GHALIB UNIVERSITY COMPUTER SCEINE FACULTY Distributed Database(Semester 5)
(Database Security)
Lecturer: Hamed Amir y
6/21/2020 DISTRIBUTED DATABASE LECTURE 02 SPRING 2020 1
Table of content What is database security? Reasons of security Threats Types of security External security Internal security
6/21/2020 DISTRIBUTED DATABASE LECTURE 02 SPRING 2020 2
What is Database Security? Protecting the database from unauthorized access, modification & destruction is called database security. OR The mechanisms that protect the database against intentional or accidentals threat is called database security. A database contain the most crucial data, in case of loss of security the data could proved to be disastrous.
Reasons of security Database security is concerned to avoiding the following situations. Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of Integrity Loss Availability
Cont.… Theft and fraud: Theft & fraud do not necessarily alter data. Theft & fraud effect not only the database but also the entire organization. Loss of confidentiality: In this situation the confidential data of an organization lost. From lost we do not mean unavailability. But means that the data become no more confidential to the organization.
Cont.… Loss of Privacy: Privacy refers to the need to protect data about individual. In case of loss of privacy, the data become available to every one. Loss of Integrity: Integrity means keep the database in its correct form. But incase of loss of security, the database become no more integrated. Loss of Availability: it means that the data or the system or both not be accessed.
Threats Threats represent any intentional or accidental event which can violate the security of database. Potential threats to a computer system may be from the following resources. Hardware Communication Network DBMS and Application S/W
Cont.… Database Database Administrator Programmers End Users Hardware: due to the H/W of the System the threats to a system are. Fire, Flood, bombs Data corruption due to power loss. Physical damage to equipment's.
Cont.… Communication N/W: Communication N/W threats may be. ◦ Wire-Tapping ◦ Breaking or disconnection of cables. ◦ Un wanted program (Virus). DBMS and Application S/W: The threats from DBMS and application S/W ◦ Theft of program ◦ Failure of security mechanisms ◦ Program alteration
Cont.… Database: from database side threads are ◦ Unauthorized copying of data. ◦ Theft of data Database Administrator: some time the database administrator design inadequate security policies. Programmer: Some time programmers may also provide some threats to the database . These threat may be, ◦ creating trap doors, ◦ Creating S/W that is insecure, ◦ Inadequate staff training, ◦ Inadequate security.
EXTERAL SECURITY From external security we means the physical protection of the computer system. External Security is possible though Authorized person should have a unique uniform. IDs should be checked properly of the users. Computer lab should be locked properly. The authorized person should not be allowed to take any explosive or liquid things near the computer.
Internal security This means protecting the information from unauthorized access , modification and destruction. Internal security is possible though the following mechanism. Views Authorization Encryption Backup & Recovery Integrity RAID Technology Biometric Device.