Introduction to Database Security

 Database security refers to the range of tools, controls, and measures designed to
establish and preserve database confidentiality, integrity, and availability.
 Database security must address and protect the following:
 The data in the database
 The database management system (DBMS)
 Any associated applications
 The physical database server and/or the virtual database server and the underlying
hardware
 The computing and/or network infrastructure used to access the Database security
is a complex and challenging endeavor that involves all aspects of information
security technologies and practices.
 The more accessible and usable the database, the more vulnerable it is to security
threats; the more invulnerable the database is to threats, the more difficult it is to
access and use
Why is it important

• By definition, a data breach is a failure to maintain the confidentiality of data in a

database.

• How much harm a data breach inflicts on your enterprise depends on a number of
consequences or factors:

• Compromised intellectual property: Your intellectual property—trade secrets,

inventions, and proprietary practices—may be critical to your ability to maintain a
competitive advantage in your market.

• If that intellectual property is stolen or exposed, your competitive advantage may be

difficult or impossible to maintain or recover.
 The Web Security Problem

A holistic approach to protecting computers and the information that they

contain: a web site is as dead if it is compromised by an attacker as it is if
the sole web server on which the site resides washes away in a flood.
Web security, then, is a set of procedures, practices, and technologies for
assuring the reliable, predictable operation of web servers, web browsers,
other programs that communicate with web servers, and the surrounding
Internet infrastructure.
web security problem has three primary facts:
Securing the web server and the data
We need to be sure that the server can continue its operation, that the information
on the server cannot be modified without authorization.
 Securing information that travels between the web server and the user
we would like to assure that information the user supplies to the web server
(usernames, passwords, financial information, the names of web pages visited, etc.)
cannot be read, modified, or destroyed by any third parties. It is also important to
assure that the link between the user and the web server cannot be easily
disrupted.
Securing the end user’s computer and other devices that people use to access
the Internet
Finally, web security requires that the end user’s computer be reasonably secured.
Users need to run their web browsers and other software on a secure computing
platform that is free of viruses and other hostile software. Users also need
protections for their privacy and personal information either offline or online.
• Each of these tasks, in turn, can be broken down into many others. For
example, in the case of a web publisher, the goal of securing the web server
used in electronic banking might include the following tasks:

• Devising and implementing a system for verifying the identity of users who
connect to the web server to view their bank statements, a process also known
as authentication.

• Analyzing the programs and scripts that operate the web site for flaws and
vulnerabilities (e.g., making sure that a web page that leads to the display of
one user’s account can’t be tricked into displaying the account of another user).
• Providing for secure, off-site backup of user information.
• Creating a secure logging and auditing facility that can be used for billing,
conflict resolution, and so-called “non repudiation” and investigation of
misuse.
• Balancing the load among multiple servers to protect against usage spikes
and hardware failures, and to provide responsive service.
• Creating a second data center so that in the event of a disaster (e.g., an
earth quake, blizzard, explosion, or invasion from outer space) affecting
the primary data center, services will continue.
• Providing for redundant Internet connections, using multiple service
providers, to minimize the chances that a service disruption on the Internet
will prevent users from reaching the web site.
• Securing your Domain Name Service (DNS) service so that an attacker
can’t change the domain name to point to another organization’s server
 Securing the Web Server

• Securing the web server is a three-part process.

• First, the computer itself must be secured using traditional computer security

techniques.

• Second, special programs that provide web service must be secured.

• Finally, you need to examine the operating system and the web service to see if

there are any unexpected interactions between the two that might compromise

the system’s overall security.

Simplification of services

• One of the best strategies for improving a web server’s security is to minimize
the number of services provided by the host on which the web server is
running. If we need to provide both a mail server and a web server, the safest
strategy is to put them on different computers. On the system that runs our
web service, design the system to run only our web services.

• Another good strategy for securing the information on the web server is to
restrict access to the web server. The server should be located in a secure
location, so that unauthorized people do not have physical access to the
equipment.
Policing copyright

• Many web developers also want to protect the information that they
put on their websites from unauthorized use.

• Companies putting pay-per-view information on a website would like

to prevent users from downloading this information and sharing it
with others who have not paid for the service
• It is impossible to impose technical solutions that limit the spread of
information once it has been provided to the user. If the data is viewed
on the user’s screen, that information can simply be copied off the
screen and either printed or saved in a file.

Securing Information in Transit

Securing Information in Transit There are many ways to protect

information from eavesdropping as it travels through a network:

• Physically secure the network, so that eavesdropping is impossible.

• Hide the information that you wish to secure within information that
appears innocuous.

• Encrypt the information so that it cannot be decoded by any party

who is not in possession of the proper key.
What is Risk?
• There are two special cases to keep in mind:
• Anything times zero is zero. If any of the factors is zero, even if the other factors
are high or critical, your risk is zero.
• Risk implies uncertainty. If something is guaranteed to happen, it is not a risk.
• Here are some common ways you can suffer financial damage:
• Data loss. Theft of trade secrets could cause you to lose business to your
competitors. Theft of customer information could result in loss of trust and
customer attrition.
• System or application downtime. If a system fails to perform its primary function,
customers may be unable to place orders, employees may be unable to do their
jobs or communicate, and so on.
• Legal consequences. If somebody steals data from one of your databases, even if
that data is not particularly valuable, you can incur fines and other legal costs
because you failed to comply with the data protection security requirements of
HIPAA (Health Insurance Portability and Accountability Act)or other compliance
12
What is a security risk
assessment?
• A security risk assessment identifies, assesses, and implements key
security controls in applications.
• It also focuses on preventing application security defects and
vulnerabilities.
• Carrying out a risk assessment allows an organization to view the
application portfolio holistically—from an attacker’s perspective.
• It supports managers in making informed resource allocation, tooling,
and security control implementation decisions.
• Thus, conducting an assessment is an integral part of an organization’s
risk management process.

13
How does a security risk
assessment work?
• Factors such as size, growth rate, resources, and asset portfolio affect
the depth of risk assessment models.
• Organizations can carry out generalized assessments when
experiencing budget or time constraints.
• However, generalized assessments don’t necessarily provide the
detailed mappings between assets, associated threats, identified
risks, impact, and mitigating controls.
• If generalized assessment results don’t provide enough of a
correlation between these areas, a more in-depth assessment is
necessary.

14
What problems does a security risk
assessment solve?
A comprehensive security assessment allows an organization to:
• Identify assets (e.g., network, servers, applications, data centers, tools, etc.)
within the organization.
• Create risk profiles for each asset.
• Understand what data is stored, transmitted, and generated by these assets.
• Assess asset criticality regarding business operations. This includes the
overall impact to revenue, reputation, and the likelihood of a firm’s
exploitation.
• Measure the risk ranking for assets and prioritize them for assessment.
• Apply mitigating controls for each asset based on assessment results.
15
 Risk Analysis and Best Practices

• One traditional way to approach this problem is with the process of risk analysis, a
technique that involves gauging the likelihood of each risk, evaluating the potential for
damage that each risk entails, and addressing the risks in some kind of systematic order.

• the application of risk analysis to the field of computer security has been less successful.

• Risk analysis depends on the ability to gauge the likelihood of each risk, identify the
factors that enable those risks, and calculate the potential impact of various choices
Because of the difficulty inherent in risk analysis, another approach for securing
computers has emerged in recent years called best practices, or due car
• The 4 steps of a successful security risk assessment model:
• 1. Identification. Determine all critical assets of the technology
infrastructure.
• Next, diagnose sensitive data that is created, stored, or transmitted by
these assets. Create a risk profile for each.
• 2. Assessment. Administer an approach to assess the identified security
risks for critical assets. After careful evaluation and assessment, determine
how to effectively and efficiently allocate time and resources towards risk
mitigation. The assessment approach or methodology must analyze the
correlation between assets, threats, vulnerabilities, and mitigating controls.
• 3. Mitigation. Define a mitigation approach and enforce security controls
for each risk.
• 4. Prevention. Implement tools and processes to minimize threats and
vulnerabilities from occurring in your firm‘s resources
A comprehensive security assessment allows an organization to:
Identify assets (e.g., network, servers, applications, data centers, tools, etc.)
within the organization.
 Create risk profiles for each asset.
 Understand what data is stored, transmitted, and generated by these
assets.
 Assess asset criticality regarding business operations. This includes the
overall impact to revenue, reputation, and the likelihood of a firm‘s
exploitation.
Measure the risk ranking for assets and prioritize them for assessment.
 Apply mitigating controls for each asset based on assessment results
 Cryptography and Web Security
• Today, cryptography is the fundamental technology used to
protect information as it travels over the Internet.
• Every day, encryption is used to protect the content of web
transactions, email, newsgroups, chat, web conferencing, and
telephone calls as they are sent over the Internet.
• Without encryption any crook, thief, Internet service provider,
telephone company, hostile corporation, or government
employee who has physical access to the wires that carry
your data could eavesdrop upon its contents.
• With encryption, it is possible to protect a message in such a
way that all of the world’s computers working in concert until
the end of time would be unable to decipher its contents.
• Cryptography can be used for more than scrambling
messages. Increasingly, systems that employ
cryptographic techniques are used to control access to
computer systems and to sign digital messages.
• Authentication Digital signatures can be used to identify a participant
in a web transaction or the author of an email message; people who
receive a message that is signed by a digital signature can use it to
verify the identity of the signer.
• Digital signatures can be used in conjunction with passwords and bio
metrics or as an alternative to them.
• Authorization Whereas authentication is used to determine the
identity of a participant, authorization techniques are used to
determine if that individual is authorized to engage in a particular
transaction. Cryptographic techniques can be used to distribute a list of
authorized users that is all but impossible to falsify.
• Confidentiality Encryption is used to scramble information sent over
networks and stored on servers so that eavesdroppers cannot access
the data’s content. Some people call this quality
Working Cryptographic Systems and Protocols
 These systems fall into two categories.
The first category of cryptographic programs and protocols is used for
encryption of offline messages—mostly email.
The second category of cryptographic protocols is used for confidentiality,
authentication, integrity, and nonrepudiation for online communications.
PGP/OpenPGP PGP (Pretty Good Privacy)* is a complete working system for
the cryptographic protection of electronic mail and files.
OpenPGP is a set of standards (RFC 2440) that describe the formats for
encrypted messages, keys, and digital signatures.
PGP offers confidentiality, integrity, and nonrepudiation.
PGP was the first widespread public key encryption program.
• PGP is available in two ways: as a command-line program, which can be
run on many different operating systems, and as an integrated
application, which is limited to running on the Windows and Macintosh
platforms.

• The integrated application comes with plug-in modules that allow it to

integrate with popular email packages such as Microsoft Outlook,
Outlook Express, Eudora, and Netscape Communicator.

• With these plug-ins, the standard email packages can automatically send
and receive PGP-encrypted messages.
• S/MIME When we send an email with an attachment over the
Internet, the attachment is encoded with a protocol called the
Multipurpose Internet Mail Extensions,* or MIME.
• The MIME standard codifies the technique by which binary files, such
as images or Microsoft Word documents, can be encoded in a format
that can be sent by email. Secure/MIME† (S/MIME) extends the
MIME standard to allow for encrypted email. On the surface, S/MIME
offers similar functionality to PGP; both allow email messages to be
encrypted and digitally signed.
• Online Cryptographic Protocols and Systems Online cryptographic
protocols generally require real-time interplay between a client and a
server to work properly. The most popular online protocol is SSL,
which is used to protect information as it is sent between a web
browser and a web server.
Security professionals have identified five different roles that encryption
can play in modern information systems. In the interest of sharing a
common terminology, each of these different roles is identified by a
specific keyword. The roles are:

Authentication
Digital signatures can be used to identify a participant in a web
transaction or the author of an email message; people who receive a
message that is signed by a digital signature can use it to verify the
identity of the signer. Digital signatures can be used in conjunction
with passwords and biometrics (see Chapter 6) or as an alternative to
them.

Authorization
Whereas authentication is used to determine the identity of a participant,
authorization techniques are used to determine if that individual is
authorized to engage in a particular transaction. Crytographic
techniques can be used to disbribute a list of authorized users that is
Confidentiality
Encryption is used to scramble information sent over networks and stored on
servers so that eavesdroppers cannot access the data’s content. Some
people call this quality “privacy,” but most professionals reserve that word
for referring to the protection of personal information (whether confidential
or not) from aggregation and improper use.
Integrity
Methods that are used to verify that a message has not been modified while in
transit. Often, this is done with digitally signed message digest codes.
Nonrepudiation
Cryptographic receipts are created so that an author of a message cannot
realistically deny sending a message.
• Strictly speaking, there is some overlap among these areas. For
example, when a message is encrypted to provide confidentiality, an
unexpected byproduct is often integrity. That‘s because many
encrypted messages will not decrypt if they are altered.
 Working cryptographic systems and protocols

• A cryptographic system is a collection of software and hardware

that can encrypt or decrypt information.

• A typical cryptographic system is the combination of a desktop

computer, a web browser, a remote web server, and the
computer on which the web server is running.

• A cryptographic protocol, by contrast, describes how information

moves throughout the cryptographic system. In our examples,
the web browser and the remote web server communicate using
the Secure Sockets Layer (SSL) cryptographic protocol.
• More than a dozen cryptographic protocols have been
developed for Internet security and commerce.

• These systems fall into two categories. The first category

of cryptographic programs and protocols is used for
encryption of offline messages—mostly email.

• The second category of cryptographic protocols is used

for confidentiality, authentication, integrity, and
nonrepudiation for online communications.
Offline Encryption Systems

• Offline encryption systems are designed to take a message,

encrypt it, and either store the ciphertext or transmit it to another
user on the Internet.
PGP/OpenPGP

PGP (Pretty Good Privacy) is a complete working system for the

cryptographic protection of electronic mail and files. OpenPGP is a
set of standards (RFC 2440) that describe the formats for
encrypted messages, keys, and digital signatures. PGP offers
confidentiality, integrity, and nonrepudiation.
• PGP is available in two ways: as a command-line program, which
can be run on many different operating systems,

• and as an integrated application, which is limited to running on the

Windows and Macintosh platforms.

• The integrated application comes with plug-in modules that allow it

to integrate with popular email packages such as Microsoft
Outlook, Outlook Express, Eudora, and Netscape Communicator.

• With these plug-ins, the standard email packages can automatically

send and receive PGP-encrypted messages
• As an alternative to face-to-face meetings, PGP has a
provision for key signing.

• That is, one PGP key can be used to sign a second key.
Essentially, this means that the first person is using his key
to attest to the validity of the second person.

• I may not be able to meet directly with Sam, but if I trust

Deborah, and I get a copy of Sam’s key with Deborah’s
signature on the key attesting to the fact that Sam’s key is
valid, I may trust the key. This process is called certification
S/MIME
• When you send an email with an attachment over the Internet, the
attachment is encoded with a protocol called the Multipurpose Internet
Mail Extensions,[52] or MIME.
• The MIME standard codifies the technique by which binary files, such
as images or Microsoft Word documents, can be encoded in a format
that can be sent by email.
• Secure/MIME[53] (S/MIME) extends the MIME standard to allow for
encrypted email.
• On the surface, S/MIME offers similar functionality to PGP; both allow
email messages to be encrypted and digitally signed.
• But S/MIME is different from PGP in an important way: to send
somebody a message that is encrypted with PGP you need a copy of
that person’s key. With S/MIME, on the other hand, to send somebody
an encrypted message you need a copy of that person’s
S/MIME certificate.
• In general, people cannot create their own S/MIME certificates.
• Instead, these certificates are issued by third parties called certification
authorities
Online Cryptographic Protocols and Systems

Online cryptographic protocols generally require real-time

interplay between a client and a server to work properly.

The most popular online protocol is SSL, which is used to

protect information as it is sent between a web browser and a
web server.
SSL
The Secure Sockets LayerSSL) is a general-purpose web cryptographic protocol for
securing bidirectional communication channels. SSL is commonly used with TCP/IP.

SSL is the encryption system that is used by web browsers such as Netscape
Navigator and Microsoft’s Internet Explorer, but it can be used with any TCP/IP
service.

SSL connections are usually initiated with a web browser using a special URL prefix.
For example, the prefix https: is used to indicate an SSL-encrypted HTTP connection,
whereas snews: is used to indicate an SSL-encrypted NNTP connection.
SSL offers confidentiality through the use of:
•User-specified encryption algorithms
•Integrity, through the use of user-specified cryptographic hash functions
•Authentication, through the use of X.509 v3 public key certificates
•
PCT

• The Private Communications Technology (PCT) is a transport

layer security protocol similar to SSL that was developed by
Microsoft because of shortcomings in SSL 2.0.

• The SSL 2.0 problems were also addressed in SSL 3.0 and,
as a result, use of PCT is decreasing.

• Nevertheless, Microsoft intends to continue supporting PCT

because it is being used by several large Microsoft
customers on their corporate intranets.
SET
• The Secure Electronic Transaction[56] (SET) protocol is an
online payment protocol designed to facilitate the use of
credit cards on the Internet.
• The fundamental motivation behind SET is to speed
transactions while reducing fraud.
• To speed transactions, the protocol automates the “buy”
process by having the consumer’s computer automatically
provide the consumer’s credit card number and other
payment information, rather than forcing the consumer to
type this information into a form in a web browser. To reduce
fraud, SET was designed so that the merchant would never
have access to the consumer’s actual credit card number.
Instead, the merchant would receive an encrypted credit
card number that could only be decrypted by the merchant’s
bank.
DNSSEC

• The Domain Name Service Security (DNSSEC) standard[57] is a system

designed to bring security to the Internet’s Domain Name System (DNS).

DNSSEC creates a parallel public key infrastructure built upon the DNS

system.

• DNSSEC allows for secure updating of information stored in DNS

servers, making it ideal for remote administration.

• The DNSSEC standard is built into the current version of bind , the DNS

server that is distributed by the Internet Software Consortium.

IPsec and IPv6

• IPsec[58] is a cryptographic protocol designed by the Internet Engineering Task

Force to provide end-to-end confidentiality for packets traveling over the
Internet.

• IPsec works with IPv4, the standard version of IP used on today’s Internet. IPv6,
the “next generation” IP, includes IPsec.
Kerberos
• Kerberos is a network security system developed at
MIT and used throughout the United States.
• Kerberos does not use public key technology.
• Instead, Kerberos is based on symmetric ciphers and
secrets that are shared between the Kerberos server
and each individual user. Each user has his own
password, and the Kerberos server uses this password
to encrypt messages sent to that user so that they
cannot be read by anyone else.
• Support for Kerberos must be added to each program
that is to be protected.
• Currently, “Kerberized” versions of Telnet, FTP, POP,
SSH, and Sun RPC are in general use
• Kerberos is a difficult system to configure and administer.

• To operate a Kerberos system, each site must have a

Kerberos server that is physically secure.

• The Kerberos server maintains a copy of every user’s

password. In the event that the Kerberos server is
compromised, every user’s password must be changed.
SSH

• The Secure Shell (SSH) provides for cryptographically

protected virtual terminal (telnet) and file transfer (rcp)
operations.

• Originally developed as free software for Unix, a wide variety

of both commercial and noncommercial programs that
implement the SSH protocol are now available for Unix,
Windows, Mac OS, and other platforms.

• These implementations also allow for the creation of

cryptographically secured "tunnels” for other protocols.
Legal Issues with Cryptography

• The use of cryptography has traditionally been associated with military

intelligence gathering and its use by criminals and terrorists has the
potential to make law enforcement harder. Hence it should come as no
surprise that governments tend to restrict its use. Other legal issues
are patent related and arise due to the complex mathematical nature
of the algorithms involved.

• Inventors of these algorithms tend to protect their intellectual property

by patenting them and requiring that the user obtain a license.

• All in all, the legal issues with cryptography fall into the following three
categories:
1.Export Control Issues.
 The US government treats certain forms of cryptographic
software and hardware as munitions and has placed them
under export control.
 What it means is that a commercial entity seeking to export
certain cryptographic libraries or other software using these
libraries must obtain an export license first.
 In recent years, the export laws have eased somewhat and it
has become possible to export freely a number of commercial
grade cryptographic software packages.
 Most of the software and capabilities included in J2SE v1.4
falls under this category. However, it is possible to have
a JCE provider with capabilities that warrant review by export
control authorities and perhaps, an export license. A practical
manifestation of this fact is that a vendor of JCE provider
must get export clearance.
2.Import Control Issues.
Somewhat less intuitive is the fact that certain countries restrict the use of
certain types of cryptography within their jurisdiction. Under the jurisdiction
of these countries,
it is the responsibility of the user to ensure proper adherence to the law.
J2SE v1.4 handles this by tying cryptographic capabilities to jurisdiction
policy files.
The jurisdiction files shipped with the J2SE v1.4 allow "strong" but "limited"
cryptography by limiting the size of keys and other parameters. Those in
the US must download and install separate policy files to be able to use
"unlimited" capabilities.
• 3.Patent Related Issues.

• To avoid lawsuits related to patent infringement, it is

recommended that you either use algorithms that are not
patented, whose patents have expired, that are licensed for
royalty free use or whose license you have obtained.

• The patent on RSA, the de-facto public key cryptography, was

a big inhibitor for the wide spread use of public key
cryptography before it expired in 2000. Algorithms available
within J2SE v1.4 are either unencumbered from patent issues
or are licensed royalty-free for use.
digital identity

 A digital identity is the body of information about an individual, organization or electronic device

that exists online.

 Unique identifiers and use patterns make it possible to detect individuals or their devices. This

information is often used by website owners and advertisers to identify and track users for

personalization and to serve them targeted content and advertising.

 A digital identity arises organically from the use of personal information on the web and from

the shadow data created by the individual’s actions online. A digital identity may be

a Pseudonymous profile linked to the device’s IP address, for example, or a randomly-generated

unique ID. Digital identities are seen as contextual in nature since a user gives selective

information when providing authentication information.

Examples of data points that can help form a digital identity include:
•Username and password
•Purchasing behavior or history
•Date of birth
•Social security number
•Online search activities, such as electronic transactions
•Medical history
Because a profile often includes aspects of a person’s actual identity,
digital identities come with privacy and security risks, including
identity theft. Pseudonymous profiles can also yield an individual’s identity
through cross-site data analysis. While passports and licenses identify
users in real life, the inclusion of such personally identifying information
(PII) online may pose more risks than benefits for the user. Several
authentication and authorization systems have been explored, but there is
still no standardized and verified system to identify digital identities.