Transcript Database Administration and Security

Database Administration and Security
Transparencies
1
Objectives
 The distinction between data administration and
database administration.
 The purpose and tasks associated with data
administration and database administration.
 The scope of database security.
 Why database security is a serious concern for an
organization.
 The type of threats that can affect a database system.
 How to protect a computer system using computerbased controls.
©Pearson Education 2009
2
Data administration and database
administration
 Data Administrator (DA) and Database
Administrator (DBA) are responsible for managing
and controlling activities associated with
corporate data and corporate database,
respectively.
 DA is more concerned with early stages of lifecycle
and DBA is more concerned with later stages.
©Pearson Education 2009
3
Data administration
 Management and control of corporate data, including:
 database planning;
 development and maintenance of standards, policies,
and procedures;
 conceptual and logical database design.
©Pearson Education 2009
4
Data administration tasks
©Pearson Education 2009
5
Database administration
 Management and control of physical realization of
a database system, including:
 physical database design and implementation;
 setting security and integrity controls;
 monitoring system performance;
 reorganizing the database.
©Pearson Education 2009
6
Database administration tasks
©Pearson Education 2009
7
Comparison of data and database
administration
©Pearson Education 2009
8
Database security
 Mechanisms that protect the database against
intentional or accidental threats.
 Not only apply to the data held in a database. Breaches
of security may affect other parts of the system, which
may in turn affect the database.
 Includes hardware, software, people, and data.
 Growing importance of security is the increasing
amounts of crucial corporate data being stored on
computer.
©Pearson Education 2009
9
Examples of threats and possible
outcomes
©Pearson Education 2009
10
Summary of threats to computer
systems
©Pearson Education 2009
11
Database security
 Threat is any situation or event, whether
intentional or unintentional, that may adversely
affect a system and consequently the organization.
 Outcomes to avoid:
 theft and fraud,
 loss of confidentiality (secrecy),
 loss of privacy,
 loss of integrity,
 loss of availability.
©Pearson Education 2009
12
Typical multi-user computer
environment
©Pearson Education 2009
13
Database security
 Computer-based countermeasures include:
 authorization,
 views,
 backup and recovery,
 integrity,
 encryption,
 redundant array of independent disks (RAID).
©Pearson Education 2009
14
Countermeasures - computer-based
controls
 Authorization
 The granting of a right or privilege that enables a
subject to have legitimate access to a database system
or a database system’s object.
 Authentication
 A mechanism that determines whether a user is, who
he or she claims to be. failure.
 Privilege
 A right granted by one user to allow another user or
group of users access to a database system or an object
in the database system.
©Pearson Education 2009
15
Countermeasures - computer-based
controls
 Views
 A view is a virtual table that does not necessarily exist
in the database but can be produced upon request by
a particular user, at the time of request.
 Backup and recovery
 Process of periodically taking a copy of the database
and log file (and possibly programs) onto offline
storage media.
©Pearson Education 2009
16
Countermeasures - computer-based
controls
 Journaling
 Process of keeping and maintaining a log file (or
journal) of all changes made to database to enable
recovery to be undertaken effectively in the event of
failure.
 Backup window
 The time period during which the database can be
backed up.
©Pearson Education 2009
17
Countermeasures - computer-based
controls
 Integrity
 Prevents data from becoming invalid, and hence
giving misleading or incorrect results.
 Encryption
 Encoding the data by a special algorithm that renders
the data unreadable by any program without the
decryption key.
©Pearson Education 2009
18
Countermeasures - computer-based
controls
 RAID
 A set or array of physical disk drives that appear to the
database user (and programs) as if they form one large
physical storage.
 Hardware that the DBMS runs on must be faulttolerant, meaning that the DBMS should continue to
operate even if one of the hardware components fails.
©Pearson Education 2009
19
Network security architecture three
tier database system architecture
©Pearson Education 2009
20
Countermeasures - network security
 Network security is the protect of servers from
intruders.
 Firewall is a server or router with two or more
network interfaces and special software that filters
or selectively blocks messages traveling between
networks.
 De-Militarized Zone (DMZ) is a special, restricted
network that is established between two firewalls.
©Pearson Education 2009
21