This paper discusses the importance for integrity and security in databases, the integrity and security considerations for deploying database servers and clients that access those servers, and methods for implementing database access integrity and security, concluding with a discussion of integrity and security monitoring and auditing.
Data is one of the necessary possessions of an organization. It is defined by Hoffer as "stored representations of meaningful objects and events" . These data may be classified as structured and unstructured. Structured data may be in numerical, textual, and date forms; while unstructured data may be in image, video, and document forms. These collections of data which are related to each other can be organized logically into what we call as database. The contents of this database undergo processes, the product of which in turn becomes information to the probable user of the data. Further, the properties as well as the context on which the data is used are contained in metadata.
The need for database systems emerged when the file processing systems were not anymore addressing the needs of the users. Hoffer mentioned the following disadvantages found in file processing systems: "program-data dependence, duplication of data, limited data sharing, lengthy development times, and excessive program maintenance" . The need for maintaining metadata in the files that each program uses resulted to the program-data dependencies mentioned. The use of separate programs or systems leads to the occurrence of inconsistent copies of the same set of data called data duplication. These two disadvantages mentioned above further lead to the difficulty of sharing data, thus centralization of data control is seldom achieved. These separate programs or systems have specific file formats designed by their respective programmers that prolong the timeframe of program or system development. All of the disadvantages mentioned above lead to an excessive maintenance of programs and accounts for 80% of the budget in information systems (IS).
Due to the data dependency problems caused by file processing systems as mentioned by Hoffer, it is evident that all application programs data in a file processing systems were separately maintained by their respective programmers . Every application program also maintained separate metadata for each file. Further, each application program has its own respective routines to read, insert, update, and delete data. The data dependency problems mentioned above further complicates to the non-standardization of formats in each file.
Further, Hoffer also mentioned the following data redundancy problems caused by file processing systems were duplication of data that caused wastage in terms of storage space; more maintenance problems, while the ultimate problem was caused by the data changes in each file which lead to inconsistencies that compromised data integrity .
The apparent solution to these data dependency and data redundancy problems mentioned by Hoffer above is the establishment of a database system, otherwise called a database approach, instead of a file processing system, the latter being more disadvantageous to the organization in most aspects of information systems development . The database system approach uses a repository for storing centrally the data being shared among the programs or systems, the management of data is achieved through its control agent, and data is stored in a standard format for convenience.
To successfully implement a database system approach it is necessary to have database management system (DBMS). A database management system (DBMS) is defined by Hoffer as "A software system that is used to create, maintain, and provide controlled access to user databases" . However, using and connecting this database management system to the Internet poses database integrity and security problems as discussed in this paper.
INTEGRITY AND SECURITY IN DATABASES
Modern systems need to protect their data not only from intrusion but more especially from being electronically stolen. Having one's data intruded or even stolen electronically only shows the weakness of a system which is not properly protected. This paper deals with the need to secure data and the need for integrity and security in deploying servers and the protection of clients accessing these servers. Data monitoring and auditing are also taken under this paper.
WHY IS INTEGRITY AND SECURITY IN DATABASES NECESSARY?
Murphy's Law really applies to the different computer systems and operations. The law's philosophy is everything that can possibly go wrong will turn out wrong . If servers with default configuration are placed in the Internet, the result will be compromised within minutes. When Slammers worm infected thousands of Microsoft SQL Servers in 2003 - database servers that had been set up with a default in systems administration (SA) and default password were damaged. The worst damage occurred when there was loss of service. Infected computers sent out thousands of packets in the network and infected other computers.
It is necessary to design database integrity and security measures to avoid this damage, according to Oppel, as follows :
Database connected with the Internet or other networks are vulnerable to some hackers and malicious people who are determined to steal the data or cause damage.
Spies from competitors are after the system's secret.
There are notorious hackers who are interested in penetrating the system.
Others are interested to get anything of economic value.
Some employees are disgruntled or dissatisfied with their employers, so they cause their employers' system some damages.
Some destroy other systems by using unethical statements.
The presence of emotionally unbalanced and evil people who like to cause damage.
Some employees attempt to commit fraud.
Sometimes an honest mistake is committed.
The presence of security controls make employees honest.
DATABASE SERVER INTEGRITY AND SECURITY
Maintaining integrity and securing the database servers are the most important points for consideration. To maintain integrity and secure the system, one must start with one end and move toward the other end that is from the database server to the client's workstation or vice versa. As one moves from one end to another, care must be taken to work systematically through all the components without missing anything.
Physical Database Integrity and Security
The best way to maintain integrity and secure the database is to make sure that the server is strategically located. It must be in a locked room and only authorized persons are allowed inside. According to Oppel, systems are easily jeopardized using the server, so the need to secure the system in order to maintain its integrity is imperative .
"Token" security device which administrators must possess to gain access must be used.
Video surveillance system should be installed.
Installing biometric device which requires administrators to pass a finger printing or even a retinal scan to gain access to the system.
A policy requiring two persons to be in the database room whenever one is to be logged.
Creating a policy regarding the removal of hardware and software which should be strictly prohibited. The policy must cover all parts of the system, not just a portion of it since these are interconnected.
Network Integrity and Security
Enterprise Network Must Be Isolated from the Internet
If the enterprise network is connected to the Internet, it must be isolated to prevent hackers from gaining access to the internals of the enterprise network. The following measures must be taken into consideration as mentioned by Oppel :
Configuration of the router. The router connecting the network to the Internet must be configured. The router is a device that forwards the data packet between networks utilizing rules on the routing table. A packet is a piece of a message being transmitted through the network. Data packets are uniformly divided by the network device for easy transmission. The router must be configured properly in order to send appropriate data. Some routers perform limited filtering. They are merely concerned with the IP address found in the packet header, deciding on the best way of routing the packet to the IP address and the routing table.
Using a firewall. A firewall must protect every layer of the enterprise network and the integrity and security rules applied getting lighter with each layer. A firewall can be created using software in a general computer or a specialized software device with its own operating system and filtering software. The firewall protects the network segment inside it from unauthorized access. Data packets passing from the network outside the firewall to the network segment (called the subnet) inside the firewall must pass the integrity and security criteria or they will be rejected.
The firewall uses the following methods:
Packet filtering. The contents of each packet entering or leaving the network are inspected to make sure that they meet the defined rules. Packet filtering is effective but may be subject to IP spoofing where the hacker pretends as a legitimate user for the enterprise network. A zombie attack occurs when an intruder puts a rogue program on one of the servers and sends hundreds or even thousands of packets per minute to a target system especially that which the hacker has some grudges. This is done to clog the attacked system making it useless. This is called the Denial of Service attack (DoS).
Application Gateway. Different network applications use different default ports. HTTP uses port 80 as a default. Ports not needed should be shut down. The firewall must be configured to open only ports needed for normal business or operation.
Circuit-level Gateway. When connection is established, integrity and security mechanism is applied, allowing packets to flow freely for the established connection. A firewall must be configured so that connections can be established with resources inside the firewalls, others are rejected.
Proxy Server. Firewalls can translate IP addresses used in the protected network into different addresses as packets pass through with different ports so that they can respond to these packets and have them sorted out and sent back. This feature is called network address translation or NAT. This hides the internal network from the outside.
Maintain integrity and provide secure connection for employees working offsite. The workers or employees present a special risk for they are connected to a broadband Internet server as DSL or cable. They also reside in a local area network (LAN) with numerous users. If these employees plug their computers directly without precaution, shared devices they may have are shared automatically. If they know what to check, they can readily access someone's files. Two methods can prevent this from happening.
An integrity and security device (a combination of a router/network switch/firewall) should be placed between the DSL or cable modem and any computer used in the home. One benefit of this is that the user can connect multiple computers to a high-speed service but paying only for one IP address with the Internet Service Provider (ISP). Some hackers scan ports and plug resources inside any home network. A port scan is a technique used by hackers. Some use Microsoft Windows XP and Vista which have built-in configurable software firewall. Some experts, however, prefer using external firewall on a dedicated hardware device which offers better protection.
Another device, a secure network technique called Virtual Private Network (VPN) can be used. This can be used to connect from the Internet to the enterprise network.
Maintain Integrity and Secure Any Wireless Network Access
Radio signals from computer devices are received by wireless access points. Some wireless networks adhere to a version of a network standard protocol known as 802.11wireless standard. Wireless access points are inexpensive but prolific because its being wirelesses makes it handy for the users, as mentioned by Oppel as follows :
Establish a wireless integrity and security policy. Organizational integrity and security policies must address wireless connections, forbidding anyone not trained as network administrator from installing them.
Mandate encryption. Policies must be made mandating that encryption be made or enabled at every access point. All the access points must have encryption capability built into them.
Limit access using a MAC address list. Every network device manufactured currently has a unique Media Access Control (MAC) address assigned to it by its manufacturer. The entry of MAC address list is allowed by most wireless access points. The MAC address list can list devices that are not allowed to connect.
System-Level Integrity and Security
Once the network is secured, the next is to maintain integrity and security in the system that will run the DBMS. A poorly secured database server creates several unchecked paths for intruders.
The following should be put into consideration :
Installation of minimal operating system software. Minimal software components should be installed. Avoid default or typical installation. Hackers have a difficult time installing things when the tools needed to perform software installation are not in the server.
Using minimal operating systems services. Remove operating systems which are not needed. Communication services as FTP should not be running unless required. On the Windows system, it is good to set up start-up type to disabled for services not required.
Installation of minimal DBMS software. The fewer the features of the DBMS, the lesser exposure the system has for hackers and less exposure to buffer overflow vulnerabilities. The DBA should work together with application developers to create a consolidated list of the DBMS functions. With the list, use the custom installation option for the DBMS and minimal installation should be made.
Application and maintenance of integrity and security patches in a timely manner. Establish a program that will review integrity and security alerts as they are announced or communicated.
Changing all default passwords. Default passwords should be changed to new ones which are difficult to guess, use or discover by way of brute force - a method for repeatedly trying probabilities until access is achieved.
DATABASE CLIENT AND APPLICATION INTEGRITY AND SECURITY
A database client is one that signs on directly to the database server. The application server is usually a database client. The DBMS requires the installation of client software on these systems to facilitate communication between database client and DBMS using specialized communication mechanism that DBMS requires.
Database users who connect to the database must apply for appropriate credentials to establish connection. It is actually a form of an ID (log-in ID) and a password.
To establish credentials that are not easily compromised, take the following into consideration :
Credentials must not be shared by many database users.
Choose passwords which are not easily guessed. An integrity and security policy should establish and minimum standard for password security, including minimum length, the mixture of uppercase/lowercase letters, numbers, and special characters but avoid words that are found in the dictionary.
Passwords should be changed on a regular basis as every 30 days or 45 days. Experts, however, have no common opinion on the effectiveness of regular change of password.
Any exposed password should be changed immediately.
Password should never be written down and must be encrypted when they are electronically stored.
Encryption is the process of translating of information into a secret code that cannot be used without the use of a password or secret key. Unencrypted data is called plain text; on the other hand, encrypted data is called cipher text.
Some encrypted schemes use symmetric key which means that a single key is used to encrypt plain text and to decrypt cipher text. This is considered less secure compared to the use of asymmetric keys where a pair of keys is used, a public key and a private key. What the public key encrypts, the private key decrypts and vice versa. The private key remains confidential while the public key is used in business transactions.
Guidelines to follow in encryption :
Encryption keys must be a minimum of 128 bits in length. The longer the key, the more secure the system is since longer keys lengthen the encryption process.
The loss of an encryption key should be treated with seriousness as the loss of data that is used to encrypt.
Data which are sensitive should be encrypted before storing. The sensitivity of the data depends upon the business people using them.
Data which are of public knowledge must be encrypted when transported electronically.
E-mail is not considered secure so any sensitive information sent via e-mail should be in an encrypted attachment, instead of being in the body of the message.
Other Client Integrity and Security Considerations
Database clients require some scrutiny because they can become possible pathways for some intruders. The following must be considered, too :
Web browser integrity and security level. The setting of an integrity and security level is allowed by modern web browsers. For Microsoft Internet Explorer, the integrity and security level is controlled using the Security tab on the Internet option panel which can be accessed using the Tools option in the main toolbar. The security level should be set in the highest that will permit the normal use of the database application.
Cookies. It provides the ability of the web browser to store textual information on the client. This can automatically be retrieved automatically.
Use of other software should be minimal. Softwares which are not needed in the normal operation should not be installed. Integrity and security policies must prevent employees from installing unauthorized software.
Virus Scanner. Virus scanning software should be installed in all computer systems running operating systems. Virus scanners that update their virus profiles offer the best protection.
Test Application Exposure. Web-based application should be tested thoroughly using a client configured as the business client user's workstation.
The following are some of the hacker's tricks:
SQL Injection. SQL commands are entered into normal data fields in the web pages as the application server or web server hand them off to the database for processing. Application programs include precautions against attacks like using stored procedures for all updates or rejecting any input field that contain characters as semicolon, ampersands, and backslashes that will be useful in formatting escape sequence needed for SQL injection.
URL Spoofing. In the web browser, the URL is usually overtyped revealing unauthorized data. Designs where session ID's are assigned sequentially by the application server and passed back to the web browser as an argument in the URL. If one can guess another session ID, he can hijack the users session merely by overtyping the session ID in the URL.
Overflows of Buffer.. Published exposure like buffer overflows should be tested thoroughly once the vendors patch has been installed to ensure that the problem was corrected. A buffer overflow is a condition in which the process attempts to stop data beyond the boundary of affixed length buffer. The extra data overwrites data which include malicious code that compromise security.
DATABASE ACCESS INTEGRITY AND SECURITY
Once integrity and security is attained at the client server and the network, the focus would be on the database access. It is now proper to determine the data that each database user needs in order to conduct business. Each database user should be given exactly the privilege required. All database users are treated equally in terms of database integrity and security.
Database Integrity and Security Architecture
With the exception of Microsoft SQL Server and Sybase Adaptive Server Enterprise (ASE), no two databases have the same architecture for database integrity and security. The reason why Microsoft SQL Server and Sybase ASE are similar is that the former was derived from the latter. Microsoft SQL, Sybase ASE and Oracle are the most popular database today.
Database Integrity and Security in Microsoft SQL Server and Sybase ASE
A database server is created when Microsoft SQL Server and Sybase ASE once the DBMS software is installed on the server. The word server is a confusing term because we call the hardware a server. The SQL server is actually a copy of the DBMS software that runs in memory as a set of processes usually installed in Microsoft environment. The SQL server will mean the DBMS software and the database server will mean the hardware platform on which the database is running. Each SQL server manages many data bases.
Log-in. A login account on the SQL server is also referred to as a user log-in. On database servers running Microsoft Windows Operating System, the log-in can use the Windows authentication. This means that the Windows operating system stores the credentials log-in name and password, and authentication users which they attempt to connect to the SQL server. There is a master log-in called SA (system administrator) which is similar to root in UNIX and administrator in Microsoft Windows.
Database. This is a logical collection of database objects (views, tables, indexes, etc.) as defined by the database designer.
The following are the different databases :
master - contains the systems level information initialization settings, configuration settings, login accounts, list of databases configured in SQL server as well as the location of primary data files.
tempdb - the tempdb database contains primary tables and temporary stored procedures.
model - this contains template for all other databases created on the system.
msdb - In Microsoft SQL Server Database (msdb), only the msdb database contains information used for scheduling jobs and alerts.
User. Each database has a set of users assigned. Each user maps to a log-in making each user a "pseudo-account" or an alias to an SQL Server log-in account. User account may not have the same username. When an access to the database is granted by the administrator for a particular log-n account is created by the DBMS.
Privileges. Each user account may be granted a number of privileges applied at the database level. Microsoft SQL Server divides these into server privileges and statement privileges. Server privileges include such permission as starting up, shutting down, and backing up the SQL server. Statement privileges include permission as creating a database and creating a table. Object privileges include specific actions on specific objects.
Database Integrity and Security on Oracle
Oracle's security architecture is different from that of Microsoft SQL Server and Sybase ASE. The difference between the two is highlighted in each component :
Instance. This is a copy of the Oracle DBMS software running in memory. One database is changed in one instance.
Database. This refers to a single file managed by a single Oracle. Taken together, the oracle instance and database make up what Microsoft SQL Server is.
User. A user is one database account. The user account may be authenticated externally. The following predefined users are created automatically when the database is created.
The SYS user is the owner of the oracle instance and it uses objects being used by Oracle to manage the instance. This is equivalent to the user in the Microsoft Server and Sybase ASE.
The SYSTEM user is the owner of the Oracle database and uses objects which Oracle uses to manage the database. This is similar to the masters' database in Microsoft's SQL Server and Sybase ASE.
Schema. The schema is a collection of database objects belonging to a specific Oracle user. The Oracle schema is similar to Microsoft's SQL Server and Sybase ASE call a database.
Privileges. Microsoft SQL Server and Sybase ASE database users are divided into systems and object privileges. These are covered in the system privileges section of the latter.
Schema Owner Accounts
It should be avoided that database users will be given more privileges than what is needed to perform their task. Database log-ins should be created.
The Microsoft's SQL Server and Sybase ASE database users should not be allowed as the systems administrator (SA) user. Log-in with minimal privileges should be created.
In the figure above, the Mgr125 user owns no tables but enjoy some privileges granted it by the employees and product users.
In the figure above, synonyms have been used for user Mgr125. A synonym is a sort of a nickname for an object or an alias for the database object. This is for the user's conveniences to prevent exposing the names.
System privileges are general permission to perform functions in managing the server and the database. Each database vendor supports hundreds of permissions and many of which are system privileges. Object privileges are granted using the SQL Grant statement.
Microsoft SQL Server System (Server and Statement) Privilege Examples
Here are some commonly used Microsoft SQL Server system privileges :
Shutdown. Provides the ability to issue the server shutdown command.
Create Database. Provides the ability to create new database on the SQL Server.
Backup Database. Provides the ability to run backups of the database on the SQL Server.
Oracle Systems Privileges Examples :
Create Sessions. This provides the ability to connect to the database.
Create Table. Provides the ability to create tables in any user's scheme. Similar privileges exist for other objects.
Create any table. Provides the ability to create tables in any other's scheme.
Create users. Provides the ability to create new user in the database.
This object privilege is granted to users with SQL Grant statement and revoked with the Revoke statement.
A role is a named collection of privileges that can be granted to one or more users. Most RDBMS systems have roles which are predefined and database users with the create role privileges.
Roles have advantages as follows:
Roles may exist before user accounts do. One can create a role containing all privileges to work particular on project.
Roles relieve the administrators of a lot of trouble.
Roles survive when user accounts are dropped. For the administrators, a common role is DBA. This conveys a lot of privileges and simplified when properly assembled.
One of the most common integrity and security issue is how to allow users to access to some rows and columns in a table, at the same time preventing access to other tables.
SECURITY MONITORING AND AUDITING
Integrity and security policies and controls are not enough to ensure compliance. Effective monitoring system must be implemented to ensure security. Detection tools can be used to detect intrusion. There must be provisions for auditing so that actions can be monitored properly. An independent auditor may be of help to the organization to ensure efficient organizational functions. It is also important to have inside auditors perform the auditing and recommend possible ways to improve the system by detecting vulnerabilities early .
For man, it is inherent to own properties, be it physical or intellectual, and to protect them from possible intruders, hackers, and malicious people. In the modern world where computer system plays a very important role, protection of one's intellectual property is needed. Many literatures have been written about protection of one's intellectual property. At the moment, protecting one's intellectual property-one's intellectual work which has been stored in databases-is extremely necessary, hence, the need to secure the database and ensure its integrity of the information therein.