DATA SECURITY

Download Report

Transcript DATA SECURITY

DATA SECURITY
• Security considerations apply not only to
the data held in the database
• Breaches of security may affect other
parts of the system which may in turn
affect the database
• Consequently database security
encompasses; hardware, software,
people, and data
Why data security?
• Increasing amounts of crucial cooperate
data is being stored on a computer
• And acceptance that any loss or
unavailability of this data could prove to be
disastrous
Database security is considered in relation
to the following situation
• Theft and fraud
• Loss of confidentiality
• Loss of privacy
• Loss of integrity
• Loss of availability
• Such situations as above the organization
should seek ways or controls which to reduce
the risk i.e. the possibility of incurring loss or
damage
• The situations are closely related in that and
action that lead to a loss in one area may lead to
a loss in another
• Events such as fraud or loss of privacy may
arise because of either intentional or
unintentional act and do not necessarily arise to
any detectable changes in the database or the
computer system
Theft and Fraud
• Affect not only the database environment
but the entire organization
• Also theft and fraud do not alter data such
as loss of privacy and confidentiality
Confidentiality
• Refers to the need to maintain secrecy
over data usually any that is critical to the
organization
• Breaches of security resulting to loss of
confidentiality leads to loss of
competitiveness of the organisation
Privacy
• Refers to the need to protect data about
individuals
• Loss of privacy leads to legal action being
taken against organisation
Loss of integrity
• Leads to corrupted or invalid data which
seriously affect the organisation
Loss of availability
• Means that the data or the system cannot
be accessed which may lead to loss of
financial performance
• In some cases events that lead to loss of
availability may lead to loss of data or data
corruption
Data Security
• DS aims to minimize losses caused by
anticipated events in a cost effective
manner without constraining the users
Threats
•
Any situation or event that may adversely affect the system intentionally or
accidentally and consequently the organization
•
a threat may be caused by a situation or event involving a person that is
likely to bring harm to the organization
•
Harm may be tangible such as loss of hardware, software or data or
intangible such as loss of credibility or client confidence
•
•
As a minimum an organization should identify all the possible threats
Threats may be caused by unintentional or intentional actions
•
Intentional actions are caused by people that may be perpetrated by both
authorized and unauthorized users, some of whom may be external to the
organization
•
Ant threats must be viewed as potential breach of security which if
successful have a certain impact
•
A breach of security or one threat may lead to more than one situation or
loss. For example disclosure of unauthorized data or viewing may lead to
theft and fraud, loss of privacy and confidentiality for the organization
THREATS CONT…
•
The extend to which an organization suffers because of threat succeeding depend on a number of factors
such as existence of the counter measures or contingence plans in place
•
If a hardware failure occurs corrupting secondary storage the recovery will depend on a number of factors
which include when the last backups where done and the time needed to restore the system
•
•
And organization needs to identify the type of threat it is subjected to and initiate appropriate plans and
counter measures bearing in mind the cost of implementing them
The organization should concentrate on potential threats that results in great inconvenience
•
Rare threats should be considered if their impact is significant
•
How to protect a computer system using computer based controls
•
•
Authorization
Defin:The granting of right or privileges tha enables a subject to have the legitimate access to the system
or a system’s object.
•
Authorization controls can be built into the software and govern not only what the system or object a
specified user may do with it.
•
Authorization controls are sometimes called access controls.
•
The process of authorization involves authentication of subjects requesting access to objects where
objects represents a database table,view,triggeror any other object that can be created within the system
•
.
•
•
•
•
•
•
•
•
•
•
AUTHENTICATION
Defn: a mechanism that determines whether the user is he/she claims
to be.
A system administrator is responsible for allowing users to have access to a
computer system by creating individual accounts. Each user is given the
unique identifier which is used by the operating system to determine who
they are. Associated with each identifier is a password chosen by the user
and known to the operating system
A separate procedure have to be taken for users to get access to the
DBMSs or application program.
However other DBMSs maintain a list of those entries valid user identifiers
and associated password which can be distinct from o/s is lost.
The list are validated against those of o/s on the current user ‘s login
identifier. This prevents the user from logging to the database with one
name.
Privileges
Once the user is given the permission to use DBMS, various other
privileges may also be automatically associated with it.
Example privileges may include the right to access and create certain
database objects such as relations, views, indexes or to run various DBMS
utilities.
They are granted to users to accomplish the tasks required for their
particular jobs. Some DBMSs operate as closed systems so that while
users may be authorized to access DBMS,they require authorization to
access specific fields. An open system allows users to have access to all
VIEWS
•
•
•
•
•
•
•
•
•
Defin:It is a virtual relation that does not actually exist in the database,
but is produced upon request by a particular user at a time of request.
The view mechanism provides a powerful and flexible security mechanism
by hiding parts of the database from certain users. The users is not aware
of the existence of any attributes or rows missing from the view.
A view can be defined over several relations with the user being granted
the appropriate privilege to use the base relations.
BACK UP AND RECOVERY
Defn: back up is the process of periodically taking a copy of the
database and log file onto offline storage media.
A DBMS should provide back up facilities to assist with the recovery of
database following a failure.
It is always advisable to make back –up copies of the database and log files
at regular intervals and to ensure that copies are in separate locations.
JOURNALING
Defin:The process of keeping and maintaining a log file{journal}of all
changes made in the database to enable recovery to be undertaken in
the event of failure.
Journaling conti
•
•
•
•
•
•
•
•
•
•
•
•
•
Advantages
In the event of failure of the database can be recovered to the last known consistent
state using back up copy of the database and the information contained in the log
file.
Integrity
Integrity constraints also contributes to maintaning a secure database system by
preventing data from being invalid and hence giving misleading or incorrect results.
Encryption
Defn: The encoding of data by a special algorithm that reads the data as
unreadable by any program without a decryption key.
It protects the data transmitted over communication lines.
Number of techniques are used to encode data to conceal information
1.To transmit data securely over insecure networks requires the us of ptosystem
which includes:
A.an encryption key to encrypt the data into plain text.
B. an encryption algorithm that with the encryption key transforms the plain
text into cipher text.
C.a decryption key to decrypts the cipher text
D.a decryption algorithm that transforms cipher back to plain text.
SECURITY IN ORACLE
• Privileges:
• Defn:it is the right to execute a particular type of SQLstatement or access to
•
another user ‘s objects.
Oracle privileges include
A. connect to the database.
B. create a table
rowsfrom another user /s table.
Two types of privileges:
System
Right to perform a practical action or to perform an action on any schema objects of
particular type e.g. privilege to create tables paces and to create users in the
database.
System privileges are granted to or revoked from users
•
SQL GRANT and REVOKE statement.
•
•
•
•
•
•
•
Privileges
•
•
•
•
•
•
•
•
•
•
•
Object privileges
It is a privilege or right to perform a particular action on a specific table,
view, procedure, function or package. Different object privileges are
available to different types of object
example.
Privilege to delete rows from staff table.
SQL statement.
SQL>DELETE FROM staff WHERE staff no= ‘5914’;
A user automatically has all object privileges for schema objects contained
in his /her schema. a user can grant an object privilege on any schema
object he/she owns to any user or roles
Roles.
Privileges can be granted to users explicitly.
Example: grant the privilege to insert rows into the property for rent table
for the user Beech.
GRANT INSERT ON PROPERTYFOR RENT TO Beech;
privileges
•
•
•
•
Users can grant the privilege to select ,insert and update rows
frompro
pertY for rent table to the named Assistant then in turn can be granted
to Beech.
GRANT INSERT ON ‘MANAGER’ PROPERTFOR RENT TO ‘ASSISTANT
GRANT SELECT ON ‘MANAGER’ PROPERTFOR RENT TO ‘ASSISTANT
DBMS AND WEB SECURITY
•
•
•
•
•
•
•
•
PROXY SERVERS
It is a computer thatsitt between the web browser and web server.
It intercepts all request to the web server to determine if it can fulfill the
requests itself if not forwarded to the web server.
they have two main purposes:
*improve perfomance
Since a proxy server saves the results of all requests for certain amount of
time,it can significantly improve the perfomance for group of users.
Example:
Assume that user A and user B access the web thru a proxy server.First the
user A request the web page and slightly user B requests the same
page.instead of forwarding the requests to the web server where the page
resides,the proxy server simply returns the cache page that had already
fetched for user A.
Filter requests
•
Proxy servers can also
•
Example.
•
An organization might use the proxy server to prevent its employees from accessing a specific
websites
•
•
Firewalls
Defn: it is a system designed to prevent unauthorized access to or from a private network. They
are frequently used to prevent unauthorized internet users from accessing private networks
connected to the internet especially intranet.
Types:
1.packet filter.
Looks at each packet entering or leaving the n/w and accepts or rejects it based on user defined
rules. It is susceptible to IP spoofing
IP spoofing-is a technique used to gain unauthorized access to computers whereby the intruder
sends message to the computer with an IP address indicating that the message is coming from a
trusted port.
Application gateway
Which applies to a specific application such as telnet servers and FTP.
This is a a very effective mechanism, but degrade performance.
Circuit-level gateway
Which applies security mechanism to UDP connection is established once the has been made
packets can flow between hosts without further checking.
•
•
•
•
•
•
•
•
•
be used to filter requests.
Security mechanism continued
•
•
•
•
•
•
•
•
proxy server
which intercepts all messages entering or leaving the n/w . The proxy server in effect
hides the true n/w addresses.
Message Digest algorithms and digital signatures
A message digest algorithm or one way harsh function takes an arbitrary- sized
string.
Digital certificates
a digital certificates is an attachment to an electronic message used for security
purposes. And most commonly used to verify that user sending a message is
he/she claims to be ,and to provide the receiver with the means to the encode a
reply.
An individual wishing to send an encrypted message applies for a digital certificate
from Certificate Authority. The CA issues on encrypted digital certificate containing
the applicant’s public key and a variety of identification information.
the recipient of an encrypted message uses the CA’s public key to decode the
digital certificate attached to the message., verifies it as issued by CA. and then
obtains the sender’s public key and identification information held within the
certificate. The most common used standard for digital cetificates is X.509.
kerberos
•
•
•
•
•
•
•
•
•
It is a server of of secured usernames and passwords named after three- headed
monster in Greek mythology that guarded the gate of hell.
Importance.
It provides one centralized security server for data and resources on the
n/w.database access ,login ,authorization control and security features are
centralised finished Kerberos servers.
Secure sockets ,layer and secure HTTP
Many large internet product developers agreed to use an encryption protocol known
as secure socket layer (SSL) developed by Netscape for transmitting private
document over internet. It works by using a private key to encrypt data that is
transferred over SSL connection and
use this protocol to obtain confidential use of information such as credit card.
Another protocol for transmitting data is over the web is secure HTTP(SHTTP).
It is the modified version of the standard HTTP protocol was developed by
Enterprise integrated technologies.
Wheres the SSL creates a secure connection between a client and server over
which any amount of data securely S Http is designed to transmit individual message
securely.
Ssl continued
•
•
•
•
•
•
•
•
•
Through the use of cryptographic techniques such as encryption and
digital signatures these protocols:
1. allow web browser and servers to authenticate each other.
2. permit web-site owners to control access to particular servers,
directory or servers.
3. allow sensitive information for example credit cards numbers to be
shared between browsers and server get remain inaccessible to third
parties.
4.ensure that data exchanged betwn browser and server is reliable
that is can not be corrupted either accidentally or deliberately without
detection.
Secure electronic transactions and secure transaction technology
SET protocol is an open interoperable standard for processing credit cards
Over the internet created jointly by Netscape ,Microsoft Visa, Master card.
SET ‘s goal is to allow credit card transactions to be as simple and secure
over the internet as they are in retail shops.
Java security
•
Safety and security are integral parts of Java with the sandbox ensuring that an untrusted
,possibly malicious application can not gain access to the system’s resources.
•
•
•
To implement three components are used.
(a) class loader
Class loader as well as loading each required class and checking if it is in the correct format,
additionally checks that the application /applet does not violate system security by allocating a
namespace.
A class loader never allows a class fro a less protected namespace to replace that of name
space.
•
•
•
(b) the bytecode verifier
JVM (java virtual machine) will, allow an applet to run its code must be verified. The verifier
assumes that all code is meant to crash or violate system security and perform a series of checks.
•
•
•
•
Typical checks include
1.Compiled code is correctly formatted
2.internal stacks will over through /under throw
3. no illegal data conversions will occur. E.g.
continued
•
•
The security Manager
Performs runtime verification of potentially dangerous that is methods that
I/o n/w access or wish to give a class loader.
•
•
•
Active X Security
it is different from Java Applets
Each Active X can be digitally signed by its author using a system called
Authenticode trade mark. The digital signatures are certified by CA. Before
the browser downloads an Active X control has not been certified by
unknown CA.
It represents a dialogue box warning the user that this action may not be
safe. The user can then about the transfer or continue and accept the
consequences.
•