Page 145 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 145

Unit 10: Databases Security




          Common Database Security Failures                                                     Notes

          The common drawbacks that intimidate database security are:
          1.   Weak User Account Settings: Many of the database user accounts do not enclose the user
               settings that may be establish in operating system surroundings.


                 Example: The user accounts name and passwords, which are generally known, are not
          disabled or customized to avert access.
               The  user  account  settings  permit  restricted  capabilities  for  security,  without
               password controls on dictionary checks or account controls assisting expiration of user
               account.
          2.   Insufficient Segregation of Duties: No recognized security administrator role is mentioned
               in the database management of the organization. This effects in database administrators
               (DBAs) performing both the functions of the manager (for users accounts), in addition to
               the  performance and  operations specialist.  This  may  consequence  in  management
               inefficiencies.
          3.   Inadequate Audit Trails: The auditing potentials of databases since it need keeping track
               of  additional needs, are frequently ignored for improved performance  or disk  space.
               Inadequate  auditing consequences  in abridged  accountability. It  also decreases  the
               effectiveness of data history analysis. The audit trails records information concerning the
               actions  taken on  firm critical  of  data.  They log  events directly  connected  with  the
               data, therefore they are essential for monitoring the access and the actions on a database
               system.

          4.   Unused DBMS Security Features:  The security of an individual application is typically
               sovereign of the security of the DBMS. Please note that security dimensions that are built
               into an application pertain to users of the client software only. The DBMS itself and many
               other tools or utilities that can attach to the database directly via ODBC or any  other
               protocol, may bypass this application level security totally. So, you must attempt to use
               security limitations that are reliable.


                Example: Try using security mechanism that are defined inside the database.
          Fundamentally database security can be broken down into the following levels:
          1.   Server Security

          2.   Database Connections
          3.   Table Access Control
          4.   Restricting Database Access.

          These database security levels are discussed as below:
          Server Security: Server security includes limiting access to data accumulated on the server. It is
          the most significant choice that has to be taken in deliberation and planned suspiciously.

          Database Connections: By means of the ODBC will have to be followed by inspecting that every
          connection corresponds to a particular user who has access to data.
          Database contact should be restricted to machines that have to converse to it while assuring
          standard safeguards are in position.





                                           LOVELY PROFESSIONAL UNIVERSITY                                   139
   140   141   142   143   144   145   146   147   148   149   150