Database Security

5 Key excerpts on "Database Security"

• 

  eBook - ePub

  Database Security

  Problems and Solutions

  • Christopher Diaz(Author)
  • 2022(Publication Date)
  • Mercury Learning and Information

    (Publisher)

  Data security has similar goals and objectives as information security—with the same fundamental principles of confidentiality, integrity, and availability. However, data security is often associated with only data that is at rest or saved in persistent storage, such as a magnetic disk, flash drive, or solid state device. Even though data security follows the same goals and objectives of information security, the goals are often much more focused on how to achieve and implement them. Such focus allows the goal to be more precisely defined and detailed in how the solution is achieved. As an example, to protect data against unauthorized modification (integrity), a data security approach may involve monitoring accesses to certain data to reveal who accesses the data as well as how the data is accessed. Such analysis can reveal anomalies to identify potential threats, such as when data is written unexpectedly (say, outside of normal work hours or outside of the expected processing pattern).

  1.4 Database Security

  “Database Security refers to the range of tools, controls, and measures designed to establish and preserve database confidentiality, integrity, and availability.”1 We can view Database Security to have the same objectives and principles as data security and information security, but within the scope or level of a database environment. This further focuses the choice, design, implementation, and configuration of controls available at the database level.

  Data confidentiality

  To achieve confidentiality in Database Security, we can employ controls such as privileges (which we cover in Chapter 5 , “Database Privileges“) and encryption of stored data (which we cover in Chapter 7 , “Other Database Security Controls”). Privileges are a database system control where the database system itself manages data access. As described earlier, encryption can provide confidentiality against agents that do not have the proper credentials and may be implemented by the database system, modules, or other programs.

  To achieve database integrity, in addition to checksums or hashing, we can use a range of controls that appear as early as the database design phase. This includes proper database design with normalization, defining referential integrity constraints, and identifying when concurrent access may occur. We cover database design and normalization approaches to help maintain data integrity in Chapter 2 , “Database Design,” and other data integrity controls in Chapter 8 , “Transactions for Data Integrity.” We also cover mechanisms that help maintain integrity when multiple applications and/or users access the same data in Chapter 9

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Relational Database Design and Implementation

  Clearly Explained

  • Jan L. Harrington(Author)
  • 2009(Publication Date)
  • Morgan Kaufmann

    (Publisher)

  Chapter 15. Database Security

  In our current computing environment, we usually think that the instant world-spanning access provided by the Internet is a good thing. However, that access has a dark side: those who would inadvertently or purposefully violate the security of our data. Security has always been a part of relational database management, but now it has become one of the most important issues facing database administrators.

  Another way to look at security is to consider the difference between security and privacy. Privacy is the need to restrict access to data, whether it be trade secrets or personal information that by law must be kept private. Security is what you do to ensure privacy.

  Many people view network security as having three goals:

  ▪ Confidentiality: Ensuring that data that must be kept private stay private.

  ▪ Integrity: Ensuring that data are accurate. For a security professional, this means that data must be protected from unauthorized modification and/or destruction.

  ▪ Availability: Ensuring that data are accessible whenever needed by the organization. This implies protecting the network from anything that would make it unavailable, including such events as power outages.

  One thing that makes data theft such a problem is that data can be stolen without anyone knowing about it. A good thief can get into a target system, copy the data, and exit without leaving a trace. Because copying digital data does not affect the source, examining the data won't reveal that any copying has taken place. An accomplished thief will also modify system log files, erasing any trace of the illegal entry.

  The popular media would have you believe that the source of most computer security problems is the “hacker.” However, if you ask people actually working in the field, they will tell you that nearly half the security breaches they encounter come from sources internal to an organization, and, in particular, employees. This means that it won't be sufficient to secure a network against external intrusion attempts; you must pay as much attention to what is occurring within your organization as you do to external threats. Databases in particular are especially vulnerable to internal security threats because direct access is typically provided only to employees.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  CompTIA DataSys+ Study Guide

  Exam DS0-001

  • Mike Chapple, Sharif Nijim(Authors)
  • 2023(Publication Date)
  • Sybex

    (Publisher)

  Chapter 7 Database Security

  THE COMPTIA DATASYS+ EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

  • Domain 4.0 Data and Database Security
    • 4.4. Explain the Purpose of Database Infrastructure Security
    • 4.5. Describe Types of Attacks and Their Effects on Data Systems

  Data systems professionals work hand in hand with cybersecurity professionals to protect the confidentiality, integrity, and availability of the data and systems under their care. Effectively carrying out this shared responsibility requires a strong understanding of the security issues affecting data systems. In this chapter, we explore database infrastructure security as well as the different types of attacks commonly waged against data systems. Technologists with a strong understanding of the threat environment will find themselves well prepared to defend their systems against those threats.

  Database Infrastructure Security

  Protecting databases against attack requires controls that work in two dimensions. First, database professionals must coordinate with physical security teams to ensure that databases are housed in secure locations. Second, they must coordinate with cybersecurity experts to build a set of logical security controls that adequately protect data and systems from technical attacks.

  Physical Security

  While technology professionals often focus on technical controls, one of the most important lines of defense for an organization is the set of physical controls that it puts in place. Physical access to systems, facilities, and networks is one of the best ways to circumvent technical controls, whether by directly accessing a machine, stealing drives or devices, or plugging into a trusted network to bypass layers of network security control keeping it safe from the outside world.

  Site Security

  The first step in preventing physical access is by implementing a site security plan. Site security looks at the entire facility or facilities used by an organization and implements a security plan based on the threats and risks that are relevant to each specific location. That means that facilities used by an organization in different locations will typically have different site security plans and controls in place.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Hacking the Code

  Auditor's Guide to Writing Secure Code for the Web

  • Mark Burnett(Author)
  • 2004(Publication Date)
  • Syngress

    (Publisher)

  To secure your database, we will take a bottom-up approach by first discussing how to secure drivers that an application uses to communicate with a database. Next, we’ll examine how to secure the database as a whole by tightening the default installation and using policies such as least privileges. We will cover firewalls and other means to protect your application as well as monitor intrusion attempts. Finally, we’ll have an in-depth discussion of how to write secure code that safely connects to your database. This discussion will include specific details of the ways attackers crack systems using SQL injections and the multiple layers of security you can use to protect your application.

  The threats discussed in this chapter are:

   Data compromise An attacker gains access to read or modify private data.

   Database compromise An attacker gains access to modify the database structure itself.

   SQL injection Manipulating user input to construct SQL statements that execute on the database server.

   Buffer overflows Overwriting a buffer by sending more data than a buffer can handle, resulting in the application crashing or executing code of the attacker’s choice.

   Privilege escalation Accessing system resources or executing code within the security context of a privileged user account.

   Information leakage Revealing sensitive information or private user data.

  Securing Databases

  Your data access code’s security depends greatly on your entire database infrastructure. Security vulnerabilities may occur due to bugs in the database or its drivers, unsafe database location, or poor database configuration. Before writing any data access code in your Web application, you should first consider the security of the database itself.

  Securing the Database Location

  Summary:	Carefully design your database’s location with regard to firewalling technologies
  Threats:	Database compromise, bypassing security measures

  An important first step in securing your database is to properly control access to the database itself. You should be careful to configure your firewall to restrict access so that only the Web application itself can directly access database ports. Where you physically place the database server on your network can also have an impact on Database Security.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

  • Mike Chapple, James Michael Stewart, Darril Gibson(Authors)
  • 2021(Publication Date)
  • Sybex

    (Publisher)

  Isolation   The isolation principle requires that transactions operate separately from each other. If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data. This prevents one transaction from working with invalid data generated as an intermediate step by another transaction.
• Durability   Database transactions must be durable. That is, once they are committed to the database, they must be preserved. Databases ensure durability through the use of backup mechanisms, such as transaction logs.
In the following sections, we'll discuss a variety of specific security issues of concern to database developers and administrators.

Security for Multilevel Databases

As you learned in Chapter 1 , many organizations use data classification schemes to enforce access control restrictions based on the security labels assigned to data objects and individual users. When mandated by an organization's security policy, this classification concept must also be extended to the organization's databases.

Multilevel security databases contain information at a number of different classification levels. They must verify the labels assigned to users and, in response to user requests, provide only information that's appropriate. However, this concept becomes somewhat more complicated when considering security for a database.

When multilevel security is required, it's essential that administrators and developers strive to keep data with different security requirements separate. Mixing data with different classification levels and/or need-to-know requirements, known as database contamination, is a significant security challenge. Often, administrators will deploy a trusted front end to add multilevel security to a legacy or insecure DBMS.

Restricting Access with Views

Another way to implement multilevel security in a database is through the use of database views. Views are simply SQL statements that present data to the user as if the views were tables themselves. Views may be used to collate data from multiple tables, aggregate individual records, or restrict a user's access to a limited subset of database attributes and/or records.