Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 17a_security - University of Central Florida
Document related concepts
Transcript
IMS 4212: Database Security Data & Database Administration • • • • • Security Overview Physical Protection Network Protection Permissions Management Views as a Security Tool Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 1 IMS 4212: Database Security Database Security • Database security is the management of risks and tradeoffs – The risk of a loss • Destruction of data • Theft of data • Privacy issues (including legal liability) • Database corruption • Loss of availability – The cost of data security efforts Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 2 IMS 4212: Database Security Database Security (cont.) Name some database security measures and their costs What sorts of risks to they protect against? Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 3 IMS 4212: Database Security Security Action Categories • • • • Physical Protection Access Protection Protection in Transit Loss Prevention – Backup and Recovery plans covered next week Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 4 IMS 4212: Database Security Physical Protection • Don’t forget the step of physically protecting access to your equipment and data • Lock the door! • Be aware of portable copies of data, who has them, where they are – Recent news stories Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 5 IMS 4212: Database Security Network Protection • Use appropriate network access protections to guard against hacking into the network • Be aware of security threats – Weaknesses in the operating system – Database vulnerabilities – Application vulnerabilities • Expert consultation is desirable Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 6 IMS 4212: Database Security Authorization Rules or Permissions • Authorization rules are permissions to perform certain actions on the database – Allow a user to view, edit, or add records to a table – Permissions are granted to • Individuals • Groups – Permissions are granted on • Entire database • Distinct objects (tables, views, indexes, etc.) • Specific columns or rows Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 7 IMS 4212: Database Security Permissions • DBA is usually granted authority to do anything in the database • DBA may GRANT or REVOKE permissions to other users – May include permission to grant or revoke permission to others • Users may be assigned to a group and permissions granted to a group • Applications usually have security privileges established by the userid used in the connection string • Application must have appropriate permissions Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 8 IMS 4212: Database Security Views as a Security Tool • Views are query definitions stored in the DB • A security measure may be to grant the user permission on the view but not to the underlying tables • WHERE clauses in the view definition query can restrict rows • Field list in the SELECT clause can restrict columns • Views may be used like any other table in the DB • See discussion of other security measures – Encryption, authentication Dr. Lawrence West, Management Dept., University of Central Florida [email protected] 9
