[attachment=15084]
Introduction :-
A database management system consists of a collection of interrelated data and a collection of programs to access that data. The data describe one particular enterprise. Databases and database technology are having a major impact on the growing use of computers .It is fair to say that databases play a critical role in almost all areas where computers are used , including business , electronic commerce , engineering , medicine , law , education and library science , to name a few.
A database is a collection of related data. By data, we mean known facts that can be recorded and that have implicit meaning. For example, consider the names, telephone numbers and addresses of the people we know. We may have recorded this data in an indexed address book, or we may have stored it on a hard drive, using a personal computer and software such as Microsoft Access or Excel. This is a collection of related data with an implicit meaning and hence is a database.
Database Security:-
The security to the databases is often referred to as the Final Line of Security. Database Security is an important part of many web applications, enterprises where many sensitive information are to be stored in databases. When the data to be stored becomes too huge then the applications and its developers use a database so as to make the application simple. These Databases are also to be secured along with the network. Cases of databases being hacked and loss of sensitive information such as credit card numbers are a lot. These types of data are to be secured or must be kept away from hackers. Database security requires knowledge of both database management and security. There are various types of attacks that can occur to a database like SQL Injection, referential integrity etc. The method of encrypting the database can prevent the sensitive data from wrong hands in almost all kinds of attacks. Cryptography is a method of securing data either over the network or in any stand alone device. This method has two steps, Encryption and Decryption. Encryption is called a converting plain text to cipher text and Decryption is the reverse process. This method of securing uses a key to encrypt and decrypt data. A party has to have a key to encrypt and decrypt data. The cryptographic techniques are of two types, Symmetric encryption and Asymmetric encryption. The keys are secretly shared by the end-users before initiating the security in a symmetric encryption. The keys are generated based on functionality by the end-users during the process in a Asymmetric encryption.
Many managers are concerned about opening up mission-critical applications to the Internet. With dozens of potential entry points and almost daily news about large companies being hacked, proper database security is critical. In general, security concerns over Internet access are similar to security issues in an internal network.
To understand the similarity, let’s examine the possible entry points for hackers and demonstrate some techniques attackers use to gain access to confidential data. We'll then consider some techniques, including database-level security built into Oracle, for mitigating these risks.
Analyzing the threat :-
All Web-based applications have numerous possible entry points, and we must check every one. Hackers look at the following areas when they try to break into a Web application.
• Internet access – If hackers can guess the IP address of a server, they can telnet to the server and get a login prompt. At this point, all they need is a user ID and password to gain access to the server.
• Port access – All Web applications are configured to listen on a predefined port for incoming connections, and they generally use a listener daemon process to poll for connections.
• Server access – A four-tiered Web application incorporates a series of Web servers, application servers, and database servers. Each of these servers presents a potential point of entry, and if remote shell access is enabled, a hacker that gets access to a single database may get access to many servers.
• Network access – OracleNet, as an example, allows for incoming connect strings to the Oracle listener process. If hackers know the port, IP address, Oracle ID, and password they can gain direct access to the database.
After we identify possible attack points, we must restrict access to those points. Disabling external entry can be accomplished though several methods. We have to explore anti hacker tips for each potential point of entry.
Web database security is a challenging issue that should be taken into consideration when designing and building business based web applications. Those applications usually include critical processes such as electronic-commerce web applications that include money transfer via visa or master cards. Security is a critical issue in other web based application such as sites for military weapons companies and national security of countries.
As the sophistication of Internet attacks increases, the technical knowledge of attackers on average is declining. Sophisticated attackers are building tools that novices can invoke with the click of a mouse.