SECURITY Flashcards
What is database security
Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical.
Discuss the role of the following modules in a database management System.
i. ) System Catalog (1 Marks)
ii. ) Pre-compiler (1 Mark)
iii. )Backup and recovery (1 Marks)
i) A system catalog also known as a data dictionary, is a collection of information about the contents of a database, it has tables that contain info of everything the database knows about itself. The function of a system catalog is to provide detailed information about everything contained in the database, it communicates the structure and content of the database, and provides meaningful description for individually named objects.
ii) Software that turns SQL commands written within a source program into the appropriate function calls for the database management system (DBMS) being used.
iii) Backup and recovery in general refers to the various strategies and operations involved in protecting your database against data loss and reconstructing the data should that loss occur.
Relate confidentiality and database security
Confidentiality refers to the ability of a security program to keep data private or secret and preventing its access from unauthorized access. A first step in ensuring one’s database is truly confidential is examining the type of information and the duration for which it is stored. The best practice is to store only information necessary for the provision of services and for the shortest time possible. Remove anything else regularly and completely. Records that have become outdated should be deleted. It is also imperative that a database implements access control. This involves authentication (verifying the identity of the user) and authorization (ensuring the user is allowed to access particular information). This ensures no unauthorized persons access the database.
Relate integrity and database security
Integrity in terms of data security is about ensuring data is reliable, correct and has not been tampered with. There are two types of data integrity: physical (correctly storing and fetching data) and logical (correctness and rationality of the data) To achieve data integrity, databases have strict data integrity rules and constant checks for errors. Data integrity also involves defining the relationships between the data. There are different integrity constraints in relational databases. Entity Integrity stipulates that in a base relation no attribute of the primary key can be null. Referential integrity states that if a foreign key exists in a relation, the FK value must match a candidate key value of some tuple in its home relation. Domain integrity specifies that all columns in a relational database must be declared upon a defined domain. User-defined integrity refers to a set of rules specified by a user, which do not belong to the entity, domain and referential integrity categories. All these, in conjunction with measures to ensure physical integrity such as redundant hardware, come together to ensure data integrity in a database.
Relate Availability to database security
Availability means guaranteeing that authorized users have timely and reliable access to their data whenever they need it even in the event of a system breakdown. It has to do with the accessibility and continuity of the data. Availability can be influenced by several factors: hardware or software failure, natural disasters, human error or even malicious attacks such as the denial-of-service attack. In light of this, it is important to ensure there is redundancy (in servers etc.), hardware fault tolerance, regular software patching, backups, disaster recovery plans among others.
List 5 threats to databases and their possible countermeasures
- Backups can be attacked if an organization fails to protect it with the same strict controls used on the database itself. This is worsened by the large volumes of data stored and the shortage of skilled individuals to implement this. In order to prevent this both the database and the backup should be encrypted and audited.
- Sensitive information that is unmanaged and unattended is easy to hack. An up-to-date inventory should be kept of all sensitive data in a database. All sensitive data should be encrypted and adequate access controls should be implemented. Regular searches for sensitive data should be done so as to better protect it.
Describe insider threats and the possible countermeasures
Insider threats from employees who have excessive privileges account for about 80% of attacks on company databases. The threat may come from a malicious or negligent insider or an outsider who falsifies the credentials of an insider. This provides unauthorized access to the database and opens up the database to other attacks. Due to this it is important to uphold a strict access and privileges control policy. The practical minimum number of users should have access to the database, and their permissions should be restricted to the minimum levels necessary for them to do their jobs.
Describe the SQL injection and its possible counter measures
An SQL injection is a type of attack that allows an attacker to interfere with queries an application makes to a database. A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. As a result, the attacker has unlimited access to the database. Some countermeasures to prevent this is to used stored procedure instead of direct queries and to implement MVC architecture.
Describe the DenialOfService attack and its possible countermeasure
The Denial-Of-Service attack is an attack that uses a huge number of fake requests to slow down or even crash the database server. In a distributed denial of service attack (DDoS), the deluge comes from multiple servers, making it more difficult to stop the attack. To intercept this attack, it is important to have high levels of security. This includes: firewalls and intrusion detection systems to scan the traffic, anti-virus and anti-malware software, endpoint security that ascertains those endpoints do not become entry points for attacks. Dynamic backlog mechanisms should also be employed to ensure the connection queue is never exhausted.
Describe the threat of malware and possible counter measures
Malware is software that is designed to disrupt, damage or gain unauthorized access to a database. Malware could be introduced into the database by any endpoint device. It is, therefore, important to protect endpoint devices by setting up malware protection software
What is the importance of auditing in databases
Poor auditing practices or lack thereof open up the database to violations of national and international sensitive data protection regulations. Automatic auditing solutions should be used to audit all database events that have been recorded and registered. All operations on sensitive data are also logged. Standard audits should be periodically performed.
Describe buffer overflows as a security threat
Buffer overflow occurs when a program tries to write too much data into a buffer, overrunning the buffer’s boundary and overwriting adjacent memory locations. An attacker may use the excess data as a foundation to launch attacks. Buffer overflow can be prevented by the use of Address space randomization (ASLR), Data execution prevention and Structured exception handler overwrite protection (SEHOP)
What is the importance of database security
- Confidential information, such as bank information, contact details and medical history, is stored in databases. Exposure of this kind of information poses to the client the threat of fraud such as identity theft and phishing scams or even direct financial damage. In some cases, the leaked information may prove to be sensitive enough to ruin the reputation of the client.
- Needless to say, this can prove destructive to the company’s name. Future clients will be apprehensive when sharing their sensitive information. The company may lose tenders and contracts. Damage to the company’s brand will lead to a loss of profits and even in some instances closure of the business.
- There are also several costs related to data loss. The company must pay penalties because of the breach and compensation for claims. There are also the costs of repairing the breaches, informing the clients etc.
- Theft or exposure of an organization’s intellectual property such as inventions and proprietary practices can lead to the organization losing its competitive advantage in the market. This may also lead to the shutdown of the business
What is database security?
Database security refers to the collective measures and mechanisms that secure a database or database management software from illegitimate use (whether intentional or accidental) and malicious cyber threats and attacks. Database security involves the protection of the hardware and software parts, human resources and data. This is usually planned and maintained by a database administrator and or other information security professionals.
Describe what a threat is.
Threat - Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization.
A threat may be caused by a situation or event involving a person, action, or circumstance that is likely to bring harm to an organization.