17a_security - University of Central Florida

Download Report

Transcript 17a_security - University of Central Florida

IMS 4212: Database Security
Data & Database Administration
•
•
•
•
•
Security Overview
Physical Protection
Network Protection
Permissions Management
Views as a Security Tool
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
1
IMS 4212: Database Security
Database Security
• Database security is the management of risks and
tradeoffs
– The risk of a loss
• Destruction of data
• Theft of data
• Privacy issues (including legal liability)
• Database corruption
• Loss of availability
– The cost of data security efforts
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
2
IMS 4212: Database Security
Database Security (cont.)
Name some database security
measures and their costs
What sorts of risks to they
protect against?
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
3
IMS 4212: Database Security
Security Action Categories
•
•
•
•
Physical Protection
Access Protection
Protection in Transit
Loss Prevention
– Backup and Recovery plans covered next week
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
4
IMS 4212: Database Security
Physical Protection
• Don’t forget the step of physically protecting access to
your equipment and data
• Lock the door!
• Be aware of portable copies of data, who has them,
where they are
– Recent news stories
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
5
IMS 4212: Database Security
Network Protection
• Use appropriate network access protections to guard
against hacking into the network
• Be aware of security threats
– Weaknesses in the operating system
– Database vulnerabilities
– Application vulnerabilities
• Expert consultation is desirable
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
6
IMS 4212: Database Security
Authorization Rules or Permissions
• Authorization rules are permissions to perform certain
actions on the database
– Allow a user to view, edit, or add records to a table
– Permissions are granted to
• Individuals
• Groups
– Permissions are granted on
• Entire database
• Distinct objects (tables, views, indexes, etc.)
• Specific columns or rows
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
7
IMS 4212: Database Security
Permissions
• DBA is usually granted authority to do anything in the
database
• DBA may GRANT or REVOKE permissions to other
users
– May include permission to grant or revoke permission
to others
• Users may be assigned to a group and permissions
granted to a group
• Applications usually have security privileges
established by the userid used in the connection string
• Application must have appropriate permissions
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
8
IMS 4212: Database Security
Views as a Security Tool
• Views are query definitions stored in the DB
• A security measure may be to grant the user permission
on the view but not to the underlying tables
• WHERE clauses in the view definition query can
restrict rows
• Field list in the SELECT clause can restrict columns
• Views may be used like any other table in the DB
• See discussion of other security measures
– Encryption, authentication
Dr. Lawrence West, Management Dept., University of Central Florida
[email protected]
9