Methods of Database Security
How it works
Database security is a growing concern indicated by an expansion in the number of announced loss or unofficial submission incidents to sensitive data. As the amount of data collected, retained and split is expanding electronically, so is the need to recognize the security of databases. When a user of a database creates a list, he is fully permitted to perform steps such as reading, adding, modifying and deleting upon it. In fact, it can give any or all of its advantage on the table to some other customer.
In addition, he may determine that it is permissible for that customer to further accept these benefits to other customers. Backup and recovery are an important feature of database systems because they secure information against surprising hardware and software failures. Database systems can provide security and accuracy in information by producing a backup and rebuilding the backup from a failure. An significant action in the type or enhancement of a particular application for a database is to consider the rectitude constraint that must be added to the database, which is used to identify and analyze deviation in order to prepare an effective dimensional database. Encryption of the database implies the use of encryption techniques to transform a simple text database to an encrypted database.
Categorizing the security of a database is a determining activity that a organization will increase in order to easily operate its exercises. It is a calculated effort to secure firm data across threats such as an annihilation or misuse of incidental or voluntary loss. The threats raise an objection regarding data integrity and access to the organization. The danger can result from intangible losses such as theft of hardware or intangible losses such as lack of trust in the activities of the organization. All these practices were rife, in contrast to convectional trade involving physical goods, due to electronic commerce. Additionally, most databases store confidential user information that could be vulnerable to hacking and misuse. Therefore, companies have adopted stronger safeguards and checks on their database to protect the information ‘s integrity and ensure that their network is tightly monitored to discourage intruders from intentionally breaching.
Credential Threats Weak password and authentication schemes allow attackers to assume the identity of legitimate users of the database. Specific strategies for the attack include attacks by brute force and social engineering, namely phishing. Exemption Threats when a user incidentally misuses rights that have been accurately admitted, or when an admin gives a user excessive access rights by mistake or out of disregard, it can result in advantageous, or more malicious, acceleration of privilege.
Authentication means verifying the identity of someone who wants to use data, services or applications (a person, computer, or other entity). Legitimizing the identity is establishing a relationship of confidence for further interactions. Authentication also allows accountability, allowing access and actions to be linked to specific identities. After authentication, authorization processes can require or restrict the access and action rates required for that entity. The same authentication method is usually used by all database users by convenience, but Oracle allows any or all methods to be used by a single database instance. For database authority, Oracle requires special authentication procedures, because they perform special operations on databases. Also, Oracle encrypts passwords during transmission to ensure network authentication protection. You can authenticate using any combination of the methods described in the following sections to validate the identity of data base users and prevent unauthorized use of a database user name. Multi-scale authentication and authorization in a multi-scale environment, Oracle manages the protection of middle-scale applications by restricting their rights, maintaining customer preferences at all levels and auditing behavior on behalf of customers The identity of the client connecting to the middle tier must be maintained in applications which use a strong middle tier, such as a transaction processing monitor. But one advantage of a middle tier is the pooling of connections, which enables multiple users to access a data server without the need for separate connections for each.
Views offer protection level. Views may be set to remove data which should not be used by other users. For example, we could create a view that allows a branch manager and the Payroll Department to view all the staff data, including salary details, and we could create a second view that other staff would use that excludes salary details. Views have a framework for tailoring the database ‘s appearance. For example , the Department of Contracts may prefer to call the monthly rent area by the more obvious name, Monthly Rent. A view can present a consistent, unchanging image of the database structure, even if the underlying database is altered. When adding or removing fields from a file, and these fields are not required by the view, the view is not affected by this change.
Backup & Recovery
Although most database systems incorporate backup and recovery tools into their interfaces and infrastructure, understanding what the backup and recovery process involves is imperative. Although most database systems incorporate backup and recovery tools into their interfaces and infrastructure, understanding what the backup and recovery process involves is imperative.
Needs Not just data files need to be a part of the backup process. Transaction records ought to be backed up, too. In an improvement event the data files are impractical without the transaction logs.
Backup methods There are three primary types of backup in SQL, complete, transaction log and differential. A full copy of the database, with all changes and transaction records, is rendered in a complete backup. This process requires a large amount of time. In a transaction log backup, the events of the transaction log which have occurred after the last complete or back-up transaction are saved. The prior transaction logs are truncated so that the files are kept as small as possible. Physical and logical backups Physical backups are backups of the physical files used in your database storage and recovery, such as data files, control files, And archived logs to redo. Ultimately, a physical backup is a copy of files that store information about the database to some other location, whether on a disk or other offline storage like tape. Logical backups contain logical data from a database using an Oracle export tool and stored in a binary file for subsequent re-entry to a database using the analog Oracle import method.
Databases must also ensure the integrity of the data, i.e., the integrity of the entries in the tables. It views honesty as a more general problem by minimizing unauthorized data modifications. The primary challenge combined with data integrity is to simultaneously pursue data alteration within a database. DBMS may attempt to commit updates, making the changes pending permanent. The DBMSs will rollback (also called abort) and restore from a save point (clean snapshot of the database tables) if the commit is unsuccessful. A database record is a list of all transactions within the database.
The Oracle database provides authentication, authorization, and audit security. Authentication ensures access to the network is only granted to legitimate users. Authorization means that only certain users have access to the services which they are allowed to use. When users access safe services, auditing ensures transparency. Although these protection measures effectively secure data in the database, they do not hinder access to the files of the operating system where the data is stored. Transparent data encryption allows the encryption of confidential data in columns of databases, as contained in archives of the operating system. Using an external security module separates common functions of the program from those pertaining to security, such as encryption. Consequently, administration duties can be divided between DBAs and security administrators, a strategy that enhances security as no administrator is granted comprehensive access to data. External security modules generate encryption keys, perform encryption and decryption and keep keys out of the database securely.
RAID, or ‘Redundant Arrays of Independent Disks’ is a technique that uses multiple-disk combinations instead of using a single disk for enhanced actions, data repetition or both.
Data redundancy adds to disk accuracy as it takes up extra space. This means, if the same information is also backed up to another disk in case of disk failure, we can get the data and proceed with the results. At the other hand, if the data is only distributed over several disks without the RAID technique, then the failure of a single disk will impact the entire data.
Availability: What fraction of the total session time is a system in uptime mode, i.e. how available is the system for actual use?
- Performance: How good is the response time? How high is the throughput (rate of processing work)? Note that performance contains a lot of parameters and not just the two.
- Capacity: Given a set of N disks each with B blocks, how much useful capacity is available to the user?
RAID is very transparent to the underlying system. This means, to the host system, it appears as a single big disk presenting itself as a linear array of blocks.
Which the paper has generally discussed the database security concerns and research into various issues surrounding the sector. Organizations now are relying on data to make decisions on various businesses operations that enhance their operations. Therefore, it is prudent to keep sensitive information away from unauthorized access. Database security research paper has attempted to explore the issues of threats that may be poised to database system. These include loss of confidentiality plus loss of integrity. Besides, it has detailed on loss of privacy leading to blackmail and embarrassment in the business. The paper has also discussed areas concerning techniques to counter any issue of threat. These could be use of views and authentication. Another method is through back-up method which ensures that the information is stored elsewhere and recovered in case of failure or attacks. The paper has also discussed the requirements that are set for a robust database management system. Some of the requirements are audit trial. Lastly, the paper has looked at the process for managing a database system and has discussed all the steps that need to be taken.
From the above mentioned details, I have learned that Database security has became the most important part in the technical world for the better improvement of the technology. Database security enables the user a safe and secured environment for the better use. And it has become the most attractive way to protect data from different users as it provides different views to every user accordingly.And if we lost some data by mistake, we can backup it in a very simple way.