Running Head: DATABASE SECURITY 1
DATABASE SECURITY 8
Database Security
Name
Institution
Professor
Course
Date
Abstract
Database security is concerned with the use of broad range of the information security controls to protect the databases including the database applications, data, database servers and others against the compromises of confidentiality, availability, and lastly integrity. This involves some various categories of controls which include procedural or administrative, technical and physical. Database security is a primary concern since once it database of an organization is not secure, enough it can cost the organization a lot. In this paper, much about the much of the database security will be discussed and the ways in which the database security can be implemented. Ways in which the database can be exposed to threats of being accessed by unauthorized people are discussed and the solutions to keep the database secure from all these risks. This will be discussed from the research point of view and also from a personal point of view.
It refers to collective measures that are used in protecting and securing database management software or a database from an illegal use as well as malicious attacks and threats. Database security enforces and covers security on each and every aspect as well as all the components of databases. They include database server, data which is stored in the database, database management system and other database workflow applications (Bertino & Sandhu, 2005).
A database may be vulnerable to some security risks for instance: unauthorized activity or misuse of the authorized users of the database, system managers, and database administrators or by the unauthorized users or even hackers. Performance constraints, overloads, and capacity issues which result in an inability of the authorized users to using the database as it is intended. Malware functions causing incidents such as leakage or disclosure of the proprietary or personal data, unauthorized access, deletion of the data or programs and denial of access to the authorized users. There is also physical damage of the database servers which lead to losing of the databases and may be caused by overheating, accidental liquid spills, computer room floods or fires and electronic breakdown. Programming bugs and the design flaws are other risks of database security whereby associated systems and programs create various security vulnerabilities. Lastly, we have data corruption or loss which is caused by entry of invalid commands or data, mistakes in the database or the system administration process and sabotage (Cook & Gannholm, 2004).
Database security needs to be analyzed and then implemented to ensure that the data integrity, availability, and confidentiality are assured in the database. There are various technical methods which are used in ensuring that database of the organization is kept secure and they are as discussed below (Denning et al., 1979).
i. Encryption
Most of the databases have been designed offer encryption capabilities which encrypt specific cells or columns within the database. They are governed by application whereby the application must be augmented to call database encryption libraries to encrypt or decrypt data. This encryption type is known as application-layer encryption. Once the database is encrypted, it becomes very hard for one to hack the database since the decryption key will have to be provided for one to access the data in the database (Davida, 1981).
ii. Authentication
Authentication refers to a process whereby the user accessing a database is granted or denied the access if the set security requirements for accessing that database are not met. The user may be required to provide the username and the password to access a particular database and if the user meets the requirements is allowed and vice versa (Pfleeger & Pfleeger, 2002).
iii. Backups
The database needs backups for their data to ensure that no database is lost and the information in the database can be traced even after a loss. Providing backups will ensure that when a database is deleted or cannot be accessed the information can be traced from the backup computer (Sandhu & Samarati, 1994).
iv. Access control
Access control should be provided in the database management system so as to filter out those users who are authorized and the unauthorized ones. Access control in database security is a vital tool as the users will be grouped in different classes whereby each class has its different levels in accessing the data. Only the intended information to a specified user will be available to him or her and not the whole database so as to ensure that data is kept safe (Bullers et al. 2006).
v. Physical security
Physical security is a process whereby the computers will be protected physically by use of padlocks or biometric doors to ensure that no unauthorized entrance to the server rooms. The computers can also be locked using steel cables whereby stealing them would not be possible (Gollmann, 1994).
vi. Firewalls
Firewalls provide a strong security in the network whereby it detects various attempts of accessing database information from a computer being connected to the network. The firewall will determine the IP address of the computer or the source of the address being used in accessing the database and then it will automatically block it if its source is unknown. This will ensure that database is kept secure from these unauthorized users and therefore data integrity will be attained (Stallings & Brown, 2008).
In personal view of the database security, it is a critical area in the organization as far as the organization’s information is concerned. Once a database of an organization is insecure its information can be accessed by unauthorized users whereby they can use this information to tamper with the organization’s functionality. The information can also be exposed to the competitors of the organization which they can be taken advantage of by them. The customer’s information can be exposed too, and therefore the confidentiality of the information becomes no more. Integrity is also risked once the database is accessed by the unauthorized users who tamper with the information can change the information hence losing its integrity (Tari & Fernandez, 1997).
Database security should be given the priority as far as information is concerned. The information in the database needs to be protected fully from being accessed by unauthorized users who may lead to a lack of trust of the organization by the customers. Failing to enforce database security in the organization system may cause loss of information, and this is a risk which may cause a great loss of information. The customers’ information exposed will lead to the lack of trust towards the organization and then result to losing the customers (Mo, 2012).
The methods discussed above of ensuring that database security is enforced should be followed and emphasized by the management and the network administrator. The network administrator should ensure that he or she executes his or her duties to the letter and also come up with new techniques for ensuring that database security is maximized. The passwords of the database should be changed after a short time like after every three months as this will also increase security. The users of the database should be trained on how to enforce security to the database they are accessing and on the safe ways of sending information via a network. Through this, the database security will be maximized and therefore rare cases of losing databases. In conclusion, database security has been enforced in the latest database software which provides additional security for the database hence reducing the risk and maintaining integrity, availability, and confidentiality (Thuraisingham, 1987).
References
Bertino, E., & Sandhu, R. (2005). Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and secure computing,2(1), 2-19.
Castano, S., Fugini, M. G., Martella, G., & Samarati, P. (1995). Database security. ACM Press Books, Wokingham, England: Addison-Wesley,| c1995, 1.
Gollmann, D. (1994). Computer Security-ESORICS 94: Third European Symposium on Research in Computer Security, Brighton, United Kingdom, November 7-9, 1994. Proceedings (Vol. 3). Springer Science & Business Media.
Denning, D. E., Denning, P. J., & Schwartz, M. D. (1979). The tracker: A threat to statistical database security. ACM Transactions on Database Systems (TODS), 4(1), 76-96.
Cook, W. R., & Gannholm, M. R. (2004). U.S. Patent No. 6,820,082. Washington, DC: U.S. Patent and Trademark Office.
Muralidhar, K., Parsa, R., & Sarathy, R. (1999). A general additive data perturbation method for database security. Management Science, 45(10), 1399-1415.
Thuraisingham, M. B. (1987). Security checking in relational database management systems augmented with inference engines. Computers & Security, 6(6), 479-492.
Tari, Z., & Fernandez, G. (1997). Security enforcement in the DOK federated database system. In Database Security (pp. 23-42). Springer US.
Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
Davida, G. I., Wells, D. L., & Kam, J. B. (1981). A database encryption system with subkeys. ACM Transactions on Database Systems (TODS),6(2), 312-328.
Gollmann, D. (1994). Computer Security-ESORICS 94: Third European Symposium on Research in Computer Security, Brighton, United Kingdom, November 7-9, 1994. Proceedings (Vol. 3). Springer Science & Business Media.
Sandhu, R. S., & Samarati, P. (1994). Access control: principle and practice.IEEE communications magazine, 32(9), 40-48.
Mo, Y., Kim, T. H. J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., & Sinopoli, B. (2012). Cyber–physical security of a smart grid infrastructure. Proceedings of the IEEE, 100(1), 195-209.
Bullers Jr, W. I., Burd, S., & Seazzu, A. F. (2006, March). Virtual machines-an idea whose time has returned: application to network, security, and database courses. In ACM SIGCSE Bulletin (Vol. 38, No. 1, pp. 102-106). ACM.
Stallings, W., & Brown, L. (2008). Computer security. Principles and Practice.
