Security is an important issue in database management because information stored in a database is very valuable and many time, very sensitive commodity. So the data in a database management system need to be protected from abuse and should be protected from unauthorized access and updates. It is popular belief that hackers cause most security breaches, but in reality 80% of data loss is to insiders.
We’ll be covering the following topics in this tutorial:
Importance of Security in Database Environment
Database security is the protection of the database against intentional and unintentional threats that may be computer-based or non-computer-based. Database security is the business of the entire organization as all people use the data held in the organization’s database and any loss or corruption to data would affect the day-to-day operation of the organization and the performance of the people. Therefore, database security encompasses hardware, software, infrastructure, people and data of the organization.
Now there is greater emphasis on database security than in the past as the amount of data stored in corporate database is increasing and people are depending more on the corporate data for decision-making, customer service management, supply chain management and so on. Any loss or unavailability to the corporate data will cripple today’s organization and will seriously affect its performance. Now the unavailability of the database for even a few minutes could result in serious losses to the organization.
Data Security Risks
We have seen that the database security is the concern of the entire organization. The organization should identify all the risk factors and weak elements from the database security Perspective and find solutions to counter and neutralize each such threat.
A threat is any situation, event or personnel that will adversely affect the database security and the smooth and efficient functioning of the organization. A threat may be caused by a situation or event involving a person, action or circumstance that is likely to bring harm to the organization. The harm may be tangible, such as loss of data, damage to hardware, loss of software or intangible such as loss of customer goodwill or credibility and so on.
Privacy of communications is essential to ensure that data cannot be modified or viewed in transit. The chances of data tampering are high in case of distributed environments as data moves between sites. In a data modification attack, an unauthorized party on the network intercepts data in transit and changes that data before re-transmitting it. An example of this is changing the amount of a banking transaction from Rs. 1000 to Rs. 10000.
Data must be stored and transmitted securely, so that information such as credit card numbers cannot be stolen. Over the Internet and Wide Area Network (WAN) environments, both public carriers and private network owners often route portions of their network through insecure landlines, extremely vulnerable microwave and satellite links, or a number of servers. This situation leaves valuable data opens to view by any interested party. In Local Area Network (LAN) environments within a building or campus, insiders with access to the physical wiring can potentially view data not intended for them.
Falsifying User Identities
In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information. Criminals attempt to steal users’ credit card numbers, and then make purchases against the accounts. Or they steal other personal data, such as bank account numbers and driver’s license numbers, and setup bogus credit accounts in someone else’s name.
In large systems, users must remember multiple passwords for the different applications and services that they use. Users typically respond to the problem of managing multiple passwords in several ways:
• They may select easy-to-guess password
• They may also choose to standardize passwords so that they are the same on all machines or websites.
All these strategies compromise password secrecy and service availability. Moreover, administration of multiple user accounts and passwords is complex, time-consuming, and expensive.
Unauthorized Access to Tables and Columns
The database may contain confidential tables, or confidential columns in a table, which should not be available indiscriminately to all users authorized to access the database. It should be possible to protect data on a column level.
Unauthorized Access to Data Rows
Certain data rows may contain confidential information that should not be available indiscriminately to users authorized to access the table. For example, in a shared environment’ businesses should have access only to their own data; customers should be able to see only their own orders.
Lack of Accountability
If the system administrator is unable to track users’ activities, then users cannot be held responsible for their actions. There must be some reliable ways to monitor who is performing what operations on the data.
Complex User Management Requirements
System must often support large number of users and therefore they must be scalable.
In such large-scale environments, the burden of managing user accounts and passwords makes your system vulnerable to error and attack.
To protect the database, we must take security measures at several levels:
• Physical: The sites containing the computer systems must be secured against armed or surreptitious entry by intruders.
• Human: Users must be authorized carefully to reduce the chance of any such user giving access to an intruder in exchange for a bribe or other favors .
• Network: Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in networks private to an enterprise.
• Database System: Some database-system users may be authorized to access only a limited portion of the database. Other users may be allowed to issue queries, but may be forbidden to modify the data. It is responsibility of the database system to ensure that these authorization restrictions are not violated.
Security at all these levels must be maintained if database security is to be ensured. A weakness at a low level of security (physical or human) allows circumvention of strict high level (database) security measures.
Data Security Requirements
We should use technology to ensure a secure computing environment for the organization. Although it is not possible to find a technological solution for all problems, most of the security issues could be resolved using appropriate technology. The bas~c security standards which technology can ensure are confidentiality, integrity and availability.
A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data they are supposed to see. Confidentiality has several aspects like privacy of communications, secure storage of sensitive data, authenticated users and authorization of users.
Privacy of Communications
The DBMS should be capable of controlling the spread of confidential personal information such as health, employment, and credit records. It should also keep the corporate data such as trade secrets, proprietary information about products and processes, competitive analyses, as well as marketing and sales plans secure and away from the unauthorized people.
Secure Storage of Sensitive Data
Once confidential data has been entered, its integrity and privacy must be protected on the databases and servers wherein it Resides.
One of the most basic concepts in database security is authentication, which is quite simply the process by which it system verifies a user’s identity, A user can respond to a request to authenticate by providing a proof of identity, or an authentication token
You’re probably already familiar with concept. If you have ever been asked to show a photo ID (for example, when opening a bank account), you have been presented with a request for authentication. You proved your identity by showing your driver’s license (or other photo ID). In this case, your driver’s license served as your authentication token.
Despite what you see in the movies, most software programs cannot use futuristic systems such as face recognition for authentication. Instead most authentication requests ask you to provide a user ID and a password. Your user ID represents your claim to being a person authorized to access the environment, and the password is protected and you are the only person who knows it.
An authenticated user goes through the second layer of security, authorization. Authorization is the process through which system obtains information about the authenticated user, including which database operations that user may perform and which data objects that user may access.
Your driver’s license is a perfect example of an authorization document. Though it can be used for authentication purposes, it also authorizes you to drive a certain class of car. Furthermore, the type of authorization you have gives you more or fewer privileges as far as driving a vehicle goes.
A user may have several forms of authorization on parts of the database. There are the following authorization rights.
• Read authorization allows reading, but not modification, of data.
• Insert authorization allows insertion of new data, but not modification of existing data.
• Update authorization allows modification, but not deletion of data.
• Delete authorization allows deletion of data.
A user may be assigned all, none, ‘or a combination of these types of authorization. In addition to these forms of authorization for access to data, a user may be granted authorization to modify the database schema:
• Index authorization allows the creation and deletion of indexes.
• Resource authorization allows the creation of new relations.
• Alteration authorization allows the addition or deletion of attributes in a relation.
• Drop authorization allows the deletion of relations.
The drop and delete authorization differ in that delete authorization allows deletion of tuples only. If a user deletes all tuples of a relation, the relation still exists, but it is empty. If a relation is dropped it no longer exists. The ability to create new relations is regulated through resource authorization. A user with resource authorization who creates a relation is given a privilege on that relation automatically. Index authorization is given to user to get the fast access of data on the bases of some key field.
A secure system en sums that the data it contains is valid. Data integrate means that data is protected from deletion and corruption, both while it resides within the data-case, and while it is being transmitted over the network. The detailed discussion on Integrity is un next section.
A secure system makes data available to authorized users, without delay. Denial of service attacks are attempts to block authorized users’ ability to access and use the system when needed.