440 likes | 744 Views
DATABASE SECURITY. Learning outcomes. At the end of this chapter, you should be able to: Define terms related to Database Security Describe threats to data security Describe problems of database security and list techniques that are used to enhance security
E N D
Learning outcomes • At the end of this chapter, you should be able to: • Define terms related to Database Security • Describe threats to data security • Describe problems of database security and list techniques that are used to enhance security • Understand the role of databases in Sarbanes-Oxley compliance
Database Security • Database Security: Protection of the data against accidental or intentional loss, destruction, or misuse • Increased difficulty and time consuming due to Internet access and client/server technologies
Threats to Data Security Possible locations of data security threats
Threats to Data Security • Accidental losses, including human error, software and hardware caused breaches • Theft and fraud • Loss of privacy (personal data) • Loss of confidentiality (corporate data) • Loss of data integrity • Loss of availability (through, e.g. sabotage)
Threats to Data Security • Accidental losses, including human error, software and hardware caused breaches • Establishing operating procedures • User authorization • Uniform software installation procedures • Hardware maintenance schedule • Human error: • Some losses are inevitable, but well-thought-out policies and procedures should reduce the amount and severity of losses
Threats to Data Security • Theft and fraud • Activities done by people, quite possibly through electronic means, and may or may not alter data. • Physical security • Firewall • Loss of privacy or confidentiality • Loss of privacy: loss of protection of data about individuals • Loss of confidentiality: loss of protection of critical organizational data that may have strategic value to the organization
Threats to Data Security • Loss of data integrity • When data integrity is compromised, data will be invalid or corrupted • Can be restored through established backup and recovery procedures • Or else an organization may suffer serious losses or make incorrect and expensive decisions • Loss of availability • Sabotage of hardware, networks or applications • Virus: corrupt data or software or to render the system unusable • Installing antivirus • Update the antivirus regularly
Establishing Client/Server Security • Server security • Multiple servers need to be protected (incl. db server) • Secure area • Password, layers of protection against intrusion • Most DBMS database-level password security • In database server sole reliance on OS authentication should not be encouraged
Establishing Client/Server Security • Network security • Networks are susceptible to breaches of security through: • Eavesdropping • Unauthorized connections • Unauthorized retrieval of packets of information traversing the network • Encryption • Authentication • Audit trails • Routers
Application security issues in three-tier Client/Server Environments • Dynamic web page require access to the database • If database is not properly protected vulnerable to inappropriate access by any user • Privacy companies collect information on users
Application security issues in three-tier Client/Server Environments Web servers, Database servers Establishing Internet Security
Web Security • Static HTML files are easy to secure • Protection must be established for the HTML stored on a Web server • Standard database access controls • HTML files sensitive: placed in directories that are protected using OS security or they may be readable but not published in the directory
Web Security • Dynamic pages are harder • Web pages stored as a template • Appropriate and current data are inserted from the database or user input once any queries associated with the page are run • Web server must be able to access database • Connection usually requires full access to the database • Adequate server security is critical • Database server: physically secure • Execution of programs on the server should be controlled • User input could embed SQL commands: needs to be filtered • Access to data can also be controlled through user authentication security • Session security must be established • TCP/IP is not a very secure protocol encryption systems are essentialSecure Sockets Layer (SSL)
Web Security • Additional methods of Web Security: • Restrict the number of users on the Web Server • Restrict access to the Web Server: keeping a minimum number of ports open • Remove any unneeded programs that load automatically when setting up the server
Data Privacy • Protection of individual privacy when using the Internet IMPORTANT • Rights of the individual? • Individual privacy legislation: • Right to know what data have been collected • To correct any errors in those data • Amount of data exchanged continues to grow: • develop adequate data protection • Adequate provisions to allow the data to be used for legitimate legal purposes
Data Privacy • Individuals must guard their privacy rights and must be aware of the privacy implications of the tools they are using. • E.g.: cookies • At work: communication executed through employer’s machines and networks is not private • Internet: privacy of communication is not guaranteed • Encryption, anonymous remailers and built-in security mechanisms in software help to preserve privacy
Web Privacy • W3C has created a standard, the Platform for Privacy Preferences (P3P) that will communicate a Web site’s stated privacy policies and compare that statement with the user’s own policy preferences. • Addresses the following: • Who is collecting the data? • What information is being collected and for what purpose? • What information will be shared with others and who are those others? • Can users make changes in the way their data will be used by the collector? • How are disputes resolved? • What policies are followed for retaining data? • Where can the site’s detailed policies be found, in readable form?
Database Software Security Features • Views or sub schemas • Integrity controls • Authorization rules • User-defined procedures • Encryption • Authentication schemes • Backup, journalizing, and checkpointing
Views • Views • Subset of the database that is presented to one or more users • Created by using querying one or more of the base tables • User can be given access privilege to view without allowing access privilege to underlying tables • Example: Build a view that has sales by region information CREATE VIEW V_REGION_SALESAS SELECT A1.region_name REGION, SUM(A2.Sales) SALES FROM Geography A1, Store_Information A2 WHERE A1.store_name = A2.store_name GROUP BY A1.region_name
Views Table: Store_Information Table Geography SELECT * FROM V_REGION_SALES
Integrity Controls • Integrity Controls • Protect data from unauthorized use • Domains –set allowable values –can be used to create a user- defined data type • For example: • create domain money as INTEGER (2); • create domain order_ident as INTEGER; • create domain product_name as char (20); • create domain customer_name as char (20);
Integrity Controls • Assertions • enforce database conditions • Checked automatically by DBMS when transactions are run • If assertion fails, DBMS generates error message • E.g: Employee table has fields EmpID, EMpName, SupervisorID, SpouseID. Company rule: no employee may supervise his or her spouse SQL statement: CREATE ASSERTION SpousalSupervision CHECK (SupervisorID <> SpouseID);
Integrity Controls • Triggers • prevent inappropriate actions, invoke special handling procedures, write to log files • Routines that execute in response to a database event (INSERT, UPDATE, or DELETE) CREATE TRIGGER STANDARD_PRICE_UPDATE AFTER UPDATE OF STANDARD_PRICE ON PRODUCT_T FOR EACH ROW INSERT INTO PRICE_UPDATES_T VALUES (PRODUCT_DESCRIPTION, DATE, STANDARD_PRICE);
Authorization Rules • Controls incorporated in the data management system • Restrict: • access to data • actions that people can take when they access data • Authorization matrix for: • Subjects • Objects • Actions • Constraints
Authorization Rules Authorization matrix
Scenario • The HR Officer is allowed to insert data into the Staff salary record however the limit of salary entry is less than RM 21,000. • The Finance Executives are allowed to Modify Staff salary record, however they are only allowed to modify the claims approval section. • A program called DX234 is allowed to read the Students Personal record with no constraints.
Implementing authorization rules Authorization table for subjects (salespeople) Authorization table for objects (orders)
Create an authorization rule for Inventory Records – Subjects are: Salesperson, A/C Personnel, Inventory Clerks and Carpenters • Salesperson and accounts unit may read and modify these records. • The Inventory Clerks are allowed to do all tasks except Delete. • The Carpenter may only read the records.
Oracle Privileges • Privileges at database level or table level. • INSERT and UPDATE can be granted at column level
Authorization Rules • To grant the ability to read the product table and update prices to a user with the log in ID of SMITH. • SQL statement: GRANT SELECT, UPDATE (unit_price) ON PRODUCT_T TO SMITH
User Defined Procedures • Some DBMSs also provide capabilities for user-defined procedures to customize the authorization process • User exits or interfaces that allow system designers to define their own security procedures in addition to the authorization rules. • User procedure might be designed to provide positive user identification. • For example, User might be required to supply a procedure name in addition to a password • Valid password & correct procedure names: system calls the procedure which asks the user a series of questions whose answers should be known only to that user.
Encryption • The coding or scrambling of data so that humans cannot read them. • Used to protect highly sensitive data such as customer credit card numbers or account balances. • Two common forms of encryption: • One key: symmetric key: Data Encryption Standard (DES) • Uses the same key to encrypt and decrypt • Easy to understand and implement • Two key: Asymmetric key • Different keys to encrypt and decrypt (key pair) • One key is published (the public key) • Other key is kept secret (the private key) • Especially popular in e-commerce applications • Example: SSL – provide data encryptions, server authentication, and other services in TCP/IP connections.
Basic two-key encryption Secure Sockets Layer (SSL) is a popular encryption scheme for TCP/IP connections
Authentication Schemes • How to identify persons who are trying to gain access to a computer or its resources? • Goal – obtain a positive identification of the user • In electronic environment, user can prove by supplying: • Something the user knows: Password/PIN • Something the user possesses: Smart card/token • Some unique personal characteristics: biometrics (finger print or retinal scans) • Authentication schemes: • One-factor authentication • Two-factor authentication • Three-factor authentication • Depending on how many factors are employed
Authentication Schemes • First line of defense: One-factor • Passwords • Should be at least 8 characters long • Should combine alphabetic and numeric data • Should not be complete words or personal information • Should be changed frequently
Authentication Schemes • Strong Authentication • Passwords are flawed: • Users share them with each other • They get written down, could be copied • Automatic logon scripts remove need to explicitly type them in • Unencrypted passwords traverse a network • Possible solutions: • Two factor–e.g. atm card, PIN • Three factor–e.g. smart card, biometric, PIN • Biometric devices–use of fingerprints, retinal scans, etc. for positive ID • Third-party mediated authentication–using secret keys, digital certificates
Sarbanes-Oxley (SOX) • Designed to ensure the integrity of public companies’ financial statements. • Sufficient control and security over the financial systems and IT infrastructure • Requires companies to audit the access to sensitive data • SOX audit involves in three area of control: • IT change management • Logical access to data • IT operations • Audit starts with a walkthrough • Auditor will try to understand how the THREE areas are handled by the IT organization
Sarbanes-Oxley (SOX): IT Change Management • The process by which changes to operational systems and databases are authorized • For database, changes to: schema, database configuration, updates to DBMS software • Top deficiency found by SOX auditors: • Segregation of duties between people who had access to databases in the three common environments: development, test, production • SOX mandates: DBAs who have the ability to modify data in these environments must be different • Otherwise, other personnel should be authorized to do periodic reviews of database access by DBAs: use database audits
Sarbanes-Oxley (SOX): Logical Access to Data • Security procedures in place to prevent unauthorized access to the data • SOX perspective: • Who has access to what? • Who has access to too much? • Organizations must establish administrative policies and procedures • Two types of security policies and procedures: • Personnel controls • Physical access controls
Sarbanes-Oxley (SOX): Logical Access to Data • Personnel controls • Adequate controls of personnel must be developed and followed • Hiring practices, employee monitoring, security training, separation of duties • Physical access controls • Limiting access to particular areas within a building • Swipe cards, equipment locking, check-out procedures, screen placement, laptop protection
Sarbanes-Oxley (SOX): IT Operations • Policies and procedures for day-to-day management of infrastructure, applications, and databases in an organization • For databases: backup, recovery, availability • An area of control that helps to maintain data quality and availability: vendor management • Periodically review external maintenance agreements for hardware and software • Consider reaching agreements: organization can get access to source code should developer go out of business or stop supporting the programs
Information in this slides were taken from Modern Database Management System, Tenth edition by Jeffrey A.Hoffer, V.Ramesh & HeikkiTopi. END OF CHAPTER