html5-img
1 / 40

Database Security

Database Security. Based on Chapter 18 in Database Systems, Connolly and Begg. Database As Asset. The collection, organization and maintenance of data can be a difficult, time-consuming task. Thus, the information contained in a company’s database should be viewed as one of its assets .

menefer
Télécharger la présentation

Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Database Security Based on Chapter 18 in Database Systems, Connolly and Begg

  2. Database As Asset • The collection, organization and maintenance of data can be a difficult, time-consuming task. • Thus, the information contained in a company’s database should be viewed as one of its assets. • Thus the database needs to be protected as much as any other asset (if not more than other assets).

  3. Security Policy • Information must be seen as part of a company’s assets and thus worth securing. • On the other hand, if the information is not accessible to an appropriate set of people, it is worthless. • Thus security and accessibility must be balanced. There is no ideal blend that is right for all companies. • An important step toward securing a network is to develop a security policy.

  4. Security policy • A security policy is a written document stating how a company intends to protect its information. • While written, it must be flexible so it can adapt to changes in technology and so forth. • A security policy might include • A description of who has access to what information and for what use. • A description of security measurements and penalties for the violation thereof. • An evaluation procedure. • A policy for educating users.

  5. Security Aspects • Some aspects of data security to address are • Integrity: the data should be protected from corruption (accidental or intentional). • Availability: the data should be readily accessible by designated users. • Confidentiality: the company’s data should not be accessible by undesignated users. • Privacy: in some situations it is the user’s data that requires protecting. • Theft and Fraud: taking the information itself may be seen as theft or altering the data may be a mechanism for theft

  6. Threat Assessment • One should examine the database and the way it is used, looking for threats to the databases. • Threats are problems that might occur. • Threats may be intentional, for example, hackers. • Threats may be accidental, for example, server going down.

  7. Threat Examples • Using another person’s means of access • Unauthorized amendment or copying of data • Program alteration • Inadequate policies and procedures that allow a mix of confidential and normal output • Wire tapping • Illegal entry by hacker • Blackmail • Creating ‘trapdoor’ into system • Theft of data, programs and equipment • Failure of security mechanisms, giving greater access than normal

  8. Threat Examples (Cont.) • Staff shortages or strikes • Inadequate staff training • Viewing and disclosing unauthorized data • Electronic interference and radiation • Data corruption owing to power loss or surge • Fire (electrical fault, lightning strike, arson), flood, bomb • Physical damage to equipment • Breaking cables or disconnection of cables • Introduction of viruses

  9. Threat Examples Diagram

  10. Countermeasures • Countermeasures are actions taken to prevent, oppose or retaliate for some specific action. • Securing a database and the network it is on involves implementing countermeasures for the threats posed.

  11. Countermeasure Diagram

  12. Authorization • Authorization: what a user (or application) is allowed to do, i.e. what privileges he has. • Database actions: • SELECT: can query data • UPDATE: can change data • INSERT: can add new data • DELETE: can eliminate data

  13. Encoding Privileges • These privileges are assigned a bit in a code • SELECT: 0001 • UPDATE: 0010 • INSERT: 0100 • DELETE: 1000 • The privileges can be assigned to a user field by field. • E.g. a given user may be permitted to insert a new employee record and update most of the employee fields but may not be permitted to update or even select (query) the salary field.

  14. Authentication • Authorization is meaningless without authentication. • Authentication: the attempt to determine that a user is who he or she claims to be so the correct privileges can be granted. • Typically done using passwords, but may also involve biometric devices or possessed objects.

  15. Views (Subschemas) • A view is a like a table in which only the data a user is allowed to see has been projected and/or selected out. • The chair can view some of the data fields (projection) on members of her department (selection) • Views are generated dynamically from the tables involved.

  16. Backups • A backup is a copy of a file or files, in our case database files. It is to be used if the original becomes damaged in some way. • The database should be restored to a “consistent state.” • A backup should be made on a separate medium (disk or tape) and preferably stored at a separate location.

  17. Data vaulting • Data vaulting(a.k.a. remote backup service RBS) is the sending of data off premises so that it is protected from threats, such as hardware failure, theft, etc. • There are companies that provide this service. They compress, encrypt, and periodically backup, move the customer's data and store it at their location. • These companies should have good security and reliable equipment.

  18. Cloud Computing • Many companies are currently coming to grips with the notion of “cloud computing”. • Certain services, including aspects of maintaining a company’s database, can be handled by another company with access to the data and/or computer power provided over the network on an “as needed” basis. • One of the big issues is security. What does it mean for someone else to have your company’s data? Perhaps they are better at securing it than your company could be. ??

  19. Log Files • A log fileis a record of the transactions performed on a database. • There may have been transactions on the database since it was last backed up. The log file can be used to used to update the backup database to a more recent state. • The keeping of a log file is also known as journaling.

  20. Cryptography • One way to secure data, be it in storage or in transit, is encryption. • Encryption coverts information in its usual readable form (called plaintext) to information in an encoded, unreadable form (called cyphertext). • PGP (Pretty Good Privacy) program: a good encrypter that works with most email systems

  21. Encryption • The data is stored or transmitted in binary (numerical) form. • To encrypt data one applies some mathematical operation to it. • The mathematical operation should have an inverse so that one can recover the original data (decrypt the message). • Reversible encoding • The mathematical operation often has a parameter (known as a key in encryption) which specifies the precise operation within a family of operations.

  22. Caesar Shift Example • The Caesar shift is an early form of encryption. • The mathematical operation is addition. • The key (parameter) is the amount added, e.g. 3 • CAT  FDW (ASCII for C + 3 is ASCII for F) • The inverse operation is subtraction which uses the same key. • FDW  CAT (ASCII for F - 3 is ASCII for C)

  23. Symmetric vs Asymmetric encryption • Caesar shift is an example of a symmetricencryption, that is one is which the encoding and decoding operations are essentially the same, and knowledge of the encoding key implies knowledge of the decoding key. • When this is not the case, the encryption is said to be asymmetric.

  24. Symmetric vs Asymmetric encryption (Cont.) • Asymmetric schemes are more secure but require more time for coding and decoding. • Often secure communication uses a combination of asymmetric and symmetric. • The key to the symmetric encryption is sent using asymmetric encryption. • Then the bulk of the communication uses symmetric encryption.

  25. Public Key Encryption • In asymmetric encryption, the parameters for the mathematical operation and its inverse are not the same. Then one is said to have two keys. • For purposes of encryption, it is ideal if knowledge of one of the parameters (keys) does not lead to knowledge of the other. • Such a mathematical operation is the basis for public key encryption.

  26. Public Key/Private Key • A user is assigned two keys (a private key and a public key). • The private key should be known only to the user. • The public key is published along with the user’s name. • Someone can send the user a private message by using the public key to encrypt, then the user is the only person (presumably) who can decrypt the message.

  27. Digital signature • Use this process in reverse. • The user encrypts the message with the private key. • Anyone with the users’ public key can decrypt it. • BUT since the user’s public key decoded the message, the message must have come from the user. • This does not give privacy but authentication.

  28. Double Key Encryption • To have a private and authenticated transaction use two keys. • Mary encrypts a message with John’s public key and then does a second encryption using her private key. • The message must be decrypted using Mary’s public key (we know it’s from Mary) and further decrypted using John’s private key (only John can do this).

  29. Digital Certificate/Certificate Authority • If the two parties don’t know each other, a third party that both trust, the certificate authority, acts as a verifier. The verification is done using a digital certificate.

  30. RSA • RSA is an encryption/authentication scheme developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. • RSA is owned by RSA Security. The company licenses the algorithm technologies and also sells development kits.

  31. kerberos • An authentication system developed at the Massachusetts Institute of Technology. • Kerberos allows two users to exchange private messages across an open network. • It works by assigning a unique key, called a ticket, to each user that logs on to the network. The ticket is then embedded in messages to identify the sender of the message.

  32. Firewalls • A firewall guards the perimeter of a network, all traffic flows through and is examined by the firewall. • The earliest firewalls performed a packet filtering service. • If sending packets is analogous to sending mail then a having a firewall is analogous to having the mail censored. • Certain packets are not allowed in based on their content or source; certain packets are not allowed out based on their content or destination.

  33. Firewall • A firewall can help centralize part of a network’s security effort. • A firewall can prevent • outsiders from probing all computers in an organization • flooding the network with unwanted traffic • attacking a computer by causing it to crash.

  34. Packet filter

  35. Firewall • The firewall working closely with the router, it examines each packet to determine whether or not to forward it. • The filtering may be based on any number of criteria: • Source or destination IP address • Allow only certain addresses or rule out certain addresses • Direction • Service type (FTP, SMTP, telnet, etc., identified by port number) • Time

  36. Firewall • A firewall can also maintain an audit trail (log file). • A firewall can be trained to look for virus signatures. • The firewall can scan for tokens or tickets which authenticate users. • A pair of firewalls can agree on an encryption scheme, for instance if two private networks are connected by a public line (a virtual private network).

  37. Tele-commuting • The importance of VPN’s is growing as more companies support the ideas of employees working from home or small satellite locations. • In principle, VPN’s deliver the same network accessibility and security that would be available at the on-site location.

  38. Proxy server • A proxy is somebody who is authorized to stand in for somebody else. • A proxy server stands in for the client on a private network in that when the client makes a request of a server outside the network, the request is made of the proxy server, the proxy server then makes the request of the destination — that is, it stands in for the client. • The reply is then passed from the proxy to original client. • This way the destination does not learn the address of the true client, only that of the proxy.

  39. Caching too • The proxy server hides the private network’s addresses. • Another benefit of a proxy is that it can cache results for the entire network. Like any host client, it checks its cache before requesting something. But the proxy had made the requests for all of the computers on the network.

  40. Other References • http://www.webopedia.com • http://www.whatis.com • Computer Dictionary, Shnier • Database Systems, Rob and Coronel

More Related