Database security
Download as PPTX, PDF40 likes41,599 views
The document discusses database security. It begins by outlining key topics like what database security is, why it is needed, and concepts like confidentiality, integrity and availability. It then covers specific security problems like threats from authorized and unauthorized users. The document concludes by describing some security controls that can be implemented, such as authorization, encryption, authentication, firewalls, and access privileges for reading, inserting, updating and deleting data.
Database security
- 1. A Presentation by : Amir Khanzada Roll No: 2k11/SWE/24 1
- 2. OUTLINE Overview To Database Security. What is Database Security Why need of database security. Concepts of Database Security. Security Problems Security Controls 2
- 3. Mobile Computer Vehicles OVERVI EW In today’s world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. 3
- 4. What is database Database: security? It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats. 4
- 5. Definition of Database Security Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected 5
- 6. Why need of database security? If there is no security to database what happens??? Data will be easily corrupted It is important to restrict access to the database from authorized users to protect sensitive data. 6
- 7. Concepts of Database Security Three are 3 main aspects 1. Secrecy or Confidentiality 2. Integrity 3. Availability 7
- 8. SECRECY / It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. 8
- 9. 9 INTEGRITY Protecting the database from authorized users. Ensures that what users are trying to do is correct. For examples, An employee should be able to modify his or her own information.
- 10. 10 AVAILABILITY Database must have not unplanned downtime. To ensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessions made available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.
- 12. Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. There are two kinds of threat. Non-fraudulent Threat fraudulent Threat 12
- 13. 1. Non-fraudulent Threat Natural or accidental disasters. Errors or bugs in hardware or software. Human errors. 2. fraudulent Threat Authorized users Those who abuse their privileges and authority. Hostile agents Those improper users (outsider or insiders). who attack the software and/or hardware system, or read or write data in a database. 13
- 14. DATABASE PROTECTION REQUIREMENTS 1. Protection from Improper Access 2. Protection from Inference 3. Integrity of the Database 4. User Authentication 5. Multilevel Protection 6. Confinement 7. Management and Protection of Sensitive Data 14
- 16. Authorization - privileges, views. Encryption - public key / private key, secure sockets. Authentication – passwords. Logical - firewalls, net proxies. 16
- 17. A FIREWALL is dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of software that monitors all traffic that goes from your system to another via the Internet or network and Vice Versa Database Firewalls are a type ofWeb Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. 17
- 18. 18
- 19. Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns. Encrypted data is decrypted for a database user who has access to the data. Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 19
- 20. As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen. You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user. Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part. Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 20
- 21. Read authorization - allows reading, but not modification of data Insert authorization - allows insertion of new data, but not modification of existing data. Update authorization - allows modification, but not deletion of data. Delete authorization - allows deletion of data 21
- 22. select: allows read access to relation, or the ability to query using the view insert: the ability to insert tuples update: the ability to update using the SQL update statement delete: the ability to delete tuples. 22
- 23. With grant option: allows a user who is granted a privilege to pass the privilege on to other users. Example: grant select on branch to U1 with grant option gives U1 the select privileges on branch and allows U1 to grant this privilege to others 23
- 24. 24