SECURITY

Question 1

What is database security

Answer 1

Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical.

Question 2

Discuss the role of the following modules in a database management System.

i. ) System Catalog (1 Marks)
ii. ) Pre-compiler (1 Mark)
iii. )Backup and recovery (1 Marks)

Answer 2

i) A system catalog also known as a data dictionary, is a collection of information about the contents of a database, it has tables that contain info of everything the database knows about itself. The function of a system catalog is to provide detailed information about everything contained in the database, it communicates the structure and content of the database, and provides meaningful description for individually named objects.
ii) Software that turns SQL commands written within a source program into the appropriate function calls for the database management system (DBMS) being used.
iii) Backup and recovery in general refers to the various strategies and operations involved in protecting your database against data loss and reconstructing the data should that loss occur.

Question 3

Relate confidentiality and database security

Answer 3

Confidentiality refers to the ability of a security program to keep data private or secret and preventing its access from unauthorized access. A first step in ensuring one’s database is truly confidential is examining the type of information and the duration for which it is stored. The best practice is to store only information necessary for the provision of services and for the shortest time possible. Remove anything else regularly and completely. Records that have become outdated should be deleted. It is also imperative that a database implements access control. This involves authentication (verifying the identity of the user) and authorization (ensuring the user is allowed to access particular information). This ensures no unauthorized persons access the database.

Question 4

Relate integrity and database security

Answer 4

Integrity in terms of data security is about ensuring data is reliable, correct and has not been tampered with. There are two types of data integrity: physical (correctly storing and fetching data) and logical (correctness and rationality of the data) To achieve data integrity, databases have strict data integrity rules and constant checks for errors. Data integrity also involves defining the relationships between the data. There are different integrity constraints in relational databases. Entity Integrity stipulates that in a base relation no attribute of the primary key can be null. Referential integrity states that if a foreign key exists in a relation, the FK value must match a candidate key value of some tuple in its home relation. Domain integrity specifies that all columns in a relational database must be declared upon a defined domain. User-defined integrity refers to a set of rules specified by a user, which do not belong to the entity, domain and referential integrity categories. All these, in conjunction with measures to ensure physical integrity such as redundant hardware, come together to ensure data integrity in a database.

Question 5

Relate Availability to database security

Answer 5

Availability means guaranteeing that authorized users have timely and reliable access to their data whenever they need it even in the event of a system breakdown. It has to do with the accessibility and continuity of the data. Availability can be influenced by several factors: hardware or software failure, natural disasters, human error or even malicious attacks such as the denial-of-service attack. In light of this, it is important to ensure there is redundancy (in servers etc.), hardware fault tolerance, regular software patching, backups, disaster recovery plans among others.

Question 6

List 5 threats to databases and their possible countermeasures

Answer 6

1. Backups can be attacked if an organization fails to protect it with the same strict controls used on the database itself. This is worsened by the large volumes of data stored and the shortage of skilled individuals to implement this. In order to prevent this both the database and the backup should be encrypted and audited.
2. Sensitive information that is unmanaged and unattended is easy to hack. An up-to-date inventory should be kept of all sensitive data in a database. All sensitive data should be encrypted and adequate access controls should be implemented. Regular searches for sensitive data should be done so as to better protect it.

Question 7

Describe insider threats and the possible countermeasures

Answer 7

Insider threats from employees who have excessive privileges account for about 80% of attacks on company databases. The threat may come from a malicious or negligent insider or an outsider who falsifies the credentials of an insider. This provides unauthorized access to the database and opens up the database to other attacks. Due to this it is important to uphold a strict access and privileges control policy. The practical minimum number of users should have access to the database, and their permissions should be restricted to the minimum levels necessary for them to do their jobs.

Question 8

Describe the SQL injection and its possible counter measures

Answer 8

An SQL injection is a type of attack that allows an attacker to interfere with queries an application makes to a database. A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. As a result, the attacker has unlimited access to the database. Some countermeasures to prevent this is to used stored procedure instead of direct queries and to implement MVC architecture.

Question 9

Describe the DenialOfService attack and its possible countermeasure

Answer 9

The Denial-Of-Service attack is an attack that uses a huge number of fake requests to slow down or even crash the database server. In a distributed denial of service attack (DDoS), the deluge comes from multiple servers, making it more difficult to stop the attack. To intercept this attack, it is important to have high levels of security. This includes: firewalls and intrusion detection systems to scan the traffic, anti-virus and anti-malware software, endpoint security that ascertains those endpoints do not become entry points for attacks. Dynamic backlog mechanisms should also be employed to ensure the connection queue is never exhausted.

Question 10

Describe the threat of malware and possible counter measures

Answer 10

Malware is software that is designed to disrupt, damage or gain unauthorized access to a database. Malware could be introduced into the database by any endpoint device. It is, therefore, important to protect endpoint devices by setting up malware protection software

Question 11

What is the importance of auditing in databases

Answer 11

Poor auditing practices or lack thereof open up the database to violations of national and international sensitive data protection regulations. Automatic auditing solutions should be used to audit all database events that have been recorded and registered. All operations on sensitive data are also logged. Standard audits should be periodically performed.

Question 12

Describe buffer overflows as a security threat

Answer 12

Buffer overflow occurs when a program tries to write too much data into a buffer, overrunning the buffer’s boundary and overwriting adjacent memory locations. An attacker may use the excess data as a foundation to launch attacks. Buffer overflow can be prevented by the use of Address space randomization (ASLR), Data execution prevention and Structured exception handler overwrite protection (SEHOP)

Question 13

What is the importance of database security

Answer 13

1. Confidential information, such as bank information, contact details and medical history, is stored in databases. Exposure of this kind of information poses to the client the threat of fraud such as identity theft and phishing scams or even direct financial damage. In some cases, the leaked information may prove to be sensitive enough to ruin the reputation of the client.
2. Needless to say, this can prove destructive to the company’s name. Future clients will be apprehensive when sharing their sensitive information. The company may lose tenders and contracts. Damage to the company’s brand will lead to a loss of profits and even in some instances closure of the business.
3. There are also several costs related to data loss. The company must pay penalties because of the breach and compensation for claims. There are also the costs of repairing the breaches, informing the clients etc.
4. Theft or exposure of an organization’s intellectual property such as inventions and proprietary practices can lead to the organization losing its competitive advantage in the market. This may also lead to the shutdown of the business

Question 14

What is database security?

Answer 14

Database security refers to the collective measures and mechanisms that secure a database or database management software from illegitimate use (whether intentional or accidental) and malicious cyber threats and attacks. Database security involves the protection of the hardware and software parts, human resources and data. This is usually planned and maintained by a database administrator and or other information security professionals.

Question 15

Describe what a threat is.

Answer 15

Threat - Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization.
A threat may be caused by a situation or event involving a person, action, or circumstance that is likely to bring harm to an organization.

Question 16

Give some categories of threats

Answer 16

theft and fraud;
loss of confidentiality (secrecy);
loss of privacy;
loss of integrity;
loss of availability.

Question 17

Classify some examples of security threats under the various categories of threats

Answer 17

*See notes

Question 18

Describe encryption

Answer 18

• The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key.
  Symmetric Key Algorithms - A symmetric key is one key that is used for both encryption and decryption.
  Public (Asymmetric) Key Encryption - In public key systems, two keys are used for encryption/decryption.

Question 19

Relate digital certificates and data security

Answer 19

A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI).

Digital certificate authentication helps organizations ensure that only trusted devices and users can connect to their networks. Another common use of digital certificates is to confirm the authenticity of a website to a web browser, which is also known as a secure sockets layer or SSL certificate.

A digital certificate contains identifiable information, such as a user’s name, company, or department and a device’s Internet Protocol (IP) address or serial number. Digital certificates contain a copy of a public key from the certificate holder, which needs to be matched to a corresponding private key to verify it is real. A public key certificate is issued by certificate authorities (CAs), which sign certificates to verify the identity of the requesting device or user.

Question 20

What is RAID?

Answer 20

RAID (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks or solid-state drives (SSDs) to protect data in the case of a drive failure. RAID works by placing data on multiple disks and allowing input/output (I/O) operations to overlap in a balanced way, improving performance. Because using multiple disks increases the mean time between failures, storing data redundantly also increases fault tolerance.

RAID arrays appear to the operating system (OS) as a single logical drive.

RAID employs the techniques of disk mirroring or disk striping. Mirroring will copy identical data onto more than one drive.