SlideShare uma empresa Scribd logo

Data security and Integrity

Zaid Shabbir
Zaid Shabbir

Slides present data and information system. In any information system security and integrity is the prime concern. How we can make sure stored data is more secure and generated information should be accurate, reliable and consistent.

Dados e análise
1 de 44
Baixar para ler offline
Data Security and Integrity
Contents ● Introduction ● Database Security In General – Information System – Information / Data Security ● Information Security Triangle ● Information Security Architecture ● Database Security – Security Levels – Dangers for Databases – Security Methods
Contents ● Database Security Methodology ● Security Layers in DBMS – Authentication – Authorization – Views and Data Security – Virtual Private Database ● Data Auditing
Introduction ● In the modern era of information security violation and attacks increased on each day. ● For data security we need to implement more strict policies in a way our business operations not blocked and execute smoothly. Security Measures: ● Prevent the physical access to the servers where data reside. ● Implement operating system operations in more secure way. ● Implement security models that enforce security measures. ● DBA should implement the security polices to protect the data.
Database Security In General ● Degree to which data is fully protected from tampering or unauthorized acts. ● Comprises information system and information security concepts.
Information System ● Information system (IS) comprised of components working together to produce and generate accurate information. ● In IS wise decisions require – Accurate and timely information – Information integrity ● IS categorized based on usage as – Low-level – Mid-level – High-level
Information System ... Typical use of system applications at various management level Order Tracking Customer Service Student registration Risk management Fraud Detection Sales Forecasting Market Analysis Loan Expert Financial Enterprise
Information System ... Information System Components
Database and DBMS Environment DBMS Functions Organize data Store and retrieve data efficiently Manipulate data (update and delete Enforce referential integrity and consistency Enforce and implement data security policies and procedures Back up, recover, and restore data Data security …..DBMS Components Data Hardware Software Networks Procedures Database Server
Information / Data Security ● Information / data is one of the most valuable asset for any organization. ● Its security consist of procedures and measures taken to protect information systems components.
Information Security Triangle Information Security C.I.A Triangle Data and information is classified into Different levels of confidentiality to ensure that only authorized users access the information. → System is available at all times only for authorized and authenticated persons. → System is protected from being shutdown due to external or internal threats or attacks. → Data and information is accurate and protected from tampering by Unauthorized persons. → Data and information is consistent and validated.
Confidential Classification (CIA Triangle)
Integrity (CIA Triangle) ● Data Integrity refers to the overall completeness, accuracy and consistency of data. ● Integrity has two types physical and logical. ● Physical integrity: Physical integrity deals with challenges associated with correctly storing and fetching the data itself. – Challenges: electromechanical faults, physical design flaws, natural disasters etc. ● Logical Integrity: Concerned with referential integrity and entity integrity in a relational database – Challenges: software bugs, design flaws, and human errors.
Integrity by Example (CIA Triangle) Employee A learns that his similar designation coworker is earning higher salary then he is. Employee A get this information through the access of an application program by accounting dept and manipulates the vacation hours and overtime hours of his colleague. Two security violations: ● Confidential data is disclosed inappropriately. ● An application to modify data was access inappropriately.
Availability (CIA Triangle) ● Systems must be always available to authorized users. ● Systems determines what a user can do with the information. ● System might not be visible in some conditions.
Information Security Architecture → Privacy laws → Confidential classification → Policies and procedures → Access rights → Customer concerns → Social and cultural issues Confidentiality → Security technology → Security model → Cryptography technology → DBMS technology → Database and design → Application technology Integrity → Threats and attacks → System vulnerabilities → Authorization methodology → Authentication technology → Network interfaces → Disaster and recovery strategy Availability
Database Security Database security entertain allowing or disallowing user actions on the database and the objects within it. DMBS contains Discretionary access control regulates all user access to named objects through privileges. A privilege is permission to access a named object in a prescribed manner; for example, permission to query a table. Privileges are granted to users at the discretion of other users.
Database Security ... Database Security Access Points
Database Security ... Database Security Enforcement
Security Levels ● Database System: Since some users may modify data while some may only query, it is the job of the system to enforce authorization rules. ● Operating System: No matter how secure the database system is, the operating system may serve as another means of unauthorized access. ● Network: Since most databases allow remote access, hardware and software security is crucial. ● Physical: Sites with computer systems must be physically secured against entry by intruders or terrorists. ● Human: Users must be authorized carefully to reduce the chance of a user giving access to an intruder.
Data Integrity Violation
Dangers for Databases Security vulnerability: a weakness in any information system component. Categories of Security Vulnerabilities
Dangers for Databases ... Security threat: a security violation or attack that can happen any time because of a security vulnerability. Categories of Security Threats
Dangers for Databases ... Security risk: a known security gap left open. Categories of Security Risks
Dangers for Databases... Integration of Security Vulnerabilities, Risks and Threats in Database Environment
Security Methods Database Component Protected Security Method People ● Physical limit to access hardware and documents. ● Through the process of identification and authentication make sure right user is going to access the information ● Conduct training courses on the Importance of security and how to guard assets ● Establishment of security policies and procedures. Applications ● Authentication of users who access the application. ● Apply business rules. ● A Single sign on
Security Methods ... Database Component Protected Security Method Network ● Network firewall to block the intruders. ● VPN ● Network Authentication Operating System ● Authentication ● Password policy ● User accounts DBMS ● Authentication ● Audit mechanism ● Database resource limits ● Password policy ● Data encryption Data Files ● Files / Folder permissions ● Access monitoring
Security Methods ... Database Component Protected Security Method Data ● Data Validation ● Data constraints ● Data Encryption ● Data Access
Databases Security Methodology
Security Layers in DBMS ● Authentication ● Authorization – Data File level – Database level – Table level – Record level – Column level
Security Layers in DBMS ... By Database Management System through username and password Through Files Permissions Schema owners/security administrator grant or revoke privileges
Overview of Authentication Methods Several DBMS support different user authentication method for security purpose. Some of the authentication methods are.. Authentication by the Operating System: Once user authenticated by the operating system, users can connect to database more conveniently, without specifying a user name or password. (e.g. In EDB/Postgres peer/ident authentication method use for this purpose). Password Authentication: Users are created with some password in database and after assignment of some set of privileges register user can communicate with DBMS.
Overview of Authentication Methods ... Trust Authentication: Registered user can connect with database and perform operations as per authority on different objects.
Overview of Authentication Methods ... Authentication by the Network: In network base authentication scheme there are three branches 1. Third Party-Based Authentication Technologies: If network authentication services are available to you (such as DCE, Kerberos, or SESAME), Oracle Database can accept authentication from the network service. 2.Certificate Authentication: This authentication method uses SSL client certificates to perform authentication. It is therefore only available for SSL connections. When using this authentication method, the server will require that the client provide a valid certificate. No password prompt will be sent to the client.
Overview of Authentication Methods ... 3. Remote Authentication Oracle Database supports remote authentication of users through Remote Dial-In User Service (RADIUS), a standard lightweight protocol used for user authentication, authorization, and accounting.
Authorization ● For security purposes, we may assign a user several forms of authorization on parts of the databases which allow: – Read: read tuples. – Insert: insert new tuple, not modify existing tuples. – Update: modification, not deletion, of tuples. – Delete: deletion of tuples. ● We may assign the user all, none, or a combination of these.
Authorization ... In addition to the previously mentioned, we may also assign a user rights to modify the database schema: Index: allows creation and modification of indices. Resource: allows creation of new relations. Alteration: addition or deletion of attributes in a tuple. Drop: allows the deletion of relations. In SQL DCL used for authorization assignments on different database objects
DCL and Authorization ● DCL commands are used to enforce database security in a multiple database environment. ● Two types of DCL commands are – Grant – Revoke ● Database Administrator's or owner’s of the database object can provide/remove privileges on a database object through Grant and Revoke in RDMS.
DCL and Authorization ● GRANT Syntax GRANT privilege_name ON object_name TO {user_name | PUBLIC | role_name} [with GRANT option]; ● Here, privilege_name: is the access right or privilege granted to the user. ● object_name: is the name of the database object like table, view etc.,. ● user_name: is the name of the user to whom an access right is being granted. ● Public is used to grant rights to all the users. ● With Grant option: allows users to grant access rights to other users.
DCL and Authorization ● REVOKE Syntax: REVOKE privilege_name ON object_name FROM {User_name | PUBLIC | Role_name} ● For Example: GRANT SELECT ON employee TO user1 ● This command grants a SELECT permission on employee table to user1. REVOKE SELECT ON employee FROM user1 ● This command will revoke a SELECT privilege on employee table from user1.
Views and Data Security ● Views can serve as security mechanism by restricting the data available to users. Through views you can restrict users on limited columns and give the rights to specific users. ● Example: Table emp contains employee salaries which should not visible to all users and all user can read the data other then salary. – Emp (id, name, address, designation, salary) – Create view emp_basic_info as select (id, name, address, designation) from emp; – Grant select (id, name,address) on emp_basic_info to 'qasim' – Grant select (id, name, address, designation) on emp_basic_info to 'Haider'
Views and Data Security CREATE VIEW EuropeanCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Continent = "Europe" CREATE VIEW BigCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Population >= 30000000
Virtual Private Database Virtual Private Database (VPD) is a feature which enables Administrator to create security around actual data (i.e row/columns) so that multiple users can access data which is relevant to them. ● Steps for VPD – Create an Application Context: Create users, objects and permissions on the objects. – Create security policies functions – Apply security policies to tables Reference Postgres Plus Advanced Server Guide: http://get.enterprisedb.com/docs/Postgres_Plus_Enterprise_Edition_Guide_v9.5.pdf Section 9.11 DBMS_RLS
Data Auditing Database auditing involves observing a database for user/transaction actions. Database administrators and consultants often set up auditing for security purposes. In EDB data auditing manage control through audit logs. EDB / PostgreSQL maintained Audit log on .. ● When a role establishes a connection to an Advanced Server database ● What database objects a role creates, modifies, or deletes when connected to Advanced Server. ● When any failed authentication attempts occur.

Recomendados

Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Database security
Database securityDatabase security
Database security
Software Engineering
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 

Recomendados

Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Database security
Database securityDatabase security
Database security
Software Engineering
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
DB security
DB security DB security
DB security
ERSHUBHAM TIWARI
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
Pina Parmar
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Network Security Issues
Network Security IssuesNetwork Security Issues
Network Security Issues
AfreenYousaf
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
Shahbaz Khan
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
cyber security notes
cyber security notescyber security notes
cyber security notes
SHIKHAJAIN163
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
robinlgray
 
Software Security
Software SecuritySoftware Security
Software Security
Roman Oliynykov
 

Mais conteúdo relacionado

Mais procurados

Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 

Mais procurados (20)

Network security
Network security Network security
Network security
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
DB security
DB security DB security
DB security
 
Security models
Security models Security models
Security models
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
Information Security
Information SecurityInformation Security
Information Security
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Network Security Issues
Network Security IssuesNetwork Security Issues
Network Security Issues
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 

Destaque

Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
Randall Chesnutt
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
mlw32785
 

Destaque (7)

Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 
Software Security
Software SecuritySoftware Security
Software Security
 
Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav Gaur
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
System security
System securitySystem security
System security
 

Semelhante a Data security and Integrity

MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
chnrketan
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptx
SaqibAhmedKhan4
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docx
priestmanmable
 

Semelhante a Data security and Integrity (20)

Dstca
DstcaDstca
Dstca
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Database security 12.pdf
Database security 12.pdfDatabase security 12.pdf
Database security 12.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
 
Final Study of Security functionality in Distributed Database.pptx
Final Study of Security functionality in Distributed Database.pptxFinal Study of Security functionality in Distributed Database.pptx
Final Study of Security functionality in Distributed Database.pptx
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptx
 
Database security
Database securityDatabase security
Database security
 
Data security
Data securityData security
Data security
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docx
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptx
 

Mais de Zaid Shabbir

Modern SDLC and QA.pptx
Modern SDLC and QA.pptxModern SDLC and QA.pptx
Modern SDLC and QA.pptx
Zaid Shabbir
 

Mais de Zaid Shabbir (14)

Modern SDLC and QA.pptx
Modern SDLC and QA.pptxModern SDLC and QA.pptx
Modern SDLC and QA.pptx
 
Software Agility.pptx
Software Agility.pptxSoftware Agility.pptx
Software Agility.pptx
 
Software Development Guide To Accelerate Performance
Software Development Guide To Accelerate PerformanceSoftware Development Guide To Accelerate Performance
Software Development Guide To Accelerate Performance
 
Software Testing and Agility
Software Testing and Agility Software Testing and Agility
Software Testing and Agility
 
Cloud computing & dbms
Cloud computing & dbmsCloud computing & dbms
Cloud computing & dbms
 
No sql bigdata and postgresql
No sql bigdata and postgresqlNo sql bigdata and postgresql
No sql bigdata and postgresql
 
Files and data storage
Files and data storageFiles and data storage
Files and data storage
 
Queue
QueueQueue
Queue
 
Queue
QueueQueue
Queue
 
Sorting
SortingSorting
Sorting
 
Stack
StackStack
Stack
 
Tree and binary tree
Tree and binary treeTree and binary tree
Tree and binary tree
 
Sorting
SortingSorting
Sorting
 
Introduction to data structure
Introduction to data structureIntroduction to data structure
Introduction to data structure
 

Último

Dubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls DubaiDubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls Dubai
kojalkojal131
 
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi ArabiaIn Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
ahmedjiabur940
 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
HyderabadDolls
 
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
kumargunjan9515
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
kumargunjan9515
 
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
gajnagarg
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdf
SayantanBiswas37
 
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
SOFTTECHHUB
 
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
Health
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
vexqp
 
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
HyderabadDolls
 
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book nowVadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
gargpaaro
 

Último (20)

Dubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls DubaiDubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls Dubai
 
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi ArabiaIn Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
 
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxRESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
 
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
 
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdf
 
Kings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about themKings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about them
 
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
 
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRanking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
 
7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt
 
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
 
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
 
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book nowVadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 

Data security and Integrity

  • 2. Contents ● Introduction ● Database Security In General – Information System – Information / Data Security ● Information Security Triangle ● Information Security Architecture ● Database Security – Security Levels – Dangers for Databases – Security Methods
  • 3. Contents ● Database Security Methodology ● Security Layers in DBMS – Authentication – Authorization – Views and Data Security – Virtual Private Database ● Data Auditing
  • 4. Introduction ● In the modern era of information security violation and attacks increased on each day. ● For data security we need to implement more strict policies in a way our business operations not blocked and execute smoothly. Security Measures: ● Prevent the physical access to the servers where data reside. ● Implement operating system operations in more secure way. ● Implement security models that enforce security measures. ● DBA should implement the security polices to protect the data.
  • 5. Database Security In General ● Degree to which data is fully protected from tampering or unauthorized acts. ● Comprises information system and information security concepts.
  • 6. Information System ● Information system (IS) comprised of components working together to produce and generate accurate information. ● In IS wise decisions require – Accurate and timely information – Information integrity ● IS categorized based on usage as – Low-level – Mid-level – High-level
  • 7. Information System ... Typical use of system applications at various management level Order Tracking Customer Service Student registration Risk management Fraud Detection Sales Forecasting Market Analysis Loan Expert Financial Enterprise
  • 9. Database and DBMS Environment DBMS Functions Organize data Store and retrieve data efficiently Manipulate data (update and delete Enforce referential integrity and consistency Enforce and implement data security policies and procedures Back up, recover, and restore data Data security …..DBMS Components Data Hardware Software Networks Procedures Database Server
  • 10. Information / Data Security ● Information / data is one of the most valuable asset for any organization. ● Its security consist of procedures and measures taken to protect information systems components.
  • 11. Information Security Triangle Information Security C.I.A Triangle Data and information is classified into Different levels of confidentiality to ensure that only authorized users access the information. → System is available at all times only for authorized and authenticated persons. → System is protected from being shutdown due to external or internal threats or attacks. → Data and information is accurate and protected from tampering by Unauthorized persons. → Data and information is consistent and validated.
  • 13. Integrity (CIA Triangle) ● Data Integrity refers to the overall completeness, accuracy and consistency of data. ● Integrity has two types physical and logical. ● Physical integrity: Physical integrity deals with challenges associated with correctly storing and fetching the data itself. – Challenges: electromechanical faults, physical design flaws, natural disasters etc. ● Logical Integrity: Concerned with referential integrity and entity integrity in a relational database – Challenges: software bugs, design flaws, and human errors.
  • 14. Integrity by Example (CIA Triangle) Employee A learns that his similar designation coworker is earning higher salary then he is. Employee A get this information through the access of an application program by accounting dept and manipulates the vacation hours and overtime hours of his colleague. Two security violations: ● Confidential data is disclosed inappropriately. ● An application to modify data was access inappropriately.
  • 15. Availability (CIA Triangle) ● Systems must be always available to authorized users. ● Systems determines what a user can do with the information. ● System might not be visible in some conditions.
  • 16. Information Security Architecture → Privacy laws → Confidential classification → Policies and procedures → Access rights → Customer concerns → Social and cultural issues Confidentiality → Security technology → Security model → Cryptography technology → DBMS technology → Database and design → Application technology Integrity → Threats and attacks → System vulnerabilities → Authorization methodology → Authentication technology → Network interfaces → Disaster and recovery strategy Availability
  • 17. Database Security Database security entertain allowing or disallowing user actions on the database and the objects within it. DMBS contains Discretionary access control regulates all user access to named objects through privileges. A privilege is permission to access a named object in a prescribed manner; for example, permission to query a table. Privileges are granted to users at the discretion of other users.
  • 18. Database Security ... Database Security Access Points
  • 19. Database Security ... Database Security Enforcement
  • 20. Security Levels ● Database System: Since some users may modify data while some may only query, it is the job of the system to enforce authorization rules. ● Operating System: No matter how secure the database system is, the operating system may serve as another means of unauthorized access. ● Network: Since most databases allow remote access, hardware and software security is crucial. ● Physical: Sites with computer systems must be physically secured against entry by intruders or terrorists. ● Human: Users must be authorized carefully to reduce the chance of a user giving access to an intruder.
  • 22. Dangers for Databases Security vulnerability: a weakness in any information system component. Categories of Security Vulnerabilities
  • 23. Dangers for Databases ... Security threat: a security violation or attack that can happen any time because of a security vulnerability. Categories of Security Threats
  • 24. Dangers for Databases ... Security risk: a known security gap left open. Categories of Security Risks
  • 25. Dangers for Databases... Integration of Security Vulnerabilities, Risks and Threats in Database Environment
  • 26. Security Methods Database Component Protected Security Method People ● Physical limit to access hardware and documents. ● Through the process of identification and authentication make sure right user is going to access the information ● Conduct training courses on the Importance of security and how to guard assets ● Establishment of security policies and procedures. Applications ● Authentication of users who access the application. ● Apply business rules. ● A Single sign on
  • 27. Security Methods ... Database Component Protected Security Method Network ● Network firewall to block the intruders. ● VPN ● Network Authentication Operating System ● Authentication ● Password policy ● User accounts DBMS ● Authentication ● Audit mechanism ● Database resource limits ● Password policy ● Data encryption Data Files ● Files / Folder permissions ● Access monitoring
  • 28. Security Methods ... Database Component Protected Security Method Data ● Data Validation ● Data constraints ● Data Encryption ● Data Access
  • 30. Security Layers in DBMS ● Authentication ● Authorization – Data File level – Database level – Table level – Record level – Column level
  • 31. Security Layers in DBMS ... By Database Management System through username and password Through Files Permissions Schema owners/security administrator grant or revoke privileges
  • 32. Overview of Authentication Methods Several DBMS support different user authentication method for security purpose. Some of the authentication methods are.. Authentication by the Operating System: Once user authenticated by the operating system, users can connect to database more conveniently, without specifying a user name or password. (e.g. In EDB/Postgres peer/ident authentication method use for this purpose). Password Authentication: Users are created with some password in database and after assignment of some set of privileges register user can communicate with DBMS.
  • 33. Overview of Authentication Methods ... Trust Authentication: Registered user can connect with database and perform operations as per authority on different objects.
  • 34. Overview of Authentication Methods ... Authentication by the Network: In network base authentication scheme there are three branches 1. Third Party-Based Authentication Technologies: If network authentication services are available to you (such as DCE, Kerberos, or SESAME), Oracle Database can accept authentication from the network service. 2.Certificate Authentication: This authentication method uses SSL client certificates to perform authentication. It is therefore only available for SSL connections. When using this authentication method, the server will require that the client provide a valid certificate. No password prompt will be sent to the client.
  • 35. Overview of Authentication Methods ... 3. Remote Authentication Oracle Database supports remote authentication of users through Remote Dial-In User Service (RADIUS), a standard lightweight protocol used for user authentication, authorization, and accounting.
  • 36. Authorization ● For security purposes, we may assign a user several forms of authorization on parts of the databases which allow: – Read: read tuples. – Insert: insert new tuple, not modify existing tuples. – Update: modification, not deletion, of tuples. – Delete: deletion of tuples. ● We may assign the user all, none, or a combination of these.
  • 37. Authorization ... In addition to the previously mentioned, we may also assign a user rights to modify the database schema: Index: allows creation and modification of indices. Resource: allows creation of new relations. Alteration: addition or deletion of attributes in a tuple. Drop: allows the deletion of relations. In SQL DCL used for authorization assignments on different database objects
  • 38. DCL and Authorization ● DCL commands are used to enforce database security in a multiple database environment. ● Two types of DCL commands are – Grant – Revoke ● Database Administrator's or owner’s of the database object can provide/remove privileges on a database object through Grant and Revoke in RDMS.
  • 39. DCL and Authorization ● GRANT Syntax GRANT privilege_name ON object_name TO {user_name | PUBLIC | role_name} [with GRANT option]; ● Here, privilege_name: is the access right or privilege granted to the user. ● object_name: is the name of the database object like table, view etc.,. ● user_name: is the name of the user to whom an access right is being granted. ● Public is used to grant rights to all the users. ● With Grant option: allows users to grant access rights to other users.
  • 40. DCL and Authorization ● REVOKE Syntax: REVOKE privilege_name ON object_name FROM {User_name | PUBLIC | Role_name} ● For Example: GRANT SELECT ON employee TO user1 ● This command grants a SELECT permission on employee table to user1. REVOKE SELECT ON employee FROM user1 ● This command will revoke a SELECT privilege on employee table from user1.
  • 41. Views and Data Security ● Views can serve as security mechanism by restricting the data available to users. Through views you can restrict users on limited columns and give the rights to specific users. ● Example: Table emp contains employee salaries which should not visible to all users and all user can read the data other then salary. – Emp (id, name, address, designation, salary) – Create view emp_basic_info as select (id, name, address, designation) from emp; – Grant select (id, name,address) on emp_basic_info to 'qasim' – Grant select (id, name, address, designation) on emp_basic_info to 'Haider'
  • 42. Views and Data Security CREATE VIEW EuropeanCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Continent = "Europe" CREATE VIEW BigCountry AS SELECT Name, Continent, Population, HasCoast FROM Country WHERE Population >= 30000000
  • 43. Virtual Private Database Virtual Private Database (VPD) is a feature which enables Administrator to create security around actual data (i.e row/columns) so that multiple users can access data which is relevant to them. ● Steps for VPD – Create an Application Context: Create users, objects and permissions on the objects. – Create security policies functions – Apply security policies to tables Reference Postgres Plus Advanced Server Guide: http://get.enterprisedb.com/docs/Postgres_Plus_Enterprise_Edition_Guide_v9.5.pdf Section 9.11 DBMS_RLS
  • 44. Data Auditing Database auditing involves observing a database for user/transaction actions. Database administrators and consultants often set up auditing for security purposes. In EDB data auditing manage control through audit logs. EDB / PostgreSQL maintained Audit log on .. ● When a role establishes a connection to an Advanced Server database ● What database objects a role creates, modifies, or deletes when connected to Advanced Server. ● When any failed authentication attempts occur.