Download Database Security (cont.)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts

Oracle Database wikipedia , lookup

IMDb wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Functional Database Model wikipedia , lookup

Concurrency control wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Relational model wikipedia , lookup

Database wikipedia , lookup

Database model wikipedia , lookup

Clusterpoint wikipedia , lookup

ContactPoint wikipedia , lookup

Transcript 
Matakuliah
Tahun
Versi
: T0206-Sistem Basisdata
: 2005
: 1.0/0.0
Minggu 7, Pertemuan 13
Security
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan
mahasiswa dapat dapat menjelaskan
berbagai aspek dalam database security
dan privasi (C2)
2
Outline Materi
• Scope of database security.
• Why database security is a serious
concern for an organization.
• Type of threats that can affect a
database system.
• How to protect a computer system
using computer-based controls.
• Security measures provided by
Microsoft Access and Oracle DBMSs.
• Approaches for securing a DBMS on
the Web.
3
Database Security
• Data is a valuable resource that must
be strictly controlled and managed,
as with any corporate resource.
• Part or all of the corporate data may
have strategic importance and
therefore needs to be kept secure
and confidential.
4
Database Security (cont.)
• Mechanisms that protect the database
against intentional or accidental threats.
• Security considerations do not only
apply to the data held in a database.
Breaches of security may affect
other parts of the system, which may
in turn affect the database.
5
Database Security (cont.)
• Involves measures to avoid:
– Theft and fraud
– Loss of confidentiality (secrecy)
– Loss of privacy
– Loss of integrity
– Loss of availability
6
Database Security (cont.)
• Threat
– Any situation or event, whether
intentional or unintentional, that will
adversely affect a system and
consequently an organization.
7
Summary of Threats to Computer
Systems
8
Typical Multi-User Computer Environment
9
Countermeasures – Computer-Based
Controls
• Concerned with physical controls to
administrative procedures and includes:
– Authorization
– Views
– Backup and recovery
– Integrity
– Encryption
– RAID technology
10
Countermeasures – Computer-Based
Controls
• Authorization
– The granting of a right or privilege,
which enables a subject to legitimately
have access to a system or a system’s
object.
• Authentication
– A mechanism that determines whether
a user is who he or she claims to be.
11
Countermeasures – Computer-Based
Controls (cont.)
• View
– Dynamic result of one or more
relational operations operating on the
base relations to produce another
relation.
– A virtual relation that does not actually
exist in the database, but is produced
upon request by a particular user, at the
time of request.
12
Countermeasures – Computer-Based
Controls (cont.)
• Backup
– Process of periodically taking a copy of
the database and log file (and possibly
programs) to offline storage media.
• Journaling
– Process of keeping and maintaining a log
file (or journal) of all changes made to
database to enable effective recovery in
event of failure.
13
Countermeasures – Computer-Based
Controls (cont.)
• Integrity
– Prevents data from becoming invalid,
and hence giving misleading or
incorrect results.
• Encryption
– The encoding of the data by a special
algorithm that renders the data
unreadable by any program without the
decryption key.
14
RAID (Redundant Array of
Independent Disks) Technology
• Hardware that the DBMS is running on
must be fault-tolerant, meaning that the
DBMS should continue to operate even
if one of the hardware components fails.
• Suggests having redundant
components that can be seamlessly
integrated into the working system
whenever there is one or more
component failures.
15
RAID Technology (cont.)
• Main hardware components that
should be fault-tolerant include disk
drives, disk controllers, CPU, power
supplies, cooling fans.
• Disk drives are most vulnerable
components with shortest times
between failure of any of the hardware
components.
16
RAID Technology (cont.)
• One solution is to provide a large disk
array comprising an arrangement of
several independent disks organized to
improve reliability and increase
performance.
17
RAID Technology (cont.)
• Performance is increased through data
striping: the data is segmented into
equal-size partitions (the striping unit),
which are transparently distributed
across multiple disks.
• Reliability is improved through storing
redundant information across the disks
using a parity scheme or an errorcorrecting scheme.
18
Security in Microsoft Access
DBMS
• Provides two methods for securing a
database:
– setting a password for opening a database
(system security);
– user-level security, which can be used to
limit the parts of the database that a user
can read or update (data security).
19
Securing the DreamHome
Database Using a Password
20
User and Group Accounts
Dialog Box for the DreamHome
Database
21
User and Group Permissions
Dialog Box
22
Creation of a New User with
Password Authentication Set
23
Log on Dialog Box
24
Setting the Permissions
25
DBMSs and Web Security
• Internet communication relies on
TCP/IP as the underlying protocol.
• However, TCP/IP and HTTP were not
designed with security in mind.
Without special software, all Internet
traffic travels ‘in the clear’ and
anyone who monitors traffic can read
it.
26
DBMSs and Web Security
(cont.)
• Must ensure while transmitting information
over the Internet that:
–
–
–
–
–
inaccessible to anyone but sender and receiver (privacy);
not changed during transmission (integrity);
receiver can be sure it came from sender (authenticity);
sender can be sure receiver is genuine (non-fabrication);
sender cannot deny he or she sent it (non-repudiation).
• Must also protect information once it
has reached Web server.
27
DBMSs
(cont.)
and
Web
Security
• Download
may
have
executable
content, which can perform following
malicious actions:
–
–
–
–
–
–
–
Corrupt data or execution state of programs.
Reformat complete disks.
Perform a total system shutdown.
Collect and download confidential data.
Usurp identity and impersonate user.
Lock up resources.
Cause non-fatal but unwelcome effects.
28
Related documents
Introduction to Databases - Department of Software and Information
Introduction to Databases - Department of Software and Information
Chapter 05 Overview - University of Massachusetts Boston
Chapter 05 Overview - University of Massachusetts Boston
chap16
chap16
Database Security
Database Security
COMP5111 Database Systems and Management
COMP5111 Database Systems and Management
LM9 PowerPoints Slides
LM9 PowerPoints Slides
College for Lifelong Learning
College for Lifelong Learning
Database
Database
Security
Security
Data management systems
Data management systems
Slide 1
Slide 1
Database systems
Database systems
Chapter 1 of Database Design, Application Development and
Chapter 1 of Database Design, Application Development and
Principles of Database Design
Principles of Database Design
of the data.
of the data.
DATABASE SECURITY
DATABASE SECURITY
Communication II
Communication II
An Alternative Scalable Storage System Bachelor’s Thesis (AMK) Information Technology
An Alternative Scalable Storage System Bachelor’s Thesis (AMK) Information Technology
Presentation (englis..
Presentation (englis..