5a - database securi
TRANSCRIPT
Security Architecture (1 of 2)
2
Security Concerns
Internet
Viruses
Denial of ServiceInformation Theft
Unauthorized Access
Industrial Espionage
HacktivismPublic Confidence
PrivacyPornography
3
Security Expectations
Users can perform only authorized tasks
Users can obtain only authorized information
Users cannot cause damage to the data, applications, or operating environment of a system
4
Motivations for Security
5
Network Security Weaknesses
Technology weaknesses Configuration weaknesses Security policy weaknesses
6
Technology Weaknesses
All computer and network technologies have inherent security weaknesses or vulnerabilities.
Don’t overlook: Hardware issues OS issues Network protocol issues (even TCP/IP) Application vulnerabilities
7
Configuration Weaknesses
Insecure default settings If you left the defaults, you are dead.
Misconfigured network equipment A little knowledge is a dangerous thing
Insecure user accounts/passwords End-users can’t be trusted to use
strong passwords Misconfigured Internet services
HTTP, Java, CGI, unneeded services.
8
Security Policy Weaknesses
Lack of a written security policy Internal politics Lack of business continuity
Turnover in staff/management can be devastating Logical access controls to network equipment
are not applied Security administration is lax, including
monitoring and auditing Lack of awareness of having been attacked Software and hardware installation and
changes do not follow the policy Security incident and disaster recovery
procedures are not in place
9
Categories of Network Threats
Unstructured
Structured Internal External
10
Threats and Consequences
11
Database Security
Degree to which data is fully protected from tampering or unauthorized acts
Comprises Information system Information security concepts
12
Information Systems
Comprised of components working together to produce and generate accurate information
Wise decisions require: Accurate and timely information Information integrity
Categorized based on usage
13
Information Systems Components
14
Database Management
Essential to success of information system
DBMS functions: Organize data Store and retrieve data efficiently Manipulate data (update and delete) Enforce referential integrity and consistency Enforce and implement data security
policies and procedures Back up, recover, and restore data
Client Server Database systems
15
16
Database Management
Data Hardware Software Networks Procedures Database
servers
17
Information Security Architecture
Protects data and information produced from the data
Model for protecting logical and physical assets
Is the overall design of a company’s implementation of C.I.A. triangle
18
Information Security Architecture
19
Confidentiality
Addresses two aspects of security: Prevention of unauthorized access Information disclosure based on
classification Classify information into levels:
Each level has its own security measures
Usually based on degree of confidentiality necessary to protect information
20
Eavesdropping – Packet Sniffing
21
Confidentiality Classification
22
Integrity
Consistent and valid data, processed correctly, yields accurate information
Information has integrity if: It is accurate It has not been tampered with
Read consistency Each user sees only his changes and
those committed by other users
23
Degradation of Data Integrity
24
Degradation of Data Integrity
25
Availability
Systems must be always available to authorized users
Systems determines what a user can do with the information
Reasons for a system to become unavailable: External attacks and lack of system protection System failure with no disaster recovery strategy Overly stringent and obscure security policies Bad implementation of authentication processes
Fin…