22-06-2015, 05:07 PM
am looking for seminar material on database security issues and challenges
|
seminar topic on database security issues and challenges
|
am looking for seminar material on database security issues and challenges
23-06-2015, 04:29 PM
seminar topic on database security issues and challenges
Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The Defense Information Systems Agency of the US Department of Defense (2004), in its Database Security Technical Implementation Guide, states that database security should provide controlled, protected access to the contents of a database as well as preserve the integrity, consistency, and overall quality of the data. Students in the computing disciplines must develop an understanding of the issues and challenges related to database security and must be able to identify possible solutions. At its core, database security strives to insure that only authenticated users perform authorized activities at authorized times. While database security incorporates a wide array of security topics, notwithstanding, physical security, network security, encryption and authentication, this paper focuses on the concepts and mechanisms particular to securing data. Within that context, database security encompasses three constructs: confidentiality or protection of data from unauthorized disclosure, integrity or prevention from unauthorized data access, and availability or the identification of and recovery from hardware and software errors or malicious activity resulting in the denial of data availability. In the computing discipline curricula, database security is often included as a topic in an introductory database or introductory computer security course. This paper presents a set of sub-topics that might be included in a database security component of such a course. Mapping to the three constructs of data security, these topics include access control, application access, vulnerability, inference, and auditing mechanisms. Access control is the process by which rights and privileges are assigned to users and database objects. Application access addresses the need to assign appropriate access rights to external applications requiring a database connection. Vulnerability refers to weaknesses that allow malicious users to exploit resources. Inference refers to the use of legitimate data to infer unknown information without having rights to directly retrieve that information. Database auditing tracks database access and user activity providing a way to identify breaches that have occurred so that corrective action might be taken.
If you own a business it is important to understand some of the database security problems that occur within an organization and how to avoid them. If you understand the how, where, and why of database security you can prevent future problems from occurring.
Database Security Issues
Daily Maintenance: Database audit logs require daily review to make certain that there has been no data misuse. This requires overseeing database privileges and then consistently updating user access accounts. A database security manager also provides different types of access control for different users and assesses new programs that are performing with the database. If these tasks are performed on a daily basis, you can avoid a lot of problems with users that may pose a threat to the security of the database.
Varied Security Methods for Applications: More often than not applications developers will vary the methods of security for different applications that are being utilized within the database. This can create difficulty with creating policies for accessing the applications. The database must also possess the proper access controls for regulating the varying methods of security otherwise sensitive data is at risk.
Post-Upgrade Evaluation: When a database is upgraded it is necessary for the administrator to perform a post-upgrade evaluation to ensure that security is consistent across all programs. Failure to perform this operation opens up the database to attack.
Split the Position: Sometimes organizations fail to split the duties between the IT administrator and the database security manager. Instead the company tries to cut costs by having the IT administrator do everything. This action can significantly compromise the security of the data due to the responsibilities involved with both positions. The IT administrator should manage the database while the security manager performs all of the daily security processes.
Application Spoofing: Hackers are capable of creating applications that resemble the existing applications connected to the database. These unauthorized applications are often difficult to identify and allow hackers access to the database via the application in disguise.
Manage User Passwords: Sometimes IT database security managers will forget to remove IDs and access privileges of former users which leads to password vulnerabilities in the database. Password rules and maintenance needs to be strictly enforced to avoid opening up the database to unauthorized users.
Windows OS Flaws: Windows operating systems are not effective when it comes to database security. Often theft of passwords is prevalent as well as denial of service issues. The database security manager can take precautions through routine daily maintenance checks.
These are just a few of the database security problems that exist within organizations. The best way to avoid a lot of these problems is to employ qualified personnel and separate the security responsibilities from the daily database maintenance responsibilities.
Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The Defense Information Systems Agency of the US Department of Defense (2004), in its Database Security Technical Implementation Guide, states that database security should provide controlled, protected access to the contents of a database as well as preserve the integrity, consistency, and overall quality of the data. Students in the computing disciplines must develop an understanding of the issues and challenges related to database security and must be able to identify possible solutions. At its core, database security strives to insure that only authenticated users perform authorized activities at authorized times. While database security incorporates a wide array of security topics, notwithstanding, physical security, network security, encryption and authentication, this paper focuses on the concepts and mechanisms particular to securing data. Within that context, database security encompasses three constructs: confidentiality or protection of data from unauthorized disclosure, integrity or prevention from unauthorized data access, and availability or the identification of and recovery from hardware and software errors or malicious activity resulting in the denial of data availability. In the computing discipline curricula, database security is often included as a topic in an introductory database or introductory computer security course. This paper presents a set of sub-topics that might be included in a database security component of such a course. Mapping to the three constructs of data security, these topics include access control, application access, vulnerability, inference, and auditing mechanisms. Access control is the process by which rights and privileges are assigned to users and database objects. Application access addresses the need to assign appropriate access rights to external applications requiring a database connection. Vulnerability refers to weaknesses that allow malicious users to exploit resources. Inference refers to the use of legitimate data to infer unknown information without having rights to directly retrieve that information. Database auditing tracks database access and user activity providing a way to identify breaches that have occurred so that corrective action might be taken.
If you own a business it is important to understand some of the database security problems that occur within an organization and how to avoid them. If you understand the how, where, and why of database security you can prevent future problems from occurring.
Database Security Issues
Daily Maintenance: Database audit logs require daily review to make certain that there has been no data misuse. This requires overseeing database privileges and then consistently updating user access accounts. A database security manager also provides different types of access control for different users and assesses new programs that are performing with the database. If these tasks are performed on a daily basis, you can avoid a lot of problems with users that may pose a threat to the security of the database.
Varied Security Methods for Applications: More often than not applications developers will vary the methods of security for different applications that are being utilized within the database. This can create difficulty with creating policies for accessing the applications. The database must also possess the proper access controls for regulating the varying methods of security otherwise sensitive data is at risk.
Post-Upgrade Evaluation: When a database is upgraded it is necessary for the administrator to perform a post-upgrade evaluation to ensure that security is consistent across all programs. Failure to perform this operation opens up the database to attack.
Split the Position: Sometimes organizations fail to split the duties between the IT administrator and the database security manager. Instead the company tries to cut costs by having the IT administrator do everything. This action can significantly compromise the security of the data due to the responsibilities involved with both positions. The IT administrator should manage the database while the security manager performs all of the daily security processes.
Application Spoofing: Hackers are capable of creating applications that resemble the existing applications connected to the database. These unauthorized applications are often difficult to identify and allow hackers access to the database via the application in disguise.
Manage User Passwords: Sometimes IT database security managers will forget to remove IDs and access privileges of former users which leads to password vulnerabilities in the database. Password rules and maintenance needs to be strictly enforced to avoid opening up the database to unauthorized users.
Windows OS Flaws: Windows operating systems are not effective when it comes to database security. Often theft of passwords is prevalent as well as denial of service issues. The database security manager can take precautions through routine daily maintenance checks.
These are just a few of the database security problems that exist within organizations. The best way to avoid a lot of these problems is to employ qualified personnel and separate the security responsibilities from the daily database maintenance responsibilities.
|
« Next Oldest | Next Newest »
|
Important Note..!
If you are not satisfied with above reply ,..PleaseASK HERE
So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page| Tagged Pages: data base security issue, |
