Database Administration and Security Transparencies

Objectives
The distinction between data administration and

database administration. The purpose and tasks associated with data administration and database administration. The scope of database security. Why database security is a serious concern for an organization. The type of threats that can affect a database system. How to protect a computer system using computerbased controls.
Pearson Education 2009 2

Data administration and database administration

Data Administrator (DA) and Database

Administrator (DBA) are responsible for managing and controlling activities associated with corporate data and corporate database, respectively. DA is more concerned with early stages of lifecycle and DBA is more concerned with later stages.

Pearson Education 2009

Data administration
Management and control of corporate data, including: database planning; development and maintenance of standards, policies, and procedures; conceptual and logical database design.

Pearson Education 2009

Data administration tasks

Pearson Education 2009

Database administration
Management and control of physical realization of

a database system, including:

physical database design and implementation; setting security and integrity controls;

monitoring system performance;

reorganizing the database.

Pearson Education 2009

Database administration tasks

Pearson Education 2009

Comparison of data and database administration

Pearson Education 2009

Database security
Mechanisms that protect the database against

intentional or accidental threats. Not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database. Includes hardware, software, people, and data. Growing importance of security is the increasing amounts of crucial corporate data being stored on computer.
Pearson Education 2009 9

Examples of threats and possible outcomes

Pearson Education 2009

10

Summary of threats to computer systems

Pearson Education 2009

11

Database security
Threat is any situation or event, whether

intentional or unintentional, that may adversely affect a system and consequently the organization. Outcomes to avoid:
theft and fraud, loss of confidentiality (secrecy),

loss of privacy,
loss of integrity, loss of availability.
Pearson Education 2009 12

Typical multi-user computer environment

Pearson Education 2009

13

Database security
Computer-based countermeasures include: authorization, views, backup and recovery, integrity, encryption, redundant array of independent disks (RAID).

Pearson Education 2009

14

Countermeasures - computer-based controls

Authorization The granting of a right or privilege that enables a subject to have legitimate access to a database system or a database systems object. Authentication A mechanism that determines whether a user is, who he or she claims to be. failure. Privilege A right granted by one user to allow another user or group of users access to a database system or an object in the database system.
Pearson Education 2009

15

Countermeasures - computer-based controls

Views A view is a virtual table that does not necessarily exist in the database but can be produced upon request by a particular user, at the time of request. Backup and recovery Process of periodically taking a copy of the database and log file (and possibly programs) onto offline storage media.

Pearson Education 2009

16

Countermeasures - computer-based controls

Journaling Process of keeping and maintaining a log file (or journal) of all changes made to database to enable recovery to be undertaken effectively in the event of failure. Backup window The time period during which the database can be backed up.

Pearson Education 2009

17

Countermeasures - computer-based controls

Integrity
Prevents data from becoming invalid, and hence

giving misleading or incorrect results.

Encryption
Encoding the data by a special algorithm that renders

the data unreadable by any program without the decryption key.

Pearson Education 2009

18

Countermeasures - computer-based controls

RAID A set or array of physical disk drives that appear to the database user (and programs) as if they form one large physical storage.

Striping: Spreading data blocks across multiple disks Parity: Additional data used to re-create missing data

Hardware that the DBMS runs on must be fault-

tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.

RAID Levels Level 0: Striping only. No redundancy Level 1: Mirroring. Multiple copies of data Level 3: Single disk parity Level 5: Distributed Parity
Pearson Education 2009 19

Network security architecture three tier database system architecture

Pearson Education 2009

20

Countermeasures - network security

Network security is the protect of servers from

intruders. Firewall is a server or router with two or more network interfaces and special software that filters or selectively blocks messages traveling between networks. De-Militarized Zone (DMZ) is a special, restricted network that is established between two firewalls.

Pearson Education 2009

21