Professional Documents
Culture Documents
DSM ASSIGNMENT
Submitted To :Prof. Amna Lodhi
Submitted By:
Gohar Riaz (26)
MSC IT (4TH)PRE
Database Security Management…. Assignment 1
Page 1
Database Security Management…. Assignment 1
Security mechanisms can be oriented access control policies based on user identity,
known as discretionary safety or policies that restrict access to information classified as
confidential to authorized personnel , called Mandatory Safety.
Page 2
Database Security Management…. Assignment 1
Page 3
Database Security Management…. Assignment 1
Also, if they install any other web application (chat, paste, forum, etc.) they do the
same, always use the root user of MariaDB6.
Proposal: MariaDB create separate users for each application that uses this GSBD
(either web application or desktop).
A lot of users and customers rely on MariaDB as technological solution to their
database needs, which is why many websites, blogs, ecommerce sites and webapps
provided with the database. The following five security practices help your database is
more "robust", be optimized and ready for any possible attack both internally and
externally:
1. Make sure you have "shielded" the chances that external users can inject code to
its database through public forms or text fields to your website.
2. Change the root user, which is the default, and assigned a different username.
3. Make sure the root password MariaDB is established.
4. Remove the test account and test database created during the initial installation
of MariaDB.
5. Periodically review the users and databases MariaDB account to ensure that the
permits granted in that time, remain exactly as you left them the last time.
The forms of malicious access are:
Unauthorized reading of data ( data theft )
Unauthorized modification of data
Unauthorized destruction of data security databases refers to protection against
malicious access.
To protect the database must adopt security measures at
various levels:
Database systems.
Operative System.
Network.
Phisycal.
Human.
To maintain security at all these levels should strengthen the security of the database.
The weakness of the low levels of security (physical or human) can circumvent the strict
security measures at higher levels (database). Security within the operating system is
applied at various levels, ranging from passwords to access the system until the isolation
Page 4
Database Security Management…. Assignment 1
of concurrent processes running on it. The file system also provides some level of
protection.
Page 5
Database Security Management…. Assignment 1
The data is encoded by an encoding algorithm. An unauthorized user will have trouble
deciphering the encoded data, but an authorized user will have algorithms to decipher.
There are currently two types of encryption:
Symmetrical: The key used to encrypt the message so as to decipher is
common, so the chance of getting the key is greater because its spread can be
intercepted by unwanted people.
Asymmetric: There are two keys, one to encrypt the message and another
to decrypt it, usually the first is public, that is, only knows the sender, while the
second is called Private and only has to whom they are directed messages sent
between those with the public key, therefore, only the holder of the private key
can read the messages (decrypt).
GnuPG supports symmetric and asymmetric algorithms for encryption. Only files
and folders on the user's computer.
Another option is to sks - ecc for GNU / Linux -just running sudo apt- get install
sks - ecc from the console or GSKs , programmed in Bash. Zeniy invoked to
create simple interactive dialogues . Of course, it must be installed ' zenity '. -
The versatile , simple and effective portable software pocket SKS Cryptography
implements an excellent default AES192 symmetric encryption through its -c and
-C options that encrypt a given file in a conventional manner with a key
generated from the password provided by the user, It is capitalized -C option to
compress before encrypting if desired. The program requires two parameters:
the input file and output; the password is required for command line echo output
to ensure maximum privacy. It is always used to decrypt the -d option.
MD5. It is a 128-bit hash function . As all these functions , making certain size at
the entrance , and come out with a fixed length (128 bits) . To check the integrity
of a downloaded file an MD5 Internet tool is used to compare the MD5 sum of
the file with a file with the MD5 MD5SUM summary of the first file. It is also used
to verify that the emails have not been tampered with using public and private
keys . The PHP language has implemented MD5 ("" ) among others. On UNIX
Page 6
Database Security Management…. Assignment 1
and Linux systems, the MD5 algorithm is used to calculate the hash key users.
Current systems use Linux more secure hash functions , SHA -2 or SHA -3.
SHA -1. It is similar to MD5, but has a block of 160 bits instead of 128 bits.
Page 7
Database Security Management…. Assignment 1
privileges that each user, independent of the database tables (CREATE TABLE, CREATE
VIEW, ALTER, MODIFY, SELECT).
Level of relationship: At this level privileges to access every relationship or single view
are controlled. Each database table
is assigned an account owner, who has all privileges on that table and is responsible for
granting them to other accounts.
Page 8
Database Security Management…. Assignment 1
C. Hardening
As a result of an assessment of vulnerability they are often given a series of specific
recommendations. This is the first step in tightening the database. Other elements of
hardening involve removing all functions and options are not used. Apply a strict policy
that can and that can not be done, but be sure to disable it does not need.
D. Audit
After creating the settings and tightening controls , perform self-assessments and
monitoring audit recommendations to verify non-diversion of its goal (security).
Automate configuration control register so that any change in the same and implement
alerts about changes in it. Each time a change is made, it could affect the security of the
database.
Page 9
Database Security Management…. Assignment 1
E. Monitoring
Real-time monitoring of database activity is key to limiting your exposure, apply or
acquire intelligent agents monitoring, intrusion detection and misuse. For example, alerts
on unusual access patterns that could indicate the presence of a SQL injection attack,
unauthorized changes to data, change account privileges and configuration changes by
running a SQL script. Remember monitoring privileged users, it is required for data
governance and regulatory compliance such as SOX and privacy regulations. It also helps
detect intrusions, as many of the most common attacks are made with user privileges
senior.
Dynamic monitoring is also an essential element of vulnerability assessment, allows you
to go beyond static or forensic evaluations. A classic example see it when multiple users
share privileged credentials or an excessive number of logins database.
F. Audit
Trails Apply generate audit trails and traceability of activities that affect data integrity or
viewing sensitive data. Remember it is an audit requirement, and is also important for
forensic investigations. Most organizations today use some form of manual auditing of
transactions or native applications of management systems databases. However, these
applications are often deactivated due to: • complexity • high operating costs •
performance problems • the lack of segregation of duties and • the need for more
storage. Fortunately, solutions have been developed with minimal impact on
performance and low operating cost, based on intelligent agent technologies.
References:
1. ISO/IEC 27001:2005 - Information technology -- Security techniques [en]
http://www.iso.org/iso/catalogue_detail? Csnumber=42103
Page 10
Database Security Management…. Assignment 1
8. http://sox.sourceforge.net/
10. El Reporte X-Force de IBM revela que el phishing y las amenazas relacionadas a
documentos se incrementan [en] http://www.lawebdelprogramador.com/noticias/mostr
ar.php?id=2460
About the Author:
Jorge Dominguez Chavez. Degree in Physics, Doctor in Sciences, Software
Development mention the UNAM. Computer security specialist from the University of
Washington. Territorial Assistant Professor in the Polytechnic University of Aragua
state. Appointed Tutor at the National Autonomous University of Mexico. Visiting
Professor University Federal do Rio Grande do Sul, (BRAZIL). Author of several books
and articles on database software development, operating systems, computer security.
Dr. Domínguez is recognized lecturer.
Article Link:
See discussions, stats, and author profiles for this publication at:
https://www.researchgate.net/publication/279996570
Page 11
Database Security Management…. Assignment 1
NEXT STEPS
Database security and compliance best practices dictate that organizations regularly scan
for vulnerabilities and highly privileged user accounts and then monitor for anomalous
activity. A pragmatic database security program requires that organizations implement
an automated process for identifying critical vulnerabilities and privileged accounts,
remediating issues where possible and then monitoring privileged activity whether it's
associated with authorized, recognized privileged accounts or other accounts with
excessive privileges. Organizations need to make sure administrators and/or security
personnel have suf cient, actionable data to make informed decisions and are not
distracted by excessive alerts, false-positives and false-negatives.
Also make sure that you're monitoring known but unpatched vulnerabilities. Commonly
referred to as a compensating control, real-time activity monitoring can protect
databases during the gap between discovery of a vulnerability and mitigation of that
vulnerability. Responsible organizations should proactively deploy activity
monitoring, informed by vulnerability and rights review scan results, to ensure the
highest, most ef cient level of database security
Page 12
Database Security Management…. Assignment 1
Page 13
Database Security Management…. Assignment 1
Hacking or auditing your own database is a great way to check your own database
security — before someone else attempts to “test” your security measures for you.
Searching for ways to hack your own database will put you into the mindset of a hacker
and may help you spot vulnerabilities you would have otherwise missed. If you succeed
in hacking your database, you’ll know there is more work needed to be done.
Page 14