Upload
santosh-timilsina
View
215
Download
0
Embed Size (px)
Citation preview
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
1/8
1
Project Title: Different Methodology to Secure the Database
Students Name and Id: Santosh Timilsina 11069922/1
1st
Supervisor name: Mr Tashi Wangdue
2nd Supervisor: Mr Prakash Shrestha
Date Approved: 13th Nov, 2011
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
2/8
2
Abstract
This gives the overview of database backup and recovery methodology used in the Global
Bank Ltd, Nepal. A exploratory study is being carried out in the bank in different steps. This
report also gives the information to the reader on the progress of the case study as per theProject Specification.
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
3/8
3
Table of Content
1. Introduction 1-12. Background/ Context 2-3
2.1 Database Backup Method 2-2
2.2 Database Recovery Method 3-3
3. Development 4-5
3.1 Different Activities in the development process 4-5
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
4/8
4
1. IntroductionDatabase security is the matter of high priority for organizations that maintains their own
database. To secure the database these organizations develop their own security standards and
designs describing the basic security control measures for their database systems. These may
reflect general information security requirements or obligations imposed by corporate
information security policies and applicable laws and regulations (e.g. concerning privacy,
financial management and reporting systems), along with generally-accepted good database
security practices (such as appropriate hardening of the underlying systems) and also security
recommendations from the relevant database system and software vendors. The security
designs specify further security administration and management functions such as
administration and reporting of user access rights, log management and analysis, database
replication/synchronization and backups etc.
Among different methodology used to secure the database, this report gives the overview
regarding the case study of database backup and recovery methodology used, in the context
of a bank in Nepal.
Banks store their data in a different drive and also store the same data in a Disaster
Recovery (DR) site,said Suresh Karna(2011), chief information officer of Kumari Bank.
Banks maintain regular backup of their databases. This report gives details the database
backup and recovery practice and procedures followed by the Global Bank Ltd, Nepal based
on the preliminary investigation done in the IT-Department of the bank located in
Panipokhari, Kathmandu, Nepal.
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
5/8
5
2. Background/ContextGlobal Bank Limited is a national level commercial bank with more than 50 branches
operating in different places within the country. M millions of transactions are done daily
with the customer through the different branches. The Bank uses FINACLE as the front end
(Banking Software) and Database is maintained using Oracle 10g as the backend.
The Central IT department of the Bank is located at its central office, in Panipokhari,
Kathmandu which is responsible for acquisition, maintenance, and monitoring information
and communication Technology infrastructure of the bank. Its database is maintained in this
department.
The main database (Oracle 10g) is centrally maintained and installed in the Linux (Redhat
Enterprise Linux-5(RHE-5)) machine in the Central IT Department. It is connected to all
other computers and terminals (ATMs) at different location through Virtual Private Network
(VPN). During the transactions all the terminals and computers inquire the central database.
2.1 Database Backup Method
At the end of each day transactions, Cold Backup is taken in the tape. Simultaneously online
backup is also taken. This process of data backup is time consuming as the data to be backup
crosses 80 GB in size.
The Data backup strategies of the bank Specify to use all three types of backup methods
simultaneously:
y Full backup. Entire system (such as all volumes composed server) or user specifieddata on all the documents are maintained once at end of a month.
y Incremental backup. Incremental backup is maintained daily which only stores thenewly created or updated data since the last backup operation.
y Differential backup. Simultaneously, Differential backup is used to stores all ofnew and updated data generated after a full backup.
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
6/8
6
2.2 Database Restore method
However, a variety of strategies may be used to facilitate system recovery when problems
occur, the security design of the bank specify mirroring and reprocessing approach.
y Mirroring. It involves making frequent simultaneous copies of a database to ensurethat two or more copies are maintained in different locations at all times. The bank
maintains a duplicate server in the same branch in a different machine.
y Reprocessing. It involves going back to a known point of database activity before theproblem occurred and reprocessing work from that point forward. It is done using the
backup maintained as mentioned above.
Thus, Global Bank Ltd maintains central database with mirroring, in it Central IT department
and all the other computers and terminals (ATM ) communicate with the central database
through Virtual Private Network (VPN). It maintains regular backup of its databases online
and offline.
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
7/8
7
3. Development
A quantitative case study will be carried out to explore the database backup and Recovery
methodology being used in the Global Bank Ltd. A systematic approach of investigation will
be carried at the Central IT department of the bank to know about the current structure of
database backup and recovery policy adopted and all the scenario database problem are
logged with the view to examine how the database backup and recover methodology helped
to overcome the problems. All the findings are validating in a testing environment developed
in the process of the case study.
3.1 Different Activities in the development process
The case study will be carried as a sequence of activities listed below:
y Feasibility study of project, Selection of Client(place of case study) andPreliminary Investigation: The project is to do a exploratory study on the database
backup and recovery method among the different method to secure database. The
client was chosen which Global Bank Ltd. is I visited the IT department of the bank
located in, Panipokhari, Kathmandu along with the recommendation letter provided
by my college. I get the permission with the IT head there for my case study. I
enquired about the way they deploy the database backup and recovery in the Bank.
y Extensive Literature Review: Literature review is integral part of entire researchprocess as it bring clarity and focus to the subject matter of case study , broaden yourknowledge and helpful to contextualise our findings. Thus, I decided to go through
Books and Journals. Further I am taking the training of Oracle DBA.
y Developing the objectives: After the completion of extensive literature I willdevelop sufficient knowledge in the required field of case study which will be helpful
to set clear goals and objectives. A list of objective will be developed which will
guide through the case study.
y Preparing the Research Design: In this stage, a problem log form, and maintenancelog form will be designed to keep the log of database problems and the steps done to
overcome the problem. Further, a testing environment will be installed for the testing
and validation of the maintenance log
y Collecting the Data: Data of the database problem is maintained in the Problem logand the information of steps taken to overcome the problems are maintained in the
8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11
8/8
8
maintenance log. This data collection is done through observation and inquiry for
some weeks as mentioned in the project plan.
y Analysis of Data: Simultaneously with the maintenance log, the problem andmaintenance note is tested in the testing environment and logged.
y Generalisation and Interpretation: The facts and figures thus derived from thecollection and analysis of data is generalised and interpreted. I t will be presented in
different forms
y Preparation of the Report or Presentation of Results: Finally all the findings areturned into report.
Currently the Feasibility study, selection of client and Preliminary investigation is finished
based on that extensive literature review is being carried out. In the extensive literature
review stages the books and journal review is finished and training on Oracle DBA is at the
last stage.