DATABASE SECURITY
Submitted to the Faculty of American Public University
By
Loren Robert Hensley
In Partial Fulfillment of the
Requirements for the Course of INFO620 Enterprise Database Systems
November 2014
American Public University
Charles Town, WV Abstract
This paper explores the different aspects of security as it pertains to database systems. It will provide an overview of security concerns such as access control, user authentication, reliability and data integrity, as well as how IT professionals might mitigate the risk associated with each. By examining the methodology by which attacks on database systems occur, we are able to take a comprehensive approach to prevent or limit the extent of such attacks and the impact they may have on a DBMS environment. Finally, we will review industry best-practices of the implementation of security countermeasures.
Introduction Over the past ten to fifteen years, there has been tremendous growth in the utilization of database systems. One reason for this is because of the growth E-Commerce has experienced. Businesses must have a reliable method of storing a customer’s information safely and efficiently. We often hear of a data breach which results in customers’ credit card information being stolen. There are inherent risks associated with storing financial information in an online capacity, such as hackers and ill-intentioned employees. Given the diverse nature of the interconnectivity of these systems, there is a
SQL Injection – an input validation attack specific to database applications where SQL code is inserted into application queries to manipulate the database.
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
Security is very critical section in Distribution DBMS concerning credit card data and customer’s data.
The Aim Higher college has recently had some issues of sensitive information being stolen from students when registering for classes. I believe that the web application that the student information system is using is a problem named SQL injection. A SQL injection attack is an attack where the attacker can run malicious SQL queries against a web application’s database server and it can be a danger for the users who access the web page because the hacker will look for their personal information records, then delete it or modify the information gained. This type of attack is no joke we have to take action and create a plan to resolve this vulnerability on our database, so the students will register for their courses with our security on their side.
Failure to protect sensitive customer data can result in serious Business losses and other major negative impacts in business operations. Card Systems Solutions and its successor has been known for the world’s largest client data comprise ever since. This was due to failure to properly protect sensitive card information of millions of customers’ cards it processed during its operation. The company kept sensitive personal information for its clients of which it had no useful reason to store it. The said information was stored in the company’s network which proved insecure following a SQL injection attack that saw millions of card information compromised thus leading to a huge loss due to fraudulent purchases using the stolen information from the company’s system.
Firstly I will like to talk about the Microsoft SQL Server. According to Vincent (July 2010) Microsoft SQL Server is a relational database managing software developed by Microsoft. Since many years back (1989) the SQL Server has been experiencing a lot attacks. For example
Mason Financial LLC is a large company that is built on handling of personal data. As the company performs its operations on a network and over the Internet, it is exposed to a plethora of information security risks. Insurance and financial records are a prime target of hackers the world over. As the company stocks volumes and volumes of such personal information, it paves way for hackers and other fraudsters to commit insurance scams. Digital information makes it easier to monetize operations and it is always hard to track. There is the need for all stakeholders handling such sensitive personal information assets to be aware of security implications, monitor their personal credit cards and banking information besides consumers remaining
“The practice of keeping data protected from corruption and unauthorized access” is known as data security (SpamLaw, 2011). The focal point of data security is the protection of
What is a database? According to our book, it’s an organized collection of logically related data. The information collected in a database can be effortlessly administered and accessed. However, with each database there is a concern of security. According to our book, the goal of database security is to protect and prevent data from unintentional or deliberate threats to its integrity and accessibility. The database environment has grown more complex, with distributed databases located on client/server architectures and personal computers as well as mainframes. Access to data has become more open through the Internet and corporate intranets and from mobile computing devices. As a result, managing data security has become more difficult and time-consuming.
This paper looks at the type of data that is vulnerable, conducting risk assessments, and finding the proper balance between security and functionality.
Our data is never at rest. Even when organizations depend on their database for storage, there is always copies of data somewhere else to be found. To service our men and women in the Army Reserves, data has to be manipulated at the local computer and then sent back to be stored back on the database. The very moment that data is moved and stored on a local machine for it to be manipulated is also the moment that the data is most vulnerable. Despite the concerted efforts to ensure data confidentiality the overall security depends efforts put forth by the weakest link. The insider threat is one of the hardest risk to mitigate, mainly due to their initial need to legitimately data access.
Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below:
With advances in technology constantly happening, it can be hard to keep up with all of the latest trends. If organizations cannot keep up with the latest trends, it can lead to flaws in their security. Any flaws in security can have a detrimental effect on an organization’s database. Almost every organization has some sort of database, whether it is for maintaining customers, inventory, or vital information.
Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.
Data are raw facts of the block of information. To be reminded that all the data will not useful information. Useful information is fulfilled from processed data. Specially, data is to be explained in order to gain information.