5.2 Database Security Countermeasures P1 Flashcards
What are the different types of countermeasures?
Computer based - mainly concerned with physical controls to administrative procedures
Policies
How does authentication work?
Can be protected by a password:
System password
Database password
What are the alternatives to password security (network)?
Kerberos - client / server authentication (all communication can also be encrypted using symmetric key cryptology)
Public Key Infrastructure issues a Digital Certificate (this is a password encrypted file that holds the identity of a user or an object)
SSL
What is Authorisation?
User / application are only given access to database objects they need to fulfil their function (records, fields)
How do the roles work in authorisation?
Combine ‘groups of users’ into a role & grant privileges to role
What does creating views in authorisation involve?
Virtual relation that is produced upon request by particular user at time of request
How does privileges work?
Assigned based on authentication given
User roles & privileges data are all stored in system catalogue
What actions can be performed by users in order to carry out on a given base table or view?
SELECT INSERT UPDATE DELETE REFERENCES
What is a backup / how does it work?
Periodically taking a copy of the database & log file (may include programs) to offline storage media
Stored in different location (insurance requirement)
What does RAID stand for?
Redundant
Array
Independent
Disks
What is the characteristic of RAID?
Fault tolerant
DBMS should continue to operate even if one of the hardware components fails
What is involved in Logging?
Contains information about all updates to database (transaction & checkpoint records)
Also used for auditing
What needs to be considered when auditing?
Ensure accuracy of input data Ensure accuracy of data processing Prevent and detect errors during program execution Avoid unauthorised program alteration Grant and monitor access to data Ensure documentation is up-to-date
