Security Issues with Databases
by
Jing Ji
David Maccarone
Sheng Mao
Security Issues with Databases
1. Current state of database security
A database is a system that is specialized to manage data in a computer application system. Data has many forms, such as text, digital, symbols, graphics, images and sound. The database systems are integral components of current and future command, communication, control and intelligence information systems. (Lunt, 1992, p. 253) Databases are used widely in our life. Because of databases, vast amounts of data have become easier to use and manage. Government, finance, operators, public security, energy, taxation, business, social security, transportation, health, education,
…show more content…
Depending on the set up, these administrators may have access to the entire database, even if they do not have separate database accounts. As Natan (2005, p.109) points out, Windows System Administrators who are defined at the Domain Controller level may even have permissions on the database server. As such, an end-to-end view of who has what permissions needs to be undertaken. While one may not be able to completely eliminate this vulnerability (since what good is a database that no one can see), businesses can limit their exposure by understanding what permissions each individual has, and restricting access to the minimum number of people. The second issue surrounding database security is in the way the database is configured and maintained. If the database is not properly configured when set up, preferably by a qualified Database Administrator (DBA) then, just as with an Operating System, many vulnerabilities may exist. This can be as simple as failing to change a default password, or forgetting to turn off an unneeded database service. Likewise, if the proper patches are not applied to the database as they are released, then vulnerabilities in the very database application can be exposed to hackers, both inside and outside the company. For this reason it is important to have trained and experienced DBAs on staff, a set of well-defined procedures
A database is a structural set of related data that is organized in such a way that the information can be easily managed, accessed, and updated. The purpose of a database is to replace paper documents, files, and filing cabinets. The data collected in databases is an efficient way to store, retrieve, and analyze the information.
This must be in your own words and not copied and pasted from the original source. Include the purpose of the database and the subject matter it covers. This may be four or five sentences; and
When an employee is granted database privileges that surpass the requirements of their position, these excessive privileges could be abused. In example, a bank employee whose job requires the ability to change only basic account holder contact info could take advantage of excessive database privileges and add funds to their account balances or of a colleague’s savings account. Further, when someone changes position within a business or leaves it, usually his or her access rights to sensitive data do not change. In the latter case, if these employees depart on bad terms, they can use their old access privileges to commandeer high value data or inflict damage in a revenge attack. This tends to happen because privilege control mechanisms for job roles were not well defined or maintained. Therefore, employees may be granted generic or default access privileges that surpass their actual job requirements, or even when they just accumulate such privileges over time changing positions within the business.
The world has become a very complex place. From the earliest days of computers, storing and manipulating the data have been a major application focus. There has been enormous growth in the computer and database applications over the past two decades. Database is a group of data which consists of tables, schema, reports and views. Database may be of any size and complexity. For example, a salesperson may maintain a small database of customer contacts which consists of few megabytes in his or her computer. A large
Databases are everywhere now and impact our lives in a multitude of ways. It can accurately be said that “your life is in a database” or, more accurately, in multiple databases, and information about you (a retrieval of facts about
At this time the measures available to ensure information security include organizational controls such as limiting access to data, firewalls, antivirus systems, encryption, and application controls. When the security of the business fails and the private information of individuals is compromised the company faces many legal actions that can
The data collected and distributed in every organization is a very important resource; therefore, all personnel in the organization must be aware of the security threats present and the measure to take to prevent data breach or leak. Data leak can occur unintentionally or intentionally. For example, if the employee is being careless with sensitive data and leaving it in the open for others to access it this would be an unintentional data leak. An intentional leak would be when a disgruntled employee gives sensitive information to other competitors. The responsibility for database protection goes to the database administration. It’s their task to develop the procedures and policies to avert data breach. The database
It is every company mandatory requirement to make sure sensitive data is protected from public access at all times. In large organization sensitive information such as employee salary and performance should be kept confidential from most of the DBA users. For this DBMS uses database security and authorization subsystems that is responsible for security to the portions of database or to restrict the access to the sensitive information.
Our data is never at rest. Even when organizations depend on their database for storage, there is always copies of data somewhere else to be found. To service our men and women in the Army Reserves, data has to be manipulated at the local computer and then sent back to be stored back on the database. The very moment that data is moved and stored on a local machine for it to be manipulated is also the moment that the data is most vulnerable. Despite the concerted efforts to ensure data confidentiality the overall security depends efforts put forth by the weakest link. The insider threat is one of the hardest risk to mitigate, mainly due to their initial need to legitimately data access.
Databases are normally used by businesses and schools to store their data. These databases are kept secure, and users can only access the information stored on the database they have been granted access to. Now data is added to, accessed, or remove from a database using languages such as SQL (Structured Query Language), MYSQL (My Sequel), etc.
With the quick advancement of Internet, system database security has turned into the center of system security. The exploration of database security innovation against SQL assaults has turned out to be exceptionally earnest. In this paper, we investigate standards of SQL assaults, contemplate a database insurance framework which is utilized between the Web application and the database. The framework gives distinctive defensive measures to customary clients and directors to adequately ensure the security of the database. the part of a Web application and database in the database between the security framework for customary clients and directors
Databases allow us to easily store and retrieve data in a purely digital format. The strength of this is that large amounts of data can be stored and retrieved with minimal effort on the part of the user. Opposed to manually flipping through files, one can quickly pull up the requested data through a computer program. Many systems that were conventionally paper and file based have been converted to a digital format which are now stored in one or more databases.
Database security is vital for any and every organization which uses databases. Without proper security, the databases can be breached and the breaches can lead to confidential information being released. This has happened to many organizations whether they are large or small; for example, in the past few years Target and Sony both fell victim to database breaches. To make matters worse both Target and Sony were actually warned about the flaws in their security, but neither took any action to resolve the flaws. Looking into these breaches and how they were handled could lead to designing better databases. Organizations should also look within themselves to assure all employees know good security practices. Simply following regular procedures such as installing antivirus software and firewalls can help create more secure databases. An organization should look at all of their databases to ensure the same top level security is established for all of their databases.
The term database system is used in encapsulating the constructs of a database Management system (DBMS), data model as well as database. And a database is described as an organized pool of logically-related data. There are issues related to database system such as security, legal, ethical and privacy issues.
This paper explores the different aspects of security as it pertains to database systems. It will provide an overview of security concerns such as access control, user authentication, reliability and data integrity, as well as how IT professionals might mitigate the risk associated with each. By examining the methodology by which attacks on database systems occur, we are able to take a comprehensive approach to prevent or limit the extent of such attacks and the impact they may have on a DBMS environment. Finally, we will review industry best-practices of the implementation of security countermeasures.