SlideShare a Scribd company logo

Database Security - IK

Download as PPTX, PDF
I
Ilgın Kavaklıoğulları

This document discusses techniques for securing databases. It describes database security as protecting databases from threats to their confidentiality, integrity and availability. It identifies various threats such as unauthorized access, malware infections, and physical damage. It then outlines several layers of security controls that can be implemented, including access control, authentication, encryption, backups and application security. It emphasizes that database security requires a multifaceted approach including technical, administrative and physical controls.

Engineering
Related topics:
Database Security Overview Information Security
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Programming Techniques for Secure Code DATABASE SECURITY ILGIN KAVAKLIOĞULLARI 273213005
 Database: It is an organized collection of data.  Security: It is the degree of resistance to, or protection from, harm.  Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
Database Security - IK
Database security concerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.
Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers. Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services.
 Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended.  Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/ equipment failures and obsolescence.  Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities, data loss/corruption, performance degradation etc.  Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, sabotage/criminal damage etc.
Many layers and types of information security control are appropriate to databases, including:  Access control  Auditing  Authentication  Encryption  Integrity controls  Backups  Application security  Database Security applying Statistical Method
Databases have been largely secured against hackers through network security measures such as firewalls, and network-based intrusion detection systems. While network security controls remain valuable in this regard, securing the database systems themselves, and the programs/functions and data within them, has arguably become more critical as networks are increasingly opened to wider access, in particular access from the Internet.
Furthermore, system, program, function and data access controls, along with the associated user identification, authentication and rights management functions, have always been important to limit and in some cases log the activities of authorized users and administrators. In other words, these are complementary approaches to database security, working from both the outside-in and the inside-out as it were.
Many organizations develop their own "baseline" security standards and designs detailing basic security control measures for their database systems. These may reflect general information security requirements or obligations imposed by corporate information security policies and applicable laws and regulations, along with generally accepted good database security practices and perhaps security recommendations from the relevant database system and software vendors.
The security designs for specific database systems typically specify further security administration and management functions along with various business- driven information security controls within the database programs and functions. Furthermore, various security-related activities are normally incorporated into the procedures, guidelines etc. relating to the design, development, configuration, use, management and maintenance of databases.
Database Security - IK
Two types of privileges are important relating to database security within the database environment: system privileges and object privileges.  System Privileges System privileges allow a user to perform administrative actions in a database. These include privileges (as found in SQL Server) such as: create database, create procedure, create view, backup database, create table, create trigger, and execute.  Object Privileges Object privileges allow for the use of certain operations on database objects as authorized by another user. Examples include: usage, select, insert, update, and references.
One technique for evaluating database security involves performing vulnerability assessments or penetration tests against the database. Testers attempt to find security vulnerabilities that could be used to defeat or bypass security controls, break into the database, compromise the system etc. Database administrators or information security administrators may for example use automated vulnerability scans to search out misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software. The results of such scans are used to harden the database and close off the specific vulnerabilities identified, but other vulnerabilities often remain unrecognized and unaddressed.
In database environments where security is critical, continual monitoring for compliance with standards improves security. Security compliance requires, amongst other procedures, patch management and the review and management of permissions granted to objects within the database. Database objects may include table or other objects listed in the Table link. The permissions granted for SQL language commands on objects are considered in this process.
Compliance monitoring is similar to vulnerability assessment, except that the results of vulnerability assessments generally drive the security standards that lead to the continuous monitoring program. Essentially, vulnerability assessment is a preliminary procedure to determine risk where a compliance program is the process of on-going risk assessment. The compliance program should take into consideration any dependencies at the application software level as changes at the database level may have effects on the application software or the application server.
Database Security - IK
Application level authentication and authorization mechanisms may be effective means of providing abstraction from the database layer. The primary benefit of abstraction is that of a single sign-on capability across multiple databases and platforms. A single sign-on system stores the database user's credentials and authenticates to the database on behalf of the user.
Another security layer of a more sophisticated nature includes real-time database activity monitoring, either by analyzing protocol traffic (SQL) over the network, or by observing local database activity on each server using software agents, or both. Use of agents or native logging is required to capture activities executed on the database server, which typically include the activities of the database administrator. Agents allow this information to be captured in a fashion that can not be disabled by the database administrator, who has the ability to disable or modify native audit logs.
Analysis can be performed to identify known exploits or policy breaches, or baselines can be captured over time to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion. These systems can provide a comprehensive database audit trail in addition to the intrusion detection mechanisms, and some systems can also provide protection by terminating user sessions and/or quarantining users demonstrating suspicious behavior.
Some systems are designed to support separation of duties (SOD), which is a typical requirement of auditors. SOD requires that the database administrators who are typically monitored as part of the DAM, not be able to disable or alter the DAM functionality. This requires the DAM audit trail to be securely stored in a separate system not administered by the database administration group.
Database Security - IK
A good database security program includes the regular review of privileges granted to user accounts and accounts used by automated processes. For individual accounts a two-factor authentication system improves security but adds complexity and cost. Accounts used by automated processes require appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise.
In conjunction with a sound database security program, an appropriate disaster recovery program can ensure that service is not interrupted during a security incident, or any incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions. After an incident occurs, database forensics can be employed to determine the scope of the breach, and to identify appropriate changes to systems and processes.
The greatest threat to database security are non- tracked unauthorized changes by internal and external users. Algorithms based on cryptology and other statistical methods are deployed to both identify these events and report threats to administrators. Such shield DB approach maps large dataset into its small digital fingerprint which, is continuously updated with every change in main database by registered applications. Desired fingerprints are then matched with actual at preset intervals for identifying the changed locations in the main database, date and time of unauthorized changes, even made through privileged authority.
Database Security - IK

More Related Content

DOCX
Database security
Mehrdad Jingoism
 
PDF
A Review Report on Security Threats on Database
Shivnandan Singh
 
PDF
A1802030104
IOSR Journals
 
PPTX
Chapter 4 security part ii auditing database systems
jayussuryawan
 
PPTX
Database security
Birju Tank
 
PPTX
Database modeling and security
Neeharika Nidadavolu
 
PPS
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
PDF
Dynamic Access Control for RBAC-administered web-based Databases
Thitichai Sripan
 
Database security
Mehrdad Jingoism
 
A Review Report on Security Threats on Database
Shivnandan Singh
 
A1802030104
IOSR Journals
 
Chapter 4 security part ii auditing database systems
jayussuryawan
 
Database security
Birju Tank
 
Database modeling and security
Neeharika Nidadavolu
 
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Dynamic Access Control for RBAC-administered web-based Databases
Thitichai Sripan
 

What's hot (17)

DOCX
Poster
Rehab Abdallah
 
PPTX
Chapter 3 security part i auditing operating systems and networks
jayussuryawan
 
PPT
Chapter006
Jeanie Delos Arcos
 
PPTX
Network Security & Assured Networks: TechNet Augusta 2015
AFCEA International
 
PDF
IRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET Journal
 
DOCX
Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder
 
DOC
Csec 610 Motivated Minds/newtonhelp.com
amaranthbeg52
 
PPTX
Privileged Account Management - Keep your logins safe
Jens Albrecht
 
PDF
55994241 cissp-cram
bsnl007
 
PDF
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
IJERA Editor
 
PPTX
Chapter 11 Enterprise Resource Planning System
Muhammad Azmy
 
PPTX
Database security
MaryamAsghar9
 
PDF
McAfee CDCR Case Study
joepanora
 
PPT
Lecture week8
ismaelhaider
 
PDF
13 essential log_col_infog
huynhvanphuc
 
DOC
Cyb 610 Motivated Minds/newtonhelp.com
amaranthbeg55
 
PPT
Database administration and security
Mohd Arif
 
Poster
Rehab Abdallah
 
Chapter 3 security part i auditing operating systems and networks
jayussuryawan
 
Chapter006
Jeanie Delos Arcos
 
Network Security & Assured Networks: TechNet Augusta 2015
AFCEA International
 
IRJET- Analysis of using Software Defined and Service Coherence Approach
IRJET Journal
 
Carl Binder Resume Myrtle Beach address 1-24-17
Carl Binder
 
Csec 610 Motivated Minds/newtonhelp.com
amaranthbeg52
 
Privileged Account Management - Keep your logins safe
Jens Albrecht
 
55994241 cissp-cram
bsnl007
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
IJERA Editor
 
Chapter 11 Enterprise Resource Planning System
Muhammad Azmy
 
Database security
MaryamAsghar9
 
McAfee CDCR Case Study
joepanora
 
Lecture week8
ismaelhaider
 
13 essential log_col_infog
huynhvanphuc
 
Cyb 610 Motivated Minds/newtonhelp.com
amaranthbeg55
 
Database administration and security
Mohd Arif
 
Ad

Similar to Database Security - IK (20)

PPTX
Database Security, Threats & Countermeasures.pptx
SaqibAhmedKhan4
 
PDF
Database security
keerthusandeepreddy
 
PPT
Dstca
ajay vj
 
PPTX
Database security
afzaalkhalid1
 
PPTX
basic to advance network security concepts
amansinght675
 
PPTX
Database Security and Management Systems
IsmaelKakaRealsoft
 
PPTX
203135 Muhammad Usama.pptx
muhammadusama257191
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
PDF
security in database management system.
prajal
 
PPTX
Database security
Software Engineering
 
PDF
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
 
PPTX
Database Security
ShingalaKrupa
 
DOCX
Database Security—Concepts,Approaches, and ChallengesElisa
OllieShoresna
 
PPT
DB security
ERSHUBHAM TIWARI
 
PDF
5db-security.pdf
HODCA1
 
PPTX
Database Security Presentation Why database Security is important
Kamruzzamansohel2
 
PDF
How Organizations can Secure Their Database From External Attacks
Emmanuel Oshogwe Akpeokhai
 
PDF
Security Issues Surrounding Data Manipulation in a Relational Database
David Murphy
 
PPTX
Database security
Arpana shree
 
PPTX
Database security in database management.pptx
FarhanaMariyam1
 
Database Security, Threats & Countermeasures.pptx
SaqibAhmedKhan4
 
Database security
keerthusandeepreddy
 
Dstca
ajay vj
 
Database security
afzaalkhalid1
 
basic to advance network security concepts
amansinght675
 
Database Security and Management Systems
IsmaelKakaRealsoft
 
203135 Muhammad Usama.pptx
muhammadusama257191
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
security in database management system.
prajal
 
Database security
Software Engineering
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
 
Database Security
ShingalaKrupa
 
Database Security—Concepts,Approaches, and ChallengesElisa
OllieShoresna
 
DB security
ERSHUBHAM TIWARI
 
5db-security.pdf
HODCA1
 
Database Security Presentation Why database Security is important
Kamruzzamansohel2
 
How Organizations can Secure Their Database From External Attacks
Emmanuel Oshogwe Akpeokhai
 
Security Issues Surrounding Data Manipulation in a Relational Database
David Murphy
 
Database security
Arpana shree
 
Database security in database management.pptx
FarhanaMariyam1
 
Ad

More from Ilgın Kavaklıoğulları (11)

DOCX
Multi-Core on Chip Architecture *doc - IK
Ilgın Kavaklıoğulları
 
PPTX
Unified Parallel C - IK
Ilgın Kavaklıoğulları
 
PPTX
Computational Genomics - Bioinformatics - IK
Ilgın Kavaklıoğulları
 
PPTX
Normal Mapping / Computer Graphics - IK
Ilgın Kavaklıoğulları
 
PPTX
Agent-Based Technologies (Mobile-C) - IK
Ilgın Kavaklıoğulları
 
PPTX
Internet of Things (IoT) - IK
Ilgın Kavaklıoğulları
 
PPTX
Travelling Salesman Problem using Partical Swarm Optimization
Ilgın Kavaklıoğulları
 
PPTX
Socket Programming w/ C# - IK
Ilgın Kavaklıoğulları
 
PPTX
Robotics - IK
Ilgın Kavaklıoğulları
 
PPTX
Expert Systems - IK
Ilgın Kavaklıoğulları
 
PPTX
Business Intelligent Systems - IK
Ilgın Kavaklıoğulları
 
Multi-Core on Chip Architecture *doc - IK
Ilgın Kavaklıoğulları
 
Unified Parallel C - IK
Ilgın Kavaklıoğulları
 
Computational Genomics - Bioinformatics - IK
Ilgın Kavaklıoğulları
 
Normal Mapping / Computer Graphics - IK
Ilgın Kavaklıoğulları
 
Agent-Based Technologies (Mobile-C) - IK
Ilgın Kavaklıoğulları
 
Internet of Things (IoT) - IK
Ilgın Kavaklıoğulları
 
Travelling Salesman Problem using Partical Swarm Optimization
Ilgın Kavaklıoğulları
 
Socket Programming w/ C# - IK
Ilgın Kavaklıoğulları
 
Robotics - IK
Ilgın Kavaklıoğulları
 
Expert Systems - IK
Ilgın Kavaklıoğulları
 
Business Intelligent Systems - IK
Ilgın Kavaklıoğulları
 

Recently uploaded (20)

PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Project quality management in manufacturing
BarMusaTetik
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
web development for engineering and engineering
keshriji700
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Construction Project Organization Group 2.pptx
vj5agdales
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
Well-logging-methods_new................
ZafriFarid
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Welding lecture in detail for understanding
sahilpoonia10
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 

Database Security - IK

  • 1. Programming Techniques for Secure Code DATABASE SECURITY ILGIN KAVAKLIOĞULLARI 273213005
  • 2.  Database: It is an organized collection of data.  Security: It is the degree of resistance to, or protection from, harm.  Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
  • 4. Database security concerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.
  • 5. Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers. Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services.
  • 6.  Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended.  Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/ equipment failures and obsolescence.  Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities, data loss/corruption, performance degradation etc.  Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, sabotage/criminal damage etc.
  • 7. Many layers and types of information security control are appropriate to databases, including:  Access control  Auditing  Authentication  Encryption  Integrity controls  Backups  Application security  Database Security applying Statistical Method
  • 8. Databases have been largely secured against hackers through network security measures such as firewalls, and network-based intrusion detection systems. While network security controls remain valuable in this regard, securing the database systems themselves, and the programs/functions and data within them, has arguably become more critical as networks are increasingly opened to wider access, in particular access from the Internet.
  • 9. Furthermore, system, program, function and data access controls, along with the associated user identification, authentication and rights management functions, have always been important to limit and in some cases log the activities of authorized users and administrators. In other words, these are complementary approaches to database security, working from both the outside-in and the inside-out as it were.
  • 10. Many organizations develop their own "baseline" security standards and designs detailing basic security control measures for their database systems. These may reflect general information security requirements or obligations imposed by corporate information security policies and applicable laws and regulations, along with generally accepted good database security practices and perhaps security recommendations from the relevant database system and software vendors.
  • 11. The security designs for specific database systems typically specify further security administration and management functions along with various business- driven information security controls within the database programs and functions. Furthermore, various security-related activities are normally incorporated into the procedures, guidelines etc. relating to the design, development, configuration, use, management and maintenance of databases.
  • 13. Two types of privileges are important relating to database security within the database environment: system privileges and object privileges.  System Privileges System privileges allow a user to perform administrative actions in a database. These include privileges (as found in SQL Server) such as: create database, create procedure, create view, backup database, create table, create trigger, and execute.  Object Privileges Object privileges allow for the use of certain operations on database objects as authorized by another user. Examples include: usage, select, insert, update, and references.
  • 14. One technique for evaluating database security involves performing vulnerability assessments or penetration tests against the database. Testers attempt to find security vulnerabilities that could be used to defeat or bypass security controls, break into the database, compromise the system etc. Database administrators or information security administrators may for example use automated vulnerability scans to search out misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software. The results of such scans are used to harden the database and close off the specific vulnerabilities identified, but other vulnerabilities often remain unrecognized and unaddressed.
  • 15. In database environments where security is critical, continual monitoring for compliance with standards improves security. Security compliance requires, amongst other procedures, patch management and the review and management of permissions granted to objects within the database. Database objects may include table or other objects listed in the Table link. The permissions granted for SQL language commands on objects are considered in this process.
  • 16. Compliance monitoring is similar to vulnerability assessment, except that the results of vulnerability assessments generally drive the security standards that lead to the continuous monitoring program. Essentially, vulnerability assessment is a preliminary procedure to determine risk where a compliance program is the process of on-going risk assessment. The compliance program should take into consideration any dependencies at the application software level as changes at the database level may have effects on the application software or the application server.
  • 18. Application level authentication and authorization mechanisms may be effective means of providing abstraction from the database layer. The primary benefit of abstraction is that of a single sign-on capability across multiple databases and platforms. A single sign-on system stores the database user's credentials and authenticates to the database on behalf of the user.
  • 19. Another security layer of a more sophisticated nature includes real-time database activity monitoring, either by analyzing protocol traffic (SQL) over the network, or by observing local database activity on each server using software agents, or both. Use of agents or native logging is required to capture activities executed on the database server, which typically include the activities of the database administrator. Agents allow this information to be captured in a fashion that can not be disabled by the database administrator, who has the ability to disable or modify native audit logs.
  • 20. Analysis can be performed to identify known exploits or policy breaches, or baselines can be captured over time to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion. These systems can provide a comprehensive database audit trail in addition to the intrusion detection mechanisms, and some systems can also provide protection by terminating user sessions and/or quarantining users demonstrating suspicious behavior.
  • 21. Some systems are designed to support separation of duties (SOD), which is a typical requirement of auditors. SOD requires that the database administrators who are typically monitored as part of the DAM, not be able to disable or alter the DAM functionality. This requires the DAM audit trail to be securely stored in a separate system not administered by the database administration group.
  • 23. A good database security program includes the regular review of privileges granted to user accounts and accounts used by automated processes. For individual accounts a two-factor authentication system improves security but adds complexity and cost. Accounts used by automated processes require appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise.
  • 24. In conjunction with a sound database security program, an appropriate disaster recovery program can ensure that service is not interrupted during a security incident, or any incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions. After an incident occurs, database forensics can be employed to determine the scope of the breach, and to identify appropriate changes to systems and processes.
  • 25. The greatest threat to database security are non- tracked unauthorized changes by internal and external users. Algorithms based on cryptology and other statistical methods are deployed to both identify these events and report threats to administrators. Such shield DB approach maps large dataset into its small digital fingerprint which, is continuously updated with every change in main database by registered applications. Desired fingerprints are then matched with actual at preset intervals for identifying the changed locations in the main database, date and time of unauthorized changes, even made through privileged authority.