Server Security: This is one of the most basic and most important components of database security. If an organizations database server is supplying information to a web server, then it should be configured to allow connections only from that server. Protect sensitive data that is being transmitted via some type of communications[ DataEncryption]
Access Control: Access control is the process of meditating every request to resource and data maintained by system and determined weather request should be granted or denied. Access control works with an access control list, which is a table that tells a computer operating system which access rights each user has to a particular system object.
Restricting Database Access: Unauthorized access to database can also be taken by conducting a "port scan" to look for ports that are open database systems are using by default. The ports that are used by default can be changed. There are additional security measures that can be implemented to prevent open access from the Internet, such as
Server account disabling - The server ID can be suspended after three password attempts.
2)What is Database Encapsulation? Explain with an example.
Encapsulation is a design issue that deals with how functionality is compartmentalized within a system. A database encapsulation layer hides the implementation details of database(s), including their physical schemas, from business code.Â This layer also provides business objects with persistence services - the ability to read data from, write data to, and delete data from - data sources.Â
An effective database encapsulation layer will provide several benefits:
It reduces the coupling between your object schema and your data schema, increasing your ability to evolve either one. Â
It implements all data-related code in one place.Â
It simplifies the job of application programmers.Â
It allows application programmers to focus on the business problem and Agile DBA(s) can focus on the database.Â
It gives a common place to implement data-oriented business rules.Â
It takes advantage of specific database features, increasing application performance.
3)List down the different System Level permissions and explain any two with appropriate example?
System privileges allow the user to perform system level activities. This might include such things as being able to actually connect to the system, or it might include the ability to do things like create objects in schemas other than your own schema.
Granting Oracle System Level Privileges
The grant command is used to grant system level privileges. For example we are granting system level privileges to a user:
* Connect to the database (create session)
* Create objects (create table, create index)
* Perform DBA activities, like backup the database (SYSDBA, SYSOPER)
4) Which Data Dictionary would you use to check the objects within a schema and Why?
The Advantage Data Dictionary introduces additional features and functionality that compliment the advantage database server and advantage local server. With the Advantage Data Dictionary, a database can be clearly defined with its associated tables and indexes. Access to the database table can be more securely guarded by the Advantage servers because users and user groups can be defined in the database and specific rights can be assigned to the users and user groups. The Advantage Data Dictionary allows the Advantage server to ensure the logical validity of the data in the database through the use of field level constraints, record level constraint, and referential integrity with ADT tables. The Advantage Data Dictionary also supports the use of stored procedures. Descriptions of the database, tables, fields, indexes, and default field values can be stored in the Advantage Data Dictionary to allow developers to develop and deploy applications more efficiently. Much of the Advantage Data Dictionary functionality is available to both ADT and DBF tables.
5) How can you perform Database Auditing by verifying security access?
Database auditing can be a crucial component of database security.
At a high level, database auditing is basically a facility to track the use of database resources and authority. When auditing is enabled, each audited database operation produces an audit trail of information including information such as what database object was impacted, who performed the operation and when. The comprehensive audit trail of database operations produced can be maintained over time to allow DBAs and auditors, as well as any authorized personnel, to perform in-depth analysis of access and modification patterns against data in the DBMS.
Database Access Auditing Techniques
There are several popular techniques that can be deployed to audit your database structures.
The first technique is trace-based auditing. This technique is usually built directly into the native capabilities of the DBMS. Although each DBMS offers different auditing capabilities, some common items that can be audited by DBMS audit facilities include:
Login and logoff attempts (both successful and unsuccessful attempts)
Database server restarts
Commands issued by users with system administrator privileges
Attempted integrity violations (where changed or inserted data does not match a referential, unique, or check constraint)
Select, insert, update, and delete operations
Stored procedure executions
Changes to system catalog tables
Row level operations