2. 3. 4.

George M Marakas, Decision support Systems, 2nd Edition, Pearson / Prentice Hall,2002. Janakiraman V.S., Sarukesi K., Decision Support Systems, PHI, ISBN8120314441, 9788120314443, 2004. Efrem G Mallach, Decision Support systems and Data warehouse Systems, 1st Edition, Tata McGraw Hill 2000. DATABASE SECURITY L Total contact hours 45 3 Prerequisite Knowledge of Database Management Systems, Database Administration are preferred. T 0 P 0 C 3

DB2106

PURPOSE This course is about database security, with many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. It also includes vulnerabilities and attacks that exist within various database environments or that have been used to attack databases. INSTRUCTIONAL OBJECTIVES 1. Describe and apply security policies on Databases 2. Understand authentication and password security 3. Know about application vulnerabilities 4 Understand about auditing techniques UNIT I - DATABASE SECURITY (6 hours) Introduction to database security Security in Information Technology importance of data database review - identity theft Levels of security Human level: Corrupt/careless User, Network/User Interface, Database application program, Database system, Operating System, Physical level. UNIT II - AUTHENTICATION AND AUTHORIZATION (11 hours) Passwords, Profiles, Privileges and Roles - Authentication operating system authentication, database authentication, Network or third-party authentication, Database vector password policies - Authorization User Account authorization, 25

- Database/Application Security - Limitations of SQL Authorization - Access Control in Application Layer - Oracle Virtual Private Database Privacy. UNIT III - APPLICATION VULNERABILITIES (10 hours) Application Vulnerabilities - Application Security - OWASP Top 10 Web Security Vulnerabilities - Unvalidated input, Broken access control, Broken account/session management, Cross-site scripting (XSS) flaws, Buffer overflows - SQL Injection flaws, Improper error handling, Insecure storage, Denial-ofservice, Insecure configuration management. UNIT IV - SECURING DATABASE TO DATABASE COMMUNICATIONS (9 hours) Monitor and limit outbound communications secure database links protect link usernames and passwords monitor usage of database links secure replication mechanisms - map and secure all data sources and sinks. Trojans four types of database Trojans. UNIT V - ENCRYPTING AND AUDITING THE DATA (9 hours) Encrypting data in transit encrypting data at rest auditing architectures audit trail architectures of external audit systems - archive auditing information secure auditing information audit the audit system. REFERENCES 1. Ron Ben-Natan, Implementing Database Security and Auditing: A Guide for DBAs, Information Security Administrators and Auditors, Published by Elsevier, 2005. 2. Silvana Castano, Database Security , Published by Addison-Wesley, 1994. 3. Alfred Basta, Melissa Zgola, Dana Bullaboy, Thomas L. Witlock SR, Database Security, google books, 2011. 4. Silberschatz, Korth and Sudarshan, Database System Concepts, 6th Edition, 2010. 5. The Open Web Application Security Project, http://www.owasp.org 6. Web application security scanners, http: // www. Window security . com / software/Web-Application-Security/ 7. SQL Injection, http://www.cgisecurity.com/development/sql.shtml 8. 9 ways to hack a web app, http : / / developers. sun. com / learning / javaone online/2005/webtier/TS-5935.pdf 9. Database security, http : / / docs . oracle . com / cd / B19306_01 / server.102 / b14220/security.htm

26