Professional Documents
Culture Documents
Database Systems
Unit 10 :
Database
Administration &
Security
Unit 10 :
Database Administration and Security
Topic 10
Objective :
At the end of this unit, you should be able to:
Describe the distinction between data administration
and database administration.
Describe the purpose and tasks associated with database
administration.
Define the scope of database security.
Identify the type of threats that can affect a database
system.
Describe how to protect a computer system using
computer-based security controls.
Implement database security using SQL statements.
IT1768 Database Systems
Topic 10
Content
Roles of data administrator (DA) and
database administrator (DBA)
Database administration and security
Computer-based security controls
Database security control with SQL
Topic 10
( DA)
( DBA)
Topic 10
Policy
Standard
Procedure
Topic 10
Database Administration
Management of physical realization of a
database application, which includes :
physical database
design and
implementation,
setting security and
integrity controls,
monitoring system
performance, and
reorganizing the
database.
IT1768 Database Systems
Database Administration
Topic 10
Topic 10
Topic 10
Computer Security
Main Scope of coverage:
FireWalls : A protection shield to computer system
Data protection against malicious virus attack,
hacking into the computer system.
Authorization : Access control , System
administrator grants access authority to the
computer system.
Topic 10
Database Security
10
Topic 10
Computer Security
11
Topic 10
Computer Security
Cross site scripting
Tools
stealth /
advanced scanning
Staged
techniques
packet spoofingdenial of service
attack
distributed
sniffers
attack tools
sweepers
www attacks
automated probes/scans
GUI
High
back doors
disabling audits
self-replicating code
password guessing
Low
1980
1985
1990
Attackers
1995
2000
12
Topic 10
Database Security
13
Topic 10
Network
Security
Internal
Environment
External
Connection
via Internet
14
Topic 10
Database Security
15
Topic 10
Database Security
MalWare
16
Topic 10
Database Security
17
Topic 10
Database Security
( Authentication Login )
IT1768 Database Systems
18
Topic 10
Includes:
1.
2.
3.
4.
5.
6.
7.
Topic 10
1. Authorization
(Administrator
grants
20
Topic 10
Authentication
Windows Authentication
Form Authentication
Passport Authentication
Anonymous Access.
21
Topic 10
(Windows login)
Form Authentication
UserID :
Password :
Passport Authentication
To authenticate users using a service from Microsoft called Passport.
It is centralized directory of user information that Web sites can use.
Anonymous Access
The application is used by anonymous users.
IT1768 Database Systems
22
Topic 10
23
Topic 10
24
Topic 10
25
Topic 10
26
Topic 10
27
Topic 10
2. View
A view is a database object that looks and
functions exactly like a table, except that it can
contain data from multiple base tables .
It is the dynamic result of one or more
relational operations (Join, , etc) operating on the
base relations to produce another relation.
e.g. View created for on-line registration. It is virtually
of multiple pieces and with sensitive information
being hidden.
IT1768 Database Systems
28
Topic 10
2. View
A view is a virtual relation that does not
actually exist in the database, but is produced
upon request by a particular user, at the time
of request.
29
Topic 10
REGISTRATION_FORM
30
Topic 10
31
Topic 10
4. Integrity constraints
Integrity constraints provide a way of ensuring that
changes made to the database by authorized users do
not result in a loss of data consistency.
It prevents data from becoming invalid, and hence
giving misleading or incorrect results.
5. Encryption
The encoding of the data by a special algorithm
(encryption key) that renders the data scrambled by any
program and hence becomes unreadable.
e.g. 2Dnkn6Pwrd is an encrypted text for password
32
Topic 10
6. RAID Technology
- RAID stands for Redundant Array of Independent Disks.
It is a technology that employs the simultaneous use of
two or more hard disk drives to achieve greater levels of
performance, reliability.
- The large disk array comprising an arrangement of
several independent disks are to enhance the Faulttolerant of disk drives.
- Redundancy is a way that extra data is written across
the array, which are organized so that the failure of one
(sometimes more) disks in the array will not result in
loss of data.
IT1768 Database Systems
33
Topic 10
GRANT statement
(Authorization)
REVOKE statement
To cancel any access rights given to a user or a group of
users, to access database objects.
IT1768 Database Systems
34
Topic 10
SELECT
SUPPLIER
USER1;
GRANT
ON
TO
GRANT
ON
TO
SELECT
PART
PUBLIC;
GRANT
ON
TO
ALL PRIVILEGES
SUPPLIER
USER5;
35
Topic 10
SELECT
SUPPLIER
USER1;
REVOKE
ON
FROM
UPDATE
SUPPLIER
USER2;
REVOKE
ON
FROM
ALL PRIVILEGES
SUPPLIER
USER3, USER4;
REVOKE
ON
FROM
ALL PRIVILEGES
SUPPLIER
USER5;
36
Topic 10
Summary
database planning,
development and maintenance of standards, policies
and procedures, and
conceptual and logical database design.
Data is a valuable resource that must be strictly controlled
and managed, as with any corporate resource.
Database security is the mechanisms that protect the
database against intentional or accidental threats.
Computer-based security control includes:
37
Topic 10
Review Questions 1
Name 3 tasks for data management
38
Topic 10
Review Questions 2
Name Six (6) Computer-Based Security Controls.
Why are VIEWS used for security controls?
How can integrity be achieved?
39
Topic 10
Review Questions 1
(Solution)
40
Topic 10
Review Questions 2
(Solution)
41