1 / 17

Chapter 19 Security

Chapter 19 Security. Integrity Security Control computer-based non-computer-based PC security DBMS and Web security Risk Analysis Data protection and privacy laws. Integrity. Definition Consistent with constraints Types Entity Referential or existence Domain Enterprise. Security.

retap
Télécharger la présentation

Chapter 19 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 19Security • Integrity • Security • Control • computer-based • non-computer-based • PC security • DBMS and Web security • Risk Analysis • Data protection and privacy laws

  2. Integrity • Definition • Consistent with constraints • Types • Entity • Referential or existence • Domain • Enterprise

  3. Security • Threats • Theft & fraud • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability

  4. Countermeasures • Computer-based controls • Non-computer-based controls

  5. Computer-based Controls - 1 • Authorization & authentication • Password • Account number • Relations, users & right (CRUD) table • Subschema • Create views

  6. Computer-based Controls - 2 • Logs • Transaction logs • Violation logs (time, terminal, violation) • Check points • Backup (redundant array of independent disks - RAID) & recovery • Audit

  7. Computer-based Controls - 3 • Encryption or cryptosystem • Encryption key • Encryption algorithm • Decryption key • Decryption algorithm • Symmetric encryption (Data Encryption Standard (DES) • Asymmetric encryption (RSA)

  8. Example of Encryption - I • Divide text into groups of 8 characters. Pad with blank at end as necessary • Select an 8-characters key • Rearrange text by interchanging adjacent characters • Translate each character into an ordinal number with blank as 0, A as 1, B as 2… • Add the ordinal number of the key to the results • Divide the total by 27 and retain the remainder • Translate the remainder back into a character to yield the cipher text

  9. Example of Encryption - II • Message: DATA COM • Key: PROTOCOL • A D A T C M O • 01 04 01 20 03 00 13 15 (adatc mo) • 01 04 01 20 03 00 13 15 • 16 18 15 20 15 03 15 12 (protocol) • 17 22 16 40 18 03 28 27 (sum) • 17 22 16 13 18 03 01 00 remainder • Q V P M R C A SPACE

  10. Example of Decryption - I • Divide cipher text into groups of eight characters. Pad with blanks at end as necessary • Translate each cipher text alphabetic character and the encryption key into an ordinal number • For each group, subtract the ordinal number of the key value from the ordinal number of the cipher text • Add 27 to any negative number • Translate the number back to alphabetic equivalents • Rearrange the text by interchanging adjacent characters

  11. Example of Decryption - II • Q V P M R C A SPACE • 17 22 16 13 18 03 01 00 (qvpmrca ) • 17 22 16 13 18 03 01 00 • 16 18 15 20 15 03 15 12 (protocol) • 01 04 01 -7 03 00 -14 -12 (substract) • plus 27 27 27 27 • 01 04 01 20 03 00 13 15 • A D A T C M O • D A T A C O M

  12. Non-Computer-based Controls • Security policy • Contingency plan • Person, phone no., procedures • Site (cold, warm, or hot) • Personnel control • Reference • Termination • Training • Balance of duty • Escrow & maintenance agreements • Physical

  13. PC Security • Policy & procedure • Physical • Logical • Virus

  14. DBMS and Web Security • Proxy server: performance & filtering • Firewall: packet filter, application gateway, circuit level gateway, & proxy server • Digital signatures & Certificate Authority (CA) • Message digest algorithms and digital signature • Kerberos: centralized security server (certificate server • Secure Sockets Layer (SSL) for data & Secure HTTP for individual message • Secure Electronic Transaction (SET) for credit card & Secure Transaction Technology (STT) for bank payment

  15. Risk Analysis • Assets • Threats and risks • Countermeasures • Cost/benefit analysis • Testing

  16. Data Protection & Privacy Law

  17. Assignment • Review chapters 5-6, 11-13, and 18 • Read chapter 19 • Exam 3 • Date: 12/9/04 • Project • Normalization and Corrected EER diagram due date: 12/2/04 • SQL, corrected normalization, and EER diagram due date: 12/15/04 (MIS Department Office)

More Related