of the relation is given all privileges on the relation.

  37. In SQL, the following types of privileges can be granted on each individual relation R: SELECT privilege on R : to read or retrieve tuples from R MODIFY privileges on R : to modify (UPDATE, INSERT and DELETE) tuples of R REFERENCES privilege on R : to reference relationship R

  38. Audit Trails An audit trail is essentially a special file or database in which the system automatically keeps track of all operations performed by users on the regular data. It is a log of all changes (for example, updates, deletes, insert and so on) to the database, along with information such as which user performed the change and when the change was performed. In some systems, the audit trail is physically integrated with the transaction log, in others the transaction log and audit trail might be distinc

  39. A typical audit trail entry might contain the information as shown in Fig. The audit trail aids security to the database. For example, if the balance on a bank account is found to be incorrect, bank may wish to trace all the updates performed on the account, to find out incorrect updates, as well as the persons who carried out the updates.

  40. The bank could then also use the audit trail to trace all the updates performed by these persons, in order to find other incorrect updates. Many DBMSs provide built-in mechanisms to create audit trails. It is also possible to create an audit trail by defining appropriate triggers on relation updates using system-defined variables that identify the user name and time.

  41. MANDATORY ACCESS CONTROL Mandatory access control (also called security scheme) is based on system-wide policies that cannot be changed by individual users. It is used to enforce multi-level security by classifying the data and users into various security classes or levels and then implementing the appropriate security policy of the organization. Thus, in this scheme each data object is labeled with a certain classification level and each user is given a certain clearance level

  42. A given data object can then be accessed only by users with the appropriate clearance of a particular classification level. Thus, a mandatory access control technique classifies data and users based on security classes such as top secret (TS), secret (S), confidential (C) and unclassified (U) The DBMS determines whether a given user can read or write a given object based on certain rules that involve the security level of the object and the clearance of the user

  43. The commonly used mandatory access control technique for multi-level security is known as the Bel-LaPadula model. The Bel-LaPadula model is described in terms of subjects (for example, users, accounts, programs), objects (for example, relations or tables, tuples, columns, views, operations), security classes (for example, TS, S, C or U) and clearances. The Bel-LaPadula model classifies each subject and object into one of the security classifications TS, S, C or U.

  44. The security classes in a system are organized according to a particular order, with a most secure class and a least secure class. The Bel-LaPadula model enforces following two restrictions on data access based on the subject/object classifications: Simple security property: In this case, a subject S is not allowed read access to an object O unless classification of subject S is greater than or equal to classification of an object O. In other words Class (S) > class (O)

  45. Star security property (or *-property): In this case, a subject S is not allowed to write an object O unless classification of subject S is less than or equal to classification of an object O. In other words Class (S) <class (O)

  46. FIREWALLS A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. They are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

  47. Packet Filter: Packet filter looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is a fairly effective mechanism and transparent to users. Packet filter is also susceptible to IP spooling, which is a technique used to gain unauthorized access to computers by the intruders.

  48. Application Gateway: In an application gateway, security mechanism is applied to specific applications, such as File Transfer Protocol (FTP) and Telnet servers. This is very effective security mechanism

  49. Circuit-level Gateway: In circuit-level gateway, security mechanisms are applied when a Transport Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

More Related