Database Security And Policy Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Database security measures comprise the system, methods, and subprograms that protect a database from unintentional action. Unintentional action could be classified as attested misuse, malicious assaults or unintended faults induced by authoritative persons or operations. Database management system generally implement protection by admittance check, scrutinizing, and encoding: a menace is a imminent outcome that could adversely impact an asset, whereas a victorious assault taps exposures in your system. Databases allow for several layers and types of selective information security measures, including: Admittance check; Scrutinizing; Authentication; Encoding and Integrity checks.

Data systems are broke up in 3 chief parts, computer hardware, software package and communications with the aim to discover and employ data security industry measures, because mechanisms of protective cover and prevention, at 3 layers or levels: Physical, individual and organisational.

The Goals of Security measures 

Long-term Goal.

Every database systems to experience deep security measures appraisal

Whole electronic data be sorted out into several classes.

Encode whole tabular array*/columns in db2 server that has got highly sensitive data.

Set up firwall as db2 server, host based IPS or alike security system technology to feature the server supervised around the clock, and block up whole unofficial SQL Server usage.

Complete employees are imparted coaching and examined out about security measures policies.

Short term Goal.

1.Patch up entirely servers with cutting-edge service bundles/hotfixes.2. Carry on net protection appraisal.3. Temper every server supported security system appraisal

Types of Threats to database security 

The uppermost ten Database Security menaces are 1. Utmost ill-usage of exclusive right* 2. Rights Abuse lawfully 3. Exclusive right lift 4. Database platforms exposures 5. SQL Injection 6. Frail scrutinize Trail 7. Denial of servicing 8. Database Communication Protocol exposures 9. Frail certification 10. Backup information vulnerability

Origins of Security menaces

1. Human error; 2. User ill-usage of office 3. Direct examining 4. Examining with malevolent package 5. Conduct incursion, and subversive activity of security measures mechanics

Commons net Application security measures menaces

To build up impregnable net application programs, a holistic approaching to application program security system are called for and security measures that follow must be employed at all 3 levels. This plan of attack is displayed below.

Figure 1.2

Host Configuration Categories

Figure 1.2 shows the diverse grouping used in Part IV of this lead, "secure the net, Host, and Computer software."

Table 1.2: basis for Host Configuration category



Patches up / Update

Several top side protection chances exist because of exposures that are widely released and familiar. While new exposures are came across, exploit computer code are often placed on World Wide Web discussion board* within minutes of the 1st prosperous assault. Patching and updating your host software is the 1st measure towards hardening the server. If you don't apply appropriate patches and update your server, you're allowing for more possible chances for assaulters with malevolent computer code.


The service set is determined by the server role and the software package it hosts. By blocking the useless and unused services, one fast and easily brings down the attack surface area.


To bring down the assaults surface portion and the possibilities open to hackers/attackers, stop any not necessary or needless network protocols.


The amount of accounts available of a server ought to be controlled to the essential band of service and user accounts. In addition, you ought impose suitable invoice policies, such as mandating impregnable passwords

Files and Directories

Restricted NTFS permissions are applied on all Files and directories, which give access only the needful Microsoft windows services and user accounts.


All default administrative shares and needful file shares, unused, should be removed. All rest must be secured with restricted NTFS permission.


A service listens to specific ports, for incoming requests. A proper audit should be done on all known open ports, to ensure no insecure service is running and available for communications. Audit detects listening ports that was not opened and used by a Administrator.

Auditing and Logging

Auditing helps in discovering intruders or intrusion in progress. Regular noting of all activities, proves to be useful as forensic information when trying to see how an intrusion or unlawful was performed.


A Server registry maintains all security related settings. Block remote registry access, and do apply restricted Microsoft ACLs

Log filing and scrutinizing

Auditing and logging shows how each computer software record the events related to security

Physical Security 

The data base servers should be physically separated from the data enter, should have strict authorised access only.

Security measures to protect a Database.

Reverse implicit authorities and Rights from PUBLIC

Try definite values for SYSxxx_GROUP variable.

Track absolute privileges

Deny needless privileges

Use an encrypted AUTHENTICATION mode

Use orphan IDs to generate and own objects

Use views to control data access

Use stored procedures to control data access

Use LBAC to restrict data access

Prevent SQL injection in applications

Implement the most recent DB2 fix packs

Do security audits haphazardly

Database Security

The default security policy for the project is a closed one - users are granted access on a need-to-see basis, and the access rights are regularly reviewed.

Access controls

Standard Client accession commands will be employed to both the data warehouse servers and the customer-accession machines.

Servers will be put up in the customer data point* room, and will be in real time available exclusive to empowered IT faculty.


Absolute majority of the end-users will authenticate versus the net server - in that case, MicroStrategy. MicroStrategy could utilise LDAP to pass on authentication quests to the NDS infrastructure, and this choice is being looked into. In place of NDS integration, user accounts will be serviced inside MicroStrategy.

Users getting at additional solution elements will authenticate utilising application-level security mechanises. Novell NDS is applied to authenticate user entree to someone workstations.


Oracle database authority mechanises will be utilised to deal user entree to the information storage warehouse resources. Novell NDS possibly incorporated to furnish LDAP authorization potentialities.

Controlled entities (table and column security)

Certain tables or columns may be inaccessible to just about users. Entree limitation profiles will be contained employing Oracle functions, and specified as a consequence of origin system of rules analysis.

Confidential content (row-level security)

For operation rationalities, row-level security won't be employed.

Instrumentation and logging

Standard database and application program logging installations will be employed. Existing Client server management application program* will be utilised for analysis of the logs generated.

Certification and non-repudiation

No certification or non-repudiation capabilities are held essential for the data warehouse


Encrypting links to SQL Server

SQL Server do give support to Secure Sockets Layer (SSL) technology and is fully compatible with Internet Protocol security (IPSec).

Secure Sockets Layer (SSL)

Microsoft SQL Server is capable to use Secure Sockets Layer (SSL) to encode data with the intention of transmitting it all across a network between an occurrence of SQL Server and a client application. The SSL encryption is carried out within the protocol layer and is accessible to all SQL Server customers except for DB Library and MDAC 2.53 clients.

SSL could be used for server rationale when a client link desires encryption. If the instance of SQL Server is working on a computer that's been specified a certificate from a public certificate agency, identity of the computer and the instance of SQL Server is guaranteed for by the chain of certificates that lead to the trusted root authority. Such server substantiation calls for that the computer upon which the customer applications programme is running be designed to trust the root authority of the certification that's utilised by the server. Encryption with a self-signed certification is conceivable and are described in the following division, but a self-signed credentials provides merely limited protective cover.

The level of encoding used by SSL, 40-bit or 128-bit, depends upon the version of the Microsoft Windows OS that's operating on the applications programme and database computers.

Enabling SSL encoding increments the security of information transmitted over electronic network* between instances of SQL Server and applications programme*. Nevertheless, enabling encoding does slow down performance. When whole traffic between SQL Server and a customer applications programme is encoded using SSL, the following extra processing are called for:

A additional network round about trip is necessary at hook up time.

Packets transmitted from the application to the instance of SQL Server should be encrypted by the customer Net-Library and decoded by the server Net-Library.

Packets sent from the instance of SQL Server to the application must be encrypted by the server Net-Library and decoded by the client Net-Library.

Threats and Countermeasures

The reality that an assaulter could hit remotely causes a Web server an attractive object. Interpreting threats to your Web server and being capable to distinguish suitable countermeasures allows you to foresee a lot of assaults and frustrate the ever-growing counts of assaulters.

The major intimidation to a Web server are:

Profiling, rebuff of service, Illegal access, random code execution, Elevation of access rights

Viruses, worms, and Trojan horses

Figure 16.1 run through the more common attacks and common vulnerabilty.

Figure 16.1:

important Web server intimidation and common vulnerabilities


Profiling, or host inventory, is an probing process used to collect information concerning your Web site. An invader uses this information to assault known weak points.


Common exposures that make your server at risk to profiling include: redundant protocols; Unfasten ports; Web servers providing formation information in banners


general attacks used for profiling take account of:

Port search; Ping sweep up; NetBIOS and server message block (SMB) details


Counter-offensive takes in jamming all redundant ports, blocking Internet Control Message Protocol (ICMP) traffic, and disable needless protocols such as NetBIOS and SMB.

Denial of Service

Refusal of facility attack occurs when your server is weighed down by service requests. The danger is that your Web server will be too besieged to react to lawful client needs.


Vulnerabilities that raise the opening for rebuff of service comprise: Weak TCP/IP stack arrangement, Servers that are not patched.


general rebuff of service assault include: Network-level SYN overflow,Buffer overflows,Flooding the Web server with requests from circulated locations


Counter-offensive take in hardening the TCP/IP stack and time after time applying the latest software patches and fixes to system software.

Unauthorized Access

Illegitimate entree happens when a user without right permits attains access to controlled data or performs a confined operation.


Most common exposures that head to unofficial accession let in:

· Weak IIS Web entree control condition* including Web permissions

· Weak NTFS permissions


Countermeasures include employing secure Web permits, NTFS permits, and .NET Framework accession check mechanises including URL authority.

Impulsive Code instruction execution

Code execution approaches come about when an assaulter runs malevolent code upon your server either to compromise server resourcefulness or to mount extra assaults against downstream systems.


Exposures that could head to malevolent computer code carrying out include:

· Weak IIS configuration

· Unpatched servers


Most common computer code execution assaults include:

· Route traverse

· Buffer storage spill over leading to code injection


Countermeasures admit configuring IIS to resist URLs with "../" to forestall course traverse, locking in down system instructions and utilities with suppressive admittance control lists (ACLs), and setting up new patches and updates.

Elevation of Privileges

Superlative of exclusive right attacks come when an assaulter runs code by applying a favoured method account.


general vulnerabilities that put together your Web server prone to increase of privilege attacks take account of:

Over-privileged process accounts

Over-privileged service accounts


Countermeasures include running processes using least privileged accounts and using least privileged service and user accounts.

Viruses, Worms, and Trojan Horses

malevolent code comes in numerous variety, including:

Viruses. Programs that are intended to carry out malevolent acts and effect disturbance to an operating system or applications.

Worms. Programs that are self-replicating and self-sufficient.

Trojan horses. Programs that become visible to be practical but that in fact do harm.

In several cases, malevolent computer code are overlooked until it depletes system resources and decelerates or freezes the executing of other computer programme*. For instance, the Code Red worm made up one of the most infamous to smite IIS, and it banked upon buffer storage overspill vulnerability in an ISAPI filter


Common exposures that cause you hypersensitive to computer virus*, worms, and Trojan horses include:

· Unpatched servers

· Executing unneeded services

· Needless ISAPI filters and extensions.


Countermeasures include the immediate application of the most recent software patches up, crippling inactive functionality such as inactive ISAPI filters and extensions, and executing processes with to the lowest degree favored accounts to bring down the ambit of damage in the consequence of a compromise.

Threats and Countermeasures

An assaulter could direct and compromise a database server in a more benumbed of techniques by tapping a assortment of configuration and applications programme level exposures.

The chief menaces to a database server are:

SQL injection

Network eavesdrop

illegal server access

Password cracking

Steps for Securing Your Database Server

This section guides you through the process of securing your database server using the configuration categories introduced earlier. The steps cover Windows 2000 and Windows Server 2003 and SQL Server 2000. Each step may contain one or more actions to secure a particular area or feature.

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Patches and Updates




Files and Directories


Step 7

Step 8

Step 9

Step 10

Step 11

Step 12



Auditing and Logging

SQL Server Security

SQL Server Logins, Users, and Roles

SQL Server Database Objects


Securing your electronic network

Distinguishing network menaces and describing countermeasures

Depicting fasten router, firewall, and switch configurations

Furnishing a snapshot of a batten down network

The electronic network is the incoming point to your applications programme. It allows for the first gatekeepers that operate approach to the various servers in your surroundings. Servers are protected with their own OS gatekeepers, but it's crucial not to admit them to be overwhelmed with assaults from the network layer. It is equally crucial to ascertain that network gatekeepers can't be substituted or reconfigured by frauds. In a nutshell, network security system involves protective network devices and the information that they forwards.

The elementary elements of a network, which act as the battlefront gatekeepers, are the router, the firewall, and the switching. Figure 15.1 shows core constituents.

Figure 15.1

Network components: router, firewall, and switch

Threats and Countermeasures

An attacker looks for poorly configured network devices to exploit. Common vulnerabilities include weak default installation settings, wide-open access controls, and unpatched devices. The following are high-level network threats:

Information gathering



Session hijacking

Denial of service

With knowledge of the threats that can affect the network, you can apply effective countermeasures.

Information Gathering

Information gathering can reveal detailed information about network topology, system configuration, and network devices. An attacker uses this information to mount pointed attacks at the discovered vulnerabilities.


Common vulnerabilities that make your network susceptible to an attack include:

The inherently insecure nature of the TCP/IP protocol suite

Configuration information provided by banners

Exposed services that should be blocked


Common information-gathering attacks include:

Using Tracert to detect network topology

Using Telnet to open ports for banner grabbing

Using port scans to detect open ports

Using broadcast requests to enumerate hosts on a subnet


You can employ the following countermeasures:

Use generic service banners that do not give away configuration information such as software versions or names.

Use firewalls to mask services that should not be publicly exposed.


Sniffing, also called eavesdropping, is the act of monitoring network traffic for data, such as clear-text passwords or configuration information. With a simple packet sniffer, all plaintext traffic can be read easily. Also, lightweight hashing algorithms can be cracked and the payload that was thought to be safe can be deciphered.


Common exposures that make your network non-resistant to data sniffing let in:

· Imperfect physical security measures

· Deficiency of encryption while beaming classified information

· Services that pass on in plain school text or weak encryption or hashing


The assaulter positions packet sniffing tools around about the electronic network to seize all trafficking.


Countermeasures include the accompanying:

· Impregnable physical security measures that forbids rogue devices from being located on the network

· Encrypted credential and applications programme traffic all over the network


Basic exposures that create your network open to spoofing include:

The inherently high-risk nature of the transmission control protocol/internet protocol suite. Lack of ingress and egress filtering out. Ingress filtering is the filtering out of some IP packets with untrusted reference addresses before they've an luck to get into and bear upon your system or network. Egress filtering out is the operation of filtering out outgoing traffic of your network.


An assaulter could employ various instruments to alter outbound packets in order that they seem to originate from a secondary network or host.


You may use ingress as well as egress filtering on outside routers.

Session Hijacking

With session commandeering, also best-known as gentleman in the central onslaughts, the attacker applies a application program that masks as either the customer or the server. This results in either the server or the customer being foxed into considering that the upstream host constitutes the lawful host. However, the upstream host is in reality an assaulter host that's controlling the network so that it seems to be the sought after address. Session hijacking could be used to get log-in info that can then be applied to attain admittance to a system or to classified info.


general exposure that create your network vulnerable to session commandeer consist of: feeble physical security measures, The innate uncertainty of the TCP/IP protocol suite, Unencrypted communiqué


An assailant can use numerous gears to do all the spoofing, routing transform, and packet manoeuvring.


Countermeasures incorporate the following: Session encoding.Careful examination at the firewall

Denial of Service

A rejection of facility assault is the move of refusing lawful users entree to a server or services. Network-layer denial of servicing assaults normally attempt to refuse service by inundating the network with hits, which eats up the disposable and available bandwidth as well as the source of supply.


Exposures that step-up the chances for denial from servicing include:

· The built-in weakness of the TCP/IP protocol suite

· Imperfect router and switch settings

· Unencrypted communication

· Service software package glitches


· Most common denial of service attempts include:

· Savage force packet torrents, so much as cascading broadcast assaults

· SYN inundate attacks

· Service exploits, such as buffer storage overspills


Countermeasures include:

· Filtering out transmit requests

· Filtering out cyberspace Control Message Protocol (ICMP) asking

· Patching up and bring up to date by service software package

Database security checklist.

SQL Injection Checks



Input signal passed on to data accession techniques that starts outside the prevailing trust bounds is restrained. Sanitisation of input signal is solely in use as a defence mechanism in profundity measure.

Stored processes that take on parameters are applied by information access computer code. Whenever stored processes are not applied, type fail-safe SQL parametric quantity* are used to build SQL instructions.

Lowest-privileged accounts are utilised to link up to the database.




Microsoft windows establish the authentication is used to link to the database.

Imprengable passwords are tried and enforced in the system.

If SQL Server validation is employed, the identity is taken over the local area network by using IPSec or SSL, or by employing a database server certification.

If SQL Server authentication is applied, connective strings are encoded by employing DPAPI and are stored in a protected position.

Applications programme links up applying a least-privileged account. The sa account or extra favoured accounts that are members of the system administrator or db_owner roles are not applied for application program logs on.




Calling in users are controlled applying declaratory or imperative principal permit checks (commonly executed by business system of logic).

Calling in code is controlled applying personal identity permission demands in scenarios wherever you acknowledge and would like to confine the addressing code.

Applications programme log-in is controlled in the database and could solely carry out picked out stored processes. Application's log-in bears no straighter table access.

Configuration Management



Microsot Windows credential authentication is employed to stop credential management.

Link strings is encoded and encrypted data is stashed away in protected manner, for e.g., in a contained registry key.

OLE DB connection strings has no Persist Security Info="true" or "yes".

UDL files are protected with controlled ACLs.

Sensitive Data



Classified information is enciphered in the database applying secure symmetric encryption (for example, 3DES

Symmetric encoding keys are backed up and encoded with DPAPI and stored in a controlled register key).

Classified data point* are secured across the electronic network by applying SSL or IPSec.

Passwords are not hived away in customs user store databases. Password hashes are stashed away with salt values alternatively

Exception Management



ADO.NET exceptions are seperated and logged in a txt file.

Connection to the Database and additional restricted sources are given out in case of exception or accomplishment of operation.

ASP.NET is programmed by a generic error text file by using the <customErrors> elements.

Deployment Considerations



Firewall controls make sure that only SQL Server hearing port is made available on the database server.

A process for to maintain encoded database connection strings is spelled out.

The application program is programmed to use the lowest-privileged database log-ins.

Auditing of the SQL server has been configured. Failures in the login try are noted down at minimum.

Data exclusion and integrity across the network is given with IPSec or SSL.

Laws and regulations

Below is a partial listing of European, United Kingdom, Canadian and USA governmental laws and regulations that you should be aware of and implement in your security implementation.

UK Data Protection Act 1998 .

The Computer Misuse Act 1990 is an Act of the UK Parliament making computer crime a criminal offence.

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232 g; 34 CFR Part 99) is a USA Federal law that protects the privacy of student education records.

Health Insurance Portability and Accountability Act (HIPAA) 

Gramm-Leach-Bliley Act of 1999 (GLBA Sarbanes-Oxley Act of 2002 (SOX).

Payment Card Industry Data Security Standard (PCI DSS) establishes comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

State Security Breach Notification Laws (California and many others)

Personal Information Protection and Electronics Document Act (PIPEDA) -