d. List and explain security requirements of database.
Database Security means keeping sensitive information safe and prevent the loss of data. Security of data base is controlled by Database Administrator (DBA). The following are the main control measures are used to provide security of data in databases:
1. Authentication
2. Access control
3. Inference control
4. Flow control
5. Database Security applying Statistical Method
6. Encryption
These are explained as following below.
- Authentication : Authentication is the process of confirmation that whether the user log in only according to the rights provided to him to perform the activities of data base. A particular user can login only up to his privilege but he can’t access the other sensitive data. The privilege of accessing sensitive data is restricted by using Authentication. By using these authentication tools for biometrics such as retina and figure prints can prevent the data base from unauthorized/malicious users.
- Access Control : The security mechanism of DBMS must include some provisions for restricting access to the data base by unauthorized users. Access control is done by creating user accounts and to control login process by the DBMS. So, that database access of sensitive data is possible only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons. The database system must also keep the track of all operations performed by certain user throughout the entire login time.
- Inference Control : This method is known as the countermeasures to statistical database security problem. It is used to prevent the user from completing any inference channel. This method protect sensitive information from indirect disclosure. Inferences are of two types, identity disclosure or attribute disclosure.
- Flow Control : This prevents information from flowing in a way that it reaches unauthorized users. Channels are the pathways for information to flow implicitly in ways that violate the privacy policy of a company are called convert channels.
- Database Security applying Statistical Method : Statistical database security focuses on the protection of confidential individual values stored in and used for statistical purposes and used to retrieve the summaries of values based on categories. They do not permit to retrieve the individual information. This allows to access the database to get statistical information about the number of employees in the company but not to access the detailed confidential/personal information about the specific individual employee.
- Encryption : This method is mainly used to protect sensitive data (such as credit card numbers, OTP numbers) and other sensitive numbers. The data is encoded using some encoding algorithms. An unauthorized user who tries to access this encoded data will face difficulty in decoding it, but authorized users are given decoding keys to decode data.
A database is an organized collection of structured data stored electronically in a computer system. It is designed to efficiently manage, retrieve, and manipulate large volumes of data for various purposes. Databases are commonly used in businesses, organizations, and applications to store and manage critical information such as customer records, financial transactions, product inventory, and more. Examples of database management systems (DBMS) include MySQL, Oracle Database, Microsoft SQL Server, and PostgreSQL.
Securing a database is crucial to protect sensitive information from unauthorized access, tampering, or loss.
a. Access Control: Implementing robust access control mechanisms to ensure that only authorized users can access the database. This involves defining user roles, privileges, and permissions based on the principle of least privilege, where users are granted only the minimum permissions required to perform their tasks.
b. Authentication: Verifying the identity of users before granting them access to the database. This involves implementing strong authentication methods such as username/password authentication, multi-factor authentication (MFA), biometric authentication, or integration with centralized authentication systems like LDAP or Active Directory.
c. Encryption: Encrypting data stored in the database to protect it from unauthorized access in case of a breach. This includes encrypting sensitive fields such as passwords, credit card numbers, and personal identifiable information (PII) using strong encryption algorithms. Additionally, encrypting data in transit between the application and the database using protocols like SSL/TLS.
d. Auditing and Logging: Implementing auditing and logging mechanisms to track database activities and monitor access patterns. This helps in detecting and investigating security incidents, unauthorized access attempts, or suspicious activities. Audit logs should capture details such as login attempts, SQL queries, data modifications, and administrative actions.
e. Data Masking and Redaction: Applying data masking and redaction techniques to hide or obfuscate sensitive information in the database from unauthorized users or applications. This helps in complying with privacy regulations and protecting sensitive data from insider threats or unauthorized access.
f. Backup and Recovery: Implementing regular database backups and disaster recovery strategies to ensure data availability and resilience against data loss or corruption. This involves establishing backup schedules, offsite backups, and testing backup restoration procedures to recover data in case of emergencies or system failures.
g. Patch Management: Keeping the database management system (DBMS) and related software components up to date with security patches and updates to address known vulnerabilities and security flaws. Regularly applying patches helps in mitigating the risk of exploitation by attackers and maintaining the overall security posture of the database environment.
h. Database Firewall: Deploying database firewalls or intrusion detection/prevention systems (IDS/IPS) to monitor and filter incoming and outgoing traffic to the database. This helps in detecting and blocking unauthorized access attempts, SQL injection attacks, or other malicious activities targeting the database.
i. Confidentiality: Ensuring that sensitive data stored in the database is accessible only to authorized users and protected from unauthorized access or disclosure. This involves implementing encryption techniques to secure data at rest and in transit, access controls to restrict access to sensitive information based on user roles and privileges, and data masking/redaction to hide or obfuscate sensitive data from unauthorized users.
j. Integrity: Guaranteeing the accuracy, consistency, and reliability of data stored in the database. This includes implementing mechanisms to prevent unauthorized modifications, deletions, or tampering with data, such as using cryptographic checksums or digital signatures to detect unauthorized changes, enforcing data validation rules to ensure data integrity at the application level, and implementing transaction controls like ACID (Atomicity, Consistency, Isolation, Durability) properties to maintain data consistency during transactions.
k. Availability: Ensuring that the database is accessible and functional when needed by authorized users. This involves implementing high availability and fault tolerance mechanisms to minimize downtime and ensure continuous access to data, such as deploying redundant database servers, load balancing, disaster recovery strategies, and regular maintenance to address performance bottlenecks or system failures.
[…] d. List and explain security requirements of database. […]