FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11

8/3/2019 FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11

1/8

1

Project Title: Different Methodology to Secure the Database

Students Name and Id: Santosh Timilsina 11069922/1

1st

Supervisor name: Mr Tashi Wangdue

2nd Supervisor: Mr Prakash Shrestha

Date Approved: 13th Nov, 2011


2/8

2

Abstract

This gives the overview of database backup and recovery methodology used in the Global

Bank Ltd, Nepal. A exploratory study is being carried out in the bank in different steps. This

report also gives the information to the reader on the progress of the case study as per theProject Specification.


3/8

3

Table of Content

1. Introduction 1-12. Background/ Context 2-3

2.1 Database Backup Method 2-2

2.2 Database Recovery Method 3-3

3. Development 4-5

3.1 Different Activities in the development process 4-5


4/8

4

1. IntroductionDatabase security is the matter of high priority for organizations that maintains their own

database. To secure the database these organizations develop their own security standards and

designs describing the basic security control measures for their database systems. These may

reflect general information security requirements or obligations imposed by corporate

information security policies and applicable laws and regulations (e.g. concerning privacy,

financial management and reporting systems), along with generally-accepted good database

security practices (such as appropriate hardening of the underlying systems) and also security

recommendations from the relevant database system and software vendors. The security

designs specify further security administration and management functions such as

administration and reporting of user access rights, log management and analysis, database

replication/synchronization and backups etc.

Among different methodology used to secure the database, this report gives the overview

regarding the case study of database backup and recovery methodology used, in the context

of a bank in Nepal.

Banks store their data in a different drive and also store the same data in a Disaster

Recovery (DR) site,said Suresh Karna(2011), chief information officer of Kumari Bank.

Banks maintain regular backup of their databases. This report gives details the database

backup and recovery practice and procedures followed by the Global Bank Ltd, Nepal based

on the preliminary investigation done in the IT-Department of the bank located in

Panipokhari, Kathmandu, Nepal.


5/8

5

2. Background/ContextGlobal Bank Limited is a national level commercial bank with more than 50 branches

operating in different places within the country. M millions of transactions are done daily

with the customer through the different branches. The Bank uses FINACLE as the front end

(Banking Software) and Database is maintained using Oracle 10g as the backend.

The Central IT department of the Bank is located at its central office, in Panipokhari,

Kathmandu which is responsible for acquisition, maintenance, and monitoring information

and communication Technology infrastructure of the bank. Its database is maintained in this

department.

The main database (Oracle 10g) is centrally maintained and installed in the Linux (Redhat

Enterprise Linux-5(RHE-5)) machine in the Central IT Department. It is connected to all

other computers and terminals (ATMs) at different location through Virtual Private Network

(VPN). During the transactions all the terminals and computers inquire the central database.

2.1 Database Backup Method

At the end of each day transactions, Cold Backup is taken in the tape. Simultaneously online

backup is also taken. This process of data backup is time consuming as the data to be backup

crosses 80 GB in size.

The Data backup strategies of the bank Specify to use all three types of backup methods

simultaneously:

y Full backup. Entire system (such as all volumes composed server) or user specifieddata on all the documents are maintained once at end of a month.

y Incremental backup. Incremental backup is maintained daily which only stores thenewly created or updated data since the last backup operation.

y Differential backup. Simultaneously, Differential backup is used to stores all ofnew and updated data generated after a full backup.


6/8

6

2.2 Database Restore method

However, a variety of strategies may be used to facilitate system recovery when problems

occur, the security design of the bank specify mirroring and reprocessing approach.

y Mirroring. It involves making frequent simultaneous copies of a database to ensurethat two or more copies are maintained in different locations at all times. The bank

maintains a duplicate server in the same branch in a different machine.

y Reprocessing. It involves going back to a known point of database activity before theproblem occurred and reprocessing work from that point forward. It is done using the

backup maintained as mentioned above.

Thus, Global Bank Ltd maintains central database with mirroring, in it Central IT department

and all the other computers and terminals (ATM ) communicate with the central database

through Virtual Private Network (VPN). It maintains regular backup of its databases online

and offline.


7/8

7

3. Development

A quantitative case study will be carried out to explore the database backup and Recovery

methodology being used in the Global Bank Ltd. A systematic approach of investigation will

be carried at the Central IT department of the bank to know about the current structure of

database backup and recovery policy adopted and all the scenario database problem are

logged with the view to examine how the database backup and recover methodology helped

to overcome the problems. All the findings are validating in a testing environment developed

in the process of the case study.

3.1 Different Activities in the development process

The case study will be carried as a sequence of activities listed below:

y Feasibility study of project, Selection of Client(place of case study) andPreliminary Investigation: The project is to do a exploratory study on the database

backup and recovery method among the different method to secure database. The

client was chosen which Global Bank Ltd. is I visited the IT department of the bank

located in, Panipokhari, Kathmandu along with the recommendation letter provided

by my college. I get the permission with the IT head there for my case study. I

enquired about the way they deploy the database backup and recovery in the Bank.

y Extensive Literature Review: Literature review is integral part of entire researchprocess as it bring clarity and focus to the subject matter of case study , broaden yourknowledge and helpful to contextualise our findings. Thus, I decided to go through

Books and Journals. Further I am taking the training of Oracle DBA.

y Developing the objectives: After the completion of extensive literature I willdevelop sufficient knowledge in the required field of case study which will be helpful

to set clear goals and objectives. A list of objective will be developed which will

guide through the case study.

y Preparing the Research Design: In this stage, a problem log form, and maintenancelog form will be designed to keep the log of database problems and the steps done to

overcome the problem. Further, a testing environment will be installed for the testing

and validation of the maintenance log

y Collecting the Data: Data of the database problem is maintained in the Problem logand the information of steps taken to overcome the problems are maintained in the


8/8

8

maintenance log. This data collection is done through observation and inquiry for

some weeks as mentioned in the project plan.

y Analysis of Data: Simultaneously with the maintenance log, the problem andmaintenance note is tested in the testing environment and logged.

y Generalisation and Interpretation: The facts and figures thus derived from thecollection and analysis of data is generalised and interpreted. I t will be presented in

different forms

y Preparation of the Report or Presentation of Results: Finally all the findings areturned into report.

Currently the Feasibility study, selection of client and Preliminary investigation is finished

based on that extensive literature review is being carried out. In the extensive literature

review stages the books and journal review is finished and training on Oracle DBA is at the

last stage.

Documents

FYP Interim Report Computing TIMILSINA-SANTOSH Autumn11