Embed Size (px)
Citation preview
DATABASE SECURITY
Learning outcomes
At the end of this chapter, you should be able to: Define terms related to Database Security Describe threats to data security Describe problems of database security and
list techniques that are used to enhance security
Understand the role of databases in Sarbanes-Oxley compliance
Database Security
Database Security: Protection of the data against accidental or intentional loss, destruction, or misuse
Increased difficulty and time consuming due to Internet access and client/server technologies
Threats to Data Security
Possible locations of data security threats
Threats to Data Security
1. Accidental losses, including human error, software and hardware caused breaches
2. Theft and fraud3. Loss of privacy (personal data)4. Loss of confidentiality (corporate
data)5. Loss of data integrity6. Loss of availability (through, e.g.
sabotage)
Threats to Data Security
Accidental losses, including human error, software and hardware caused breaches Establishing operating procedures
▪ User authorization▪ Uniform software installation procedures▪ Hardware maintenance schedule
Human error:▪ Some losses are inevitable, but well-thought-out
policies and procedures should reduce the amount and severity of losses
Threats to Data Security
Theft and fraud Activities done by people, quite possibly
through electronic means, and may or may not alter data.
Physical security Firewall
Loss of privacy or confidentiality Loss of privacy: loss of protection of data
about individuals Loss of confidentiality: loss of protection of
critical organizational data that may have strategic value to the organization
Threats to Data Security
Loss of data integrity When data integrity is compromised, data will
be invalid or corrupted Can be restored through established backup
and recovery procedures▪ Or else an organization may suffer serious losses or
make incorrect and expensive decisions Loss of availability
Sabotage of hardware, networks or applications Virus: corrupt data or software or to render the
system unusable▪ Installing antivirus▪ Update the antivirus regularly
Establishing Client/Server Security
Server security Multiple servers need to be protected
(incl. db server) Secure area Password, layers of protection against
intrusion Most DBMS database-level password
security In database server sole reliance on OS
authentication should not be encouraged
Establishing Client/Server Security
Network security Networks are susceptible to breaches of
security through:▪ Eavesdropping▪ Unauthorized connections▪ Unauthorized retrieval of packets of information
traversing the network Encryption Authentication Audit trails Routers
Application security issues in three-tier Client/Server Environments
Dynamic web page require access to the database If database is not properly protected
vulnerable to inappropriate access by any user
Privacy companies collect information on users
Application security issues in three-tier Client/Server Environments
Establishing Internet Security
Web servers, Database servers
Web Security
Static HTML files are easy to secureProtection must be established for the
HTML stored on a Web serverStandard database access controlsHTML files sensitive: placed in
directories that are protected using OS security or they may be readable but not published in the directory
Web Security
Dynamic pages are harderWeb pages stored as a template
Appropriate and current data are inserted from the database or user input once any queries associated with the page are run
Web server must be able to access database Connection usually requires full access to the database
Adequate server security is criticalDatabase server: physically secureExecution of programs on the server should be controlledUser input could embed SQL commands: needs to be
filteredAccess to data can also be controlled through user
authentication security Session security must be established TCP/IP is not a very secure protocol encryption systems
are essentialSecure Sockets Layer (SSL)
Web Security
Additional methods of Web Security:Restrict the number of users on the Web
ServerRestrict access to the Web Server:
keeping a minimum number of ports open
Remove any unneeded programs that load automatically when setting up the server
Data Privacy
Protection of individual privacy when using the Internet IMPORTANT
Rights of the individual? Individual privacy legislation:
Right to know what data have been collected To correct any errors in those data
Amount of data exchanged continues to grow: develop adequate data protection Adequate provisions to allow the data to be
used for legitimate legal purposes
Data Privacy
Individuals must guard their privacy rights and must be aware of the privacy implications of the tools they are using. E.g.: cookies
At work: communication executed through employer’s machines and networks is not private
Internet: privacy of communication is not guaranteed
Encryption, anonymous remailers and built-in security mechanisms in software help to preserve privacy
Web Privacy
W3C has created a standard, the Platform for Privacy Preferences (P3P) that will communicate a Web site’s stated privacy policies and compare that statement with the user’s own policy preferences. Addresses the following:
▪ Who is collecting the data?▪ What information is being collected and for what purpose?▪ What information will be shared with others and who are those
others?▪ Can users make changes in the way their data will be used by
the collector?▪ How are disputes resolved?▪ What policies are followed for retaining data?▪ Where can the site’s detailed policies be found, in readable
form?
Database Software Security Features
• Views or sub schemas• Integrity controls• Authorization rules• User-defined procedures• Encryption• Authentication schemes• Backup, journalizing, and
checkpointing
Views
ViewsSubset of the database that is presented to one or more usersCreated by using querying one or more of the base tablesUser can be given access privilege to view without allowing
access privilege to underlying tablesExample: Build a view that has sales by region
informationCREATE VIEW V_REGION_SALES
AS SELECT A1.region_name REGION, SUM(A2.Sales) SALES
FROM Geography A1, Store_Information A2WHERE A1.store_name = A2.store_nameGROUP BY A1.region_name
Views
store_name
Sales
Date
Los Angeles
1500 Jan-05-2008
San Diego
250 Jan-07-2008
Los Angeles
300 Jan-08-2008
Boston 700 Jan-08-2008
region_name store_name
East Boston
East New York
West Los Angeles
West San Diego
Table: Store_Information Table Geography
SELECT * FROM V_REGION_SALES
REGION
SALES
East 700
West 2050
Integrity Controls
Integrity Controls Protect data from unauthorized use Domains – set allowable values
– can be used to create a user- defined data type For example:
▪ CREATE DOMAIN money AS INTEGER (2);▪ CREATE DOMAIN order_ident AS INTEGER;▪ CREATE DOMAIN product_name AS CHAR (20);▪ CREATE DOMAIN customer_name AS CHAR (20);
Integrity Controls
Assertions enforce database conditions Checked automatically by DBMS when transactions
are run If assertion fails, DBMS generates error message E.g: Employee table has fields EmpID, EMpName,
SupervisorID, SpouseID. Company rule: no employee may supervise
his or her spouseSQL statement:
CREATE ASSERTION SpousalSupervisionCHECK (SupervisorID <> SpouseID);
Integrity Controls
Triggers prevent inappropriate actions, invoke special
handling procedures, write to log files Routines that execute in response to a
database event (INSERT, UPDATE, or DELETE)
CREATE TRIGGER STANDARD_PRICE_UPDATEAFTER UPDATE OF STANDARD_PRICE ON PRODUCT_TFOR EACH ROWINSERT INTO PRICE_UPDATES_T VALUES(PRODUCT_DESCRIPTION, DATE, STANDARD_PRICE);
Authorization Rules
Controls incorporated in the data management system
Restrict: access to data actions that people can take when they
access data Authorization matrix for:
Subjects Objects Actions Constraints
Authorization Rules
Authorization matrix
Scenario
The HR Officer is allowed to insert data into the Staff salary record however the limit of salary entry is less than RM 21,000.
The Finance Executives are allowed to Modify Staff salary record, however they are only allowed to modify the claims approval section.
A program called DX234 is allowed to read the Students Personal record with no constraints.
Authorization table for subjects (salespeople)
Authorization table for objects (orders)
Implementing authorization rules
Create an authorization rule for Inventory Records – Subjects are: Salesperson, A/C Personnel, Inventory Clerks and Carpenters
Salesperson and accounts unit may read and modify these records.
The Inventory Clerks are allowed to do all tasks except Delete.
The Carpenter may only read the records.
Authorization table for object
Oracle Privileges
Privileges at database level or table level.
INSERT and UPDATE can be granted at column level
Authorization Rules
To grant the ability to read the product table and update prices to a user with the log in ID of SMITH.
SQL statement:GRANT SELECT, UPDATE
(unit_price) ON PRODUCT_T TO SMITH
User Defined Procedures
Some DBMSs also provide capabilities for user-defined procedures to customize the authorization process
User exits or interfaces that allow system designers to define their own security procedures in addition to the authorization rules.User procedure might be designed to provide positive
user identification.For example, User might be required to supply a
procedure name in addition to a passwordValid password & correct procedure names: system calls
the procedure which asks the user a series of questions whose answers should be known only to that user.
Encryption
The coding or scrambling of data so that humans cannot read them.
Used to protect highly sensitive data such as customer credit card numbers or account balances.
Two common forms of encryption: One key: symmetric key: Data Encryption Standard (DES)
▪ Uses the same key to encrypt and decrypt▪ Easy to understand and implement
Two key: Asymmetric key▪ Different keys to encrypt and decrypt (key pair)▪ One key is published (the public key)▪ Other key is kept secret (the private key)▪ Especially popular in e-commerce applications▪ Example: SSL – provide data encryptions, server authentication, and other
services in TCP/IP connections.
Secure Sockets Layer (SSL) is a popular encryption scheme for TCP/IP connections
Basic two-key encryption
Authentication Schemes
How to identify persons who are trying to gain access to a computer or its resources?
Goal – obtain a positive identification of the user In electronic environment, user can prove by
supplying: Something the user knows: Password/PIN Something the user possesses: Smart card/token Some unique personal characteristics: biometrics
(finger print or retinal scans) Authentication schemes:
One-factor authentication Two-factor authentication Three-factor authenticationDepending on how many factors are employed
Authentication Schemes
First line of defense: One-factorPasswords
Should be at least 8 characters longShould combine alphabetic and numeric
dataShould not be complete words or
personal informationShould be changed frequently
Authentication Schemes
Strong AuthenticationPasswords are flawed:
Users share them with each otherThey get written down, could be copiedAutomatic logon scripts remove need to explicitly type them inUnencrypted passwords traverse a network
Possible solutions:Two factor–e.g. atm card, PINThree factor–e.g. smart card, biometric, PINBiometric devices–use of fingerprints, retinal
scans, etc. for positive IDThird-party mediated authentication–using
secret keys, digital certificates
Sarbanes-Oxley (SOX) Designed to ensure the integrity of public
companies’ financial statements. Sufficient control and security over the financial systems
and IT infrastructure Requires companies to audit the access to
sensitive data SOX audit involves in three area of control:
IT change management Logical access to data IT operations
Audit starts with a walkthrough Auditor will try to understand how the THREE areas are
handled by the IT organization
Sarbanes-Oxley (SOX): IT Change Management The process by which changes to operational
systems and databases are authorized For database, changes to: schema, database
configuration, updates to DBMS software Top deficiency found by SOX auditors:
Segregation of duties between people who had access to databases in the three common environments: development, test, production
SOX mandates: DBAs who have the ability to modify data in these environments must be different Otherwise, other personnel should be authorized to do periodic
reviews of database access by DBAs: use database audits
Sarbanes-Oxley (SOX): Logical Access to Data
Security procedures in place to prevent unauthorized access to the data
SOX perspective: Who has access to what? Who has access to too much?
Organizations must establish administrative policies and procedures
Two types of security policies and procedures: Personnel controls Physical access controls
Sarbanes-Oxley (SOX): Logical Access to Data
Personnel controls Adequate controls of personnel must be
developed and followed Hiring practices, employee monitoring,
security training, separation of duties Physical access controls
▪ Limiting access to particular areas within a building
▪ Swipe cards, equipment locking, check-out procedures, screen placement, laptop protection
Sarbanes-Oxley (SOX): IT Operations
Policies and procedures for day-to-day management of infrastructure, applications, and databases in an organization
For databases: backup, recovery, availability An area of control that helps to maintain data
quality and availability: vendor management Periodically review external maintenance
agreements for hardware and software Consider reaching agreements: organization can
get access to source code should developer go out of business or stop supporting the programs
Information in this slides were taken from Modern Database Management System, Tenth edition by Jeffrey
A.Hoffer, V.Ramesh & Heikki Topi.
END OF CHAPTER
