Abstract The paper states that organizations depend on distributed information systems for discharging routine business needs. The paper then discusses their susceptibility to security compromises increases, although they achieve output and competence. The paper states that methods like electronic signatures and encryptions are presently accessible for safeguarding data at the time of its transmission. The paper further stresses the importance that a practically broad strategy for data protection should cover methods for putting in place access control policies which are dependent on subject qualifications.
Outline:
Introduction
Most Relevant Concepts Underlying the Notion of DatabaseSecurity and the Well Known Techniques
Current Challenges for DatabaseSecurity and Some Preliminary
approaches that Address Some of Chese Challenges
Access Control Systems, and Description of the Key Access Control
Models, Namely, the Discretionary and Mandatory Access Control
Models, and the Role-based Access Control (RBAC) Model
Additional Recommendations
Conclusion
From the Paper "Keeping a repository of centralized data is of utmost significance for the information management. Because of this, it is important to build a database concept which outlines the readiness needed for functioning of the database. It must always cover a database security concept that concentrates on the operation of the database. Improper safeguarding of data might compromise database confidentiality, its availability and integrity. In order to prevent this, it is very important to form a comprehensive 'database security' concept. For ensuring the security of a database, an appropriate database management system -- DBMS is required to be functional. For successful protection, the database management system must compulsory fulfill the necessities stated below.''
A paper that reviews databasesecurity risks and strategies in an internet world, focusing specifically on Certificate Authorities (CAs) and the specialized risks faced by CAs.
Abstract The paper shows that in today's fast paced economy and exploding computing infrastructure, database technologies have become the backbone of internet and application services. With adoption of technology comes risk and traditional attacks on security, with databases not being immune. This paper examines some of the risks, strategies and important aspects of databasesecurity as it pertains to deployments and Certificate Authorities.
Table of Contents:
Introduction
Nature of Security Issues
Common Attacks
The Threats
The Methods
SQL Server Attacks
SQL Injection Attacks
Oracle Exploits
Prevention
Process over Technology
Best Practices for Protecting Databases Application Development
Design Considerations for Certificate Authorities
Data Protection
Data Availability
Conclusion
Additional Information
Sample Vulnerabilities
Certificate Authorities
Bibliography
From the Paper "Introduction The Internet has spawned a breeding ground for web applications and database systems to perform e-commerce, e-banking, and e-government transactions. Database systems have become an integral and required component of the Internet ecosystem to store security sensitive information. Since database systems are now the foundation for all sensitive data operations, database security has become increasingly important in not only e-commerce on the Internet, but also for conducting normal business operations for almost any organization. Compromise of database security poses new business risks not realized before in corporate IT systems."
Abstract This paper shows how important databasesecurity is for protecting companies against risks, such as cracking, worms, viruses, web site defacement, unauthorized disclosure of confidential information, and more. The paper also outlines the minimum steps that must be taken to ensure effective security against these crimes.
From the Paper "A recent report by the Computer Security Institute (CSI) and the Federal Bureau of Investigation (FBI) reveals that of 508 companies surveyed, mostly large corporations and government agencies, 90 percent detected computer security breaches within the past twelve months (Savage, 2003). Eighty percent acknowledged financial losses due to these computer breaches. And the 223 respondents that quantified their financial damages suffered a total loss of $456 million. These statistics show the dire need for database security in both large and small companies."
This paper discusses the goals of security and common security threats, including Microsoft SQL Server security techniques and web application security measures.
2,715 words (approx. 10.9 pages), 18 sources, APA, $ 81.95
Abstract This paper explains that databasesecurity is the protection of the database against unauthorized access, either intentional or accidental; security countermeasures should combat threats and the outcomes of such threats. The author points out that physical security means that a SQL Server system is running in a controlled-access environment in which only approved personnel have physical access to the system; whereas, appropriate physical security means that SQL Server should be isolated from web infrastructures and direct Internet access. The paper concludes that network and operating system security are not sufficient to defend against dynamic threats to a web application; therefore, database and web application server techniques are a necessity, but even with these extra layers of security in place, there's no such thing as a full-proof security system.
Table of Contents
Introduction
The Goals of Security Sources of Security Threats
Types of Threats
Common Web Application Security Threats
Physical Security Security Mechanisms to Protect a Database Views
Rules and Constraints
Concurrency Control
Audit Tracking
Encryption
Backup and Recovery
SQL Injection Prevention Techniques
Web Securities Firewall
SSL
Digital Certificate
Conclusion
From the Paper "Access control prevents unauthorized persons from accessing a system to either obtain information or make changes. Like most databases, Microsoft SQL Server handles access control by allowing the creation of user accounts and passwords to control log-in. Additionally, Microsoft SQL Server supports the use of Windows NT Integrated Security where users are identified to the database by their Windows NT user accounts rather than user ID and password to access the database. Chapple states that this approach offers both the benefit of shifting the burden of account management to the network administration staff and it provides the ease of a single sign-on to the end user."
Abstract This paper discusses on-line information technology and the problems that exist in databasesecurity. It continues to offer solutions to this problem, in discussing legislation, software and hardware to protect information databases from the illegal and malicious threats that effect them.
Database Management Systems
DatabaseSecurity Policies
System Security Policy
Data Security Policy
User Security Policy
Auditing Policy
Bibliography
From the Paper "There are many measures and security policies that can be implemented to prevent illegal access to private databases. Typically, every security policy is dependent on the other policies. It is important to note that security policies work best if all the policies embedded within have strong walls against unauthorized access. Otherwise, once one policy fails, there are tendencies that its vulnerability and failure to protect the network, database, or information, can affect the rest of the policies. Following are some of the common policies, as extracted from Oracle Server Administration Guide, that are applied by many organizations which utilize information technology methods for database and information safety and security."
Abstract This paper stresses that businesses want the most cost efficient database that can still do a very good job; therefore, Microsoft Access is almost out of the question for large database needs because it slows down when it holds too much data and is best suited and made for small data needs. The author states that the most important criteria is budgetary constrains: Microsoft Access costs roughly $200 while Oracle Enterprise costs $40,000, Microsoft SQL Server enterprise costs $20,000 and DB2 is about $25,000. The paper relates that any databasesecurity plan should start with the server and network and provide prevention, detection, response, authentication, authorization, table access and auditing.
Table of Contents
Databases Overview
List of Important Criteria When Choosing the Right Database Reasons for These Criteria
Budget Criteria
Data Needs Criteria
Functionality Criteria
Security Criteria
Operating System Support Criteria
Business Model Criteria
Administration and Ease of Use Criteria
Federal Compliance Criteria
Upgrades/Modifications Criteria
Collaboration Criteria
Review
From the Paper "The data needs of the business are important when choosing the right DB. For instance, MS Access, although cheap, would be best suited for very small businesses or low data needs. On the other hand, large organizations with large data needs should use the industrial strength DBs like DB2 and Oracle and Microsoft SQL Server. DB2 and Oracle are better suited for the really large data needs. For example: MS Access can hold 2GB of data; SQL Server can hold 1,048,516 TB of data."
Tags: cost-efficient, small-business, security-plan, speed, function
Abstract In today's information-rich society, database management is an ever-expanding and increasingly important field. This paper discusses databases, database management systems (DBMSs), and their importance in today's society. Additional topics include the need for security, concurrency, and control within database management, as well as the role of the database administrator.
From the Paper "A database can be defined as "a structure that can house information about multiple types of entities, the attributes of these entities, and the relationships among the entities" (St. Edward's University). Databases can contain a wide variety of information. For example, a university database may include information about students, courses and classrooms. Further, this university database may contain significant amounts of information about the relationships between these entities, such as student course enrollment, and the use of classrooms for courses (Ramakrishnan)."
Abstract This paper considers major issues facing database administrators today, including privacy, networking, security, data storage, staff training and staff retention. It includes a technical description of these issues including firewalls protection, data warehousing, need for effective database administration, bounded and unbounded media.
From the Paper "It is difficult to imagine how most companies could operate without databases in today's business environment. Indeed most organizations whether private or public profit or non-profit depend on ..."
Tags:database administration, privacy, data storage, networking, security
Abstract This paper considers heterogenity, openness, scalability, security, concurrency, failure handling and transparency in distributed databases. It defines "distributed databases." The paper provides an analysis of its benefits and looks at productivity gains and security issues.
From the Paper "As its name suggests a distributed database is a collection of data that is located in several different physical locations-that is distributed over several resources-while operating as a single logical database. This provides system managers the ability to distribute the database over multiple systems depending on system resources and to use either local or wide area networks to access the data. When this type of database configuration is used there are obviously many different factors that need to be taken into account ..."
Abstract This paper examines the concept of abstract authentication in federated database systems and the difficulties presented because the autonomously operated components may not know the identity of federation users. It looks at how one proposed solution is subject switching, where the federation translates the federated users identity to that of an agreed upon component subject and how this translation may be problematic due to not having component subjects with the same accesses requested by federation users. It proposes using proximity measures between requested and provided access and presents two policy neutral algorithms to find proximity minimizing matches between a federation subject and a collection of component subjects. It also explores the concepts relating to federated databases, authorization and access, and proposes some algorithms that will facilitate the subject switching method of reconciling access requirements.
Outline
Section 1
Abstract
Background
Introduction
Characteristics of Federated Databases Homogeneous vs. Heterogeneous Databases Agents
Agents and Meaning
Perspective
Types of Meaning
Semantics Versus Pragmatics
Context
Coverage of Communicative Acts
Mental Versus Social Agency
Section 2
Federated Database Systems and Autonomy
Design Autonomy
Communication Autonomy
Execution Autonomy
Association Autonomy
Authorization Autonomy
Distribution Transparency (i.e., Schema Integration)
Tightly Coupled
Limited Tight Coupling
Loosely Coupled
Federated DatabaseSecurity Authorization
Standards for Authentication
Decentralized vs. Centralized Authorization
Access Controls
User Based Access Control (UBAC)
Policy Based Access Control
Content Dependent Access Control (CDAC)
Context Based Access Control (CBAC)
View Based Access Control (VBAC)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role Based Access Control (RBAC)
Section 3
Subject Switching
Subject Mapping Algorithms
Mapping Process
Federation Mapping Process
Federation Identity
Component Mapping Process
Minimum Disparity Measure
Mapping Algorithm
Create Object Sets
Identify Component Subjects
Evaluate Matching Subjects
Access Disparity Measures
Numerical Disparity Measure
Comparing Disparity Measures to Approximate Measures
Approximate Disparity Measure Comparison
Motivating Example
Access Compatibility Measures and Algorithms
Compatibility of Permissions and their Disparity Measures
Cardinality
Express Specification
Section 4
Metrics
Algorithm 1 (Least Under Permitting Algorithm)
Algorithm 2 (Least Over Permitting Algorithm)
Approximations: Metrics And Mappings
Approximate Mapping Algorithms
Algorithm 3 (Approximate Under Permitting Algorithm)
Algorithm 4 (Approximate Over Permitting Algorithm)
Properties of Algorithms 3 and Algorithm 4
Multilevel Federations
Non-Protected Database Axioms
Deductive Channels Control Theorems
Signalling Channels Control Theorems
Cover Story
Multi-view Databases Languages
Section 5
Conclusions and Ongoing Work
References
From the Paper "Heimbingner and McLeod coined the phrase Federated Database System in 1985, and Seth and Larson later confirmed the formal definition. While the term has been loosely used to refer to several different but related database systems, they more precisely and unanimously define it as a collection of cooperating but autonomous component database systems. [SL90] (According to Oszu 1999, semi-autonomous systems are termed federative DBMS). A federated database system represents a compromise between no integration, wherein users must explicitly interface with multiple autonomous databases, and total integration, where the autonomy of each distinct database is sacrificed in order to allow users access through a single global interface."
Abstract This paper outlines some of the security issues that an IT department needs to have in place for their database systems. In today's technology driven world, databases and networks are vital to the furtherance of many business applications and transactions. The paper shows that unfortunately, with the advances in technology, comes the need to protect that technology in as many ways as possible from unauthorized access.
From the Paper "Database maintenance should include daily remote backup to maintain safe data in case of emergencies. There are many companies that provide remote backup services. Data transfer is usually done after hours through broadband internet connections. This will provide redundancy and remote copies if the main database is ever destroyed or compromised by ill intentioned hackers."
Abstract This paper discusses computer security and its importance for organizations. The paper presents an information security strategic plan or "defense plan" as an overview of what needs to be done for any organization dependent on information technology as a business driver. The paper presents a case study of Commerce Bank and how they handled a breach in security.
Table of Contents:
The Hacking that was Thwarted
Managing the Risk
Defending the Network and the System
Information Security Policies
Assessment of Publicly Accessible Resources and Network Probing
Iinternal Security Assessment
Tools for Ongoing Defense
Third-party Audit and Assessment
Physical Security Assessment
Security Logs Analysis
Information Security Training and Awareness
IT Governance as Part of Executive Managment Responsibilities
Conclusion
From the Paper "Commerce Bank is indeed lucky because as a result of good corporate governance and an information security methodology in place, no great harm was done. By immediately informing customers of what went on, the level of awareness was promoted thereby any attempt by the hackers to use the data for other nefarious activities will not be fruitful because those are already flagged by the law enforcement agencies especially the FBI. Information security was proven in this case to be a matter not only for the affected organization but community and society as well. From beginning to the end, clear lines of reporting and controls were defined that mitigated the risk at its onset. The information security strategic plan or simply "defense plan" presented in this paper is an overview of what needs to be done not only for the bank but any organization dependent on information technology as a business driver."
Abstract This paper discusses three different areas of security problems which could arise in the Internet environment. The first issue described is that of hackers and the possible problems of using hackers to test security systems. The next issue examined is that of privacy and security. The writer outlines the differences between the business world's opinion of privacy on the internet and that of a private person. The paper concludes with a brief look at viruses and the havoc they can and do cause the online environment.
From the Paper "Internet security has been a buzz issue for awhile now. It seems that every five minutes, a new company is coming out with software that will protect the personal computer, protect the corporate databases, protect children, etc. Internet security is very important, there is a lot of very sensitive information on computers around the globe. The hacker is the threat, and software is the solution. However, certain steps are taken to ensure that the Business doesn?t become the victim of a hacker. One of the methods used in ensuring that the software stays ahead of the hacker is by actually hiring professional hackers to try to beat the software. This method is used frequently, especially in mystery movies, when an insurance firm or a museum, or some such is testing out a security system."
Abstract This paper considers the use of biometrics in home security, noting that biometrics involves the use of computers and other hardware to identify people on the basis of physical characteristics, such as fingerprints, speech, facial recognition, retina scan, signature, and so on. The paper further discusses how biometric security systems can operate in different ways. In an identification mode, the system can identify a person from the entire enrolled population by means of a database search. In verification mode, the system can authenticate an individual? claimed identity.
From the Paper "Biometrics involves the use of computers and other hardware to identify people on the basis of physical characteristics, such as fingerprints, speech, facial recognition, retina scan, signature, and so on. Biometric security systems can operate in different ways. In an identification mode, the system can identify a person from the entire enrolled population by means of a database search. In verification mode, the system can authenticate an individual's claimed identity. The advantages of such a system derive from the ability to offer a unique identification for each person: Only biometric authentication bases an identification on an intrinsic part of a human being. Tokens, such as smart cards, magnetic stripe cards, physical keys, and so forth, can be lost, stolen, duplicated, or left at home. Passwords can be forgotten, shared, or observed ("Biometrics and Security" para. 5)."
Abstract This paper describes various issues to be taken into account when implementing an Oracle database. These include cost, platform, training and database design. It expands on the programming process. The author also explains the importance of choosing the right database for a company.
From the Paper "For most companies today their computer systems form the heart of the business. Web sites, accounting, sales, tracking, manufacturing, human resources and ancillary day-to-day functions all reside on various computer systems that are ..."
