Project Title: Different Methodology to Secure the Database Students Name and Id: Santosh Timilsina 11069922/1 1st

Supervisor name: Mr Tashi Wangdue 2nd Supervisor: Mr Prakash Shrestha Date Approved: 13th Nov, 2011

Abstract This gives the overview of database backup and recovery methodology used in the Global Bank Ltd, Nepal. A exploratory study is being carried out in the bank in different steps. This report also gives the information to the reader on the progress of the case study as per the Project Specification.

Table of Content 1. Introduction 2. Background/ Context 2.1 Database Backup Method 2.2 Database Recovery Method 3. Development 3.1 Different Activities in the development process 1-1 2-3 2-2 3-3 4-5 4-5

1. Introduction Database security is the matter of high priority for organizations that maintains their own database. To secure the database these organizations develop their own security standards and designs describing the basic security control measures for their database systems. These may reflect general information security requirements or obligations imposed by corporate information security policies and applicable laws and regulations (e.g. concerning privacy, financial management and reporting systems), along with generally-accepted good database security practices (such as appropriate hardening of the underlying systems) and also security recommendations from the relevant database system and software vendors. The security designs specify further security administration and management functions such as administration and reporting of user access rights, log management and analysis, database replication/synchronization and backups etc. Among different methodology used to secure the database, this report gives the overview regarding the case study of database backup and recovery methodology used, in the context of a bank in Nepal. Banks store their data in a different drive and also store the same data in a Disaster Recovery (DR) site,said Suresh Karna(2011), chief information officer of Kumari Bank.

Banks maintain regular backup of their databases. This report gives details the database backup and recovery practice and procedures followed by the Global Bank Ltd, Nepal based on the preliminary investigation done in the IT-Department of the bank located in Panipokhari, Kathmandu, Nepal.

2. Background/Context Global Bank Limited is a national level commercial bank with more than 50 branches operating in different places within the country. M millions of transactions are done daily with the customer through the different branches. The Bank uses FINACLE as the front end (Banking Software) and Database is maintained using Oracle 10g as the backend. The Central IT department of the Bank is located at its central office, in Panipokhari, Kathmandu which is responsible for acquisition, maintenance, and monitoring information and communication Technology infrastructure of the bank. Its database is maintained in this department. The main database (Oracle 10g) is centrally maintained and installed in the Linux (Redhat Enterprise Linux-5(RHE-5)) machine in the Central IT Department. It is connected to all other computers and terminals (ATMs) at different location through Virtual Private Network (VPN). During the transactions all the terminals and computers inquire the central database. 2.1 Database Backup Method At the end of each day transactions, Cold Backup is taken in the tape. Simultaneously online backup is also taken. This process of data backup is time consuming as the data to be backup crosses 80 GB in size. The Data backup strategies of the bank Specify to use all three types of backup methods simultaneously: y Full backup. Entire system (such as all volumes composed server) or user specified data on all the documents are maintained once at end of a month. y Incremental backup. Incremental backup is maintained daily which only stores the newly created or updated data since the last backup operation. y Differential backup. Simultaneously, Differential backup is used to stores all of

new and updated data generated after a full backup.

2.2 Database Restore method However, a variety of strategies may be used to facilitate system recovery when problems occur, the security design of the bank specify mirroring and reprocessing approach.
y

Mirroring. It involves making frequent simultaneous copies of a database to ensure that two or more copies are maintained in different locations at all times. The bank maintains a duplicate server in the same branch in a different machine.

Reprocessing. It involves going back to a known point of database activity before the problem occurred and reprocessing work from that point forward. It is done using the backup maintained as mentioned above.

Thus, Global Bank Ltd maintains central database with mirroring, in it Central IT department and all the other computers and terminals (ATM ) communicate with the central database through Virtual Private Network (VPN). It maintains regular backup of its databases online and offline.

3. Development A quantitative case study will be carried out to explore the database backup and Recovery methodology being used in the Global Bank Ltd. A systematic approach of investigation will be carried at the Central IT department of the bank to know about the current structure of database backup and recovery policy adopted and all the scenario database problem are logged with the view to examine how the database backup and recover methodology helped to overcome the problems. All the findings are validating in a testing environment developed in the process of the case study. 3.1 Different Activities in the development process The case study will be carried as a sequence of activities listed below: y Feasibility study of project, Selection of Client(place of case study) and

Preliminary Investigation: The project is to do a exploratory study on the database backup and recovery method among the different method to secure database. The client was chosen which Global Bank Ltd. is I visited the IT department of the bank located in, Panipokhari, Kathmandu along with the recommendation letter provided by my college. I get the permission with the IT head there for my case study. I enquired about the way they deploy the database backup and recovery in the Bank.

Extensive Literature Review: Literature review is integral part of entire research process as it bring clarity and focus to the subject matter of case study , broaden your knowledge and helpful to contextualise our findings. Thus, I decided to go through Books and Journals. Further I am taking the training of Oracle DBA.

Developing the objectives:

After the completion of extensive literature I will

develop sufficient knowledge in the required field of case study which will be helpful to set clear goals and objectives. A list of objective will be developed which will guide through the case study. y Preparing the Research Design: In this stage, a problem log form, and maintenance log form will be designed to keep the log of database problems and the steps done to overcome the problem. Further, a testing environment will be installed for the testing and validation of the maintenance log y Collecting the Data: Data of the database problem is maintained in the Problem log and the information of steps taken to overcome the problems are maintained in the
7

maintenance log. This data collection is done through observation and inquiry for some weeks as mentioned in the project plan. y Analysis of Data: Simultaneously with the maintenance log, the problem and maintenance note is tested in the testing environment and logged. y Generalisation and Interpretation: The facts and figures thus derived from the collection and analysis of data is generalised and interpreted. I t will be presented in different forms y Preparation of the Report or Presentation of Results: Finally all the findings are turned into report.

Currently the Feasibility study, selection of client and Preliminary investigation is finished based on that extensive literature review is being carried out. In the extensive literature review stages the books and journal review is finished and training on Oracle DBA is at the last stage.