Friday, 17 August 2018

DATA SECURITY RISKS


A threat is any situation, event or personnel that will adversely affect the database and the smooth and efficient functioning of the organization. The harm may be tangible, such as loss of data, damage to hardware or software or intangible such as loss of customer goodwill or credibility and so on.

The integrity and privacy of data are at risk from unauthorized users, external sources listening in on the network, and internal users giving away the store.

  •                 Data Tampering

Privacy of communications is essential to ensure that data cannot be modified or viewed in transit. Distributed environments bring with them the possibility that a malicious third party perpetrate a computer crime by tampering with data as it moves between sites. In modification attack, an unauthorized party on the network intercepts data in transit and parts of that data before retransmitting it.

  •                 Eavesdropping and Data Theft

Data must be stored and transmitted securely, so that information such as credit numbers cannot be stolen. Over the Internet and in Wide Area Network (WAN) environments, both public carriers and private network owners often route portions of their network through insecure landlines, extremely vulnerable microwave and satellite links, or a number of servers. This situation leaves valuable data open to view by any interested party. In Local Area Network (LAN) environments within a building or campus, insiders with access to the physical wiring can potentially view data not intended for them.

  •                 Falsifying User Identities

In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information.  A transaction that should go from the Personnel system on Server A to the Pay ­system on Server B could be intercepted in transit and routed instead to a terminal pretending as Server B.

  •                 Password-Related Threats

Users typically respond to the problem of managing multiple passwords in several ways:
                They may select easy-to-guess passwords-such as a name, fictional character, or a Word found in a dictionary. All of these passwords are vulnerable to dictionary attacks.
                They may also choose to standardize passwords so that they are the same on all machines or web sites.
                They can also use passwords with slight viria|ion{ |hit(cin(bm ma{ily(dmrived from known passwords.
Users with complex passwords may write them down where an attacker can easily find them, or they may just forget them-requiring costly administration and support efforts.

  •                 Unauthorized Access to Tables and Columns

The database may contain confidential tables, or confidential columns in a table, which should not be available indiscriminately to all users authorized to access the database. It should be possible to protect data on a column level.

  •                 Unauthorized Access to Data Rows

Certain data rows may contain confidential information that should not be available indiscriminately to users authorized to access the table. For example, in a shared environment businesses should have access only to their own data; customers should be able to see only their own orders. Systems must therefore be flexible and should be able to support different security policies depending on whether you are dealing with customers or employees. For example, you may require stronger authentication for employees (who can see more data) than you do for customers. Or, you may allow employees to see all customer records while customers can only see their own records.

  •                 Lack of Accountability

If the system administrator is unable to track users' activities, then users cannot be held responsible for their actions. There must be some reliable way (such as audit trails) to monitor who is performing what operations on the data.

  •                 Complex User Management Requirements

Systems must often support thousands-or hundreds of thousands-of users and therefore they must be scalable. In such large-scale environments, the burden of managing user accounts and passwords makes your system vulnerable to error and attack. You need to know who the user really is-across all tiers of the application-to have reliable security. Administration of thousands, or hundreds of thousands of users, is difficult enough on a single system. This burden is compounded when security must be administered on multiple systems. To meet the challenges of scale in security administration, you should be able to centrally manage users and privileges across multiple applications and databases, using a directory based on industry standards. This can reduce system management costs and increase business efficiency.


  • DIMENSIONS OF DATABASE SECURITY

To protect all the elements of complex computing systems, you must address security issues in many dimensions.

  •                 Hardware or Physical Infrastructure - The hardware could be damaged due to a number of reasons from power surges to fire or other natural calamities or due to sabotage by antisocial elements. Your computers and other equipment must be physically inaccessible to unauthorized users. The equipment could be damaged due to electronic interference or radiation. This means that you must keep them in a secure physical environment.

  •                 DBMS and Application Software - The DBMS could be damaged by unauthorized personnel. They could corrupt or delete the data in the databases. The application programs could be altered or damaged. The programs and data could be stolen and could be used against you. This could happen if the security mechanism is not good enough or if it fails and gives access to unauthorized people.

  •                 Personnel - There are a number of people who interact with the DBMS and the databases-database administrators, security officers, network administrators, application administrators, application developers, other users, etc. All these people could do damage to the system if they want. The DBAs and security officers could give database access to the wrong people or if they are not good the security countermeasures and policies they design and implement might not be good enough to prevent an attack on the database. Application programmers could create trapdoors in their programs, which could be used for gaining unauthorized entry to the database. They could make program alterations and develop programs that are not secure. Users could give away their user IDs and passwords either intentionally or unintentionally. They could access, view and copy confidential data. So the people, especially the people responsible for system administration and data security at your site must be reliable. You may need to perform background checks on DBAs before making hiring decisions.

  •                 Procedural - The procedures used in the operation of your system must assure reliable data. For example, one person might be responsible for database backups. Her only role is to be sure the database is up and running. Another person might be responsible for generating application reports involving payroll or sales data. His role is to examine the data and verify its integrity. It may be wise to separate out users' functional roles in data management. There should be sound security policies and efficient people to implement it.

  •                 Technical – Storage, access, manipulation, and transmission of data must be safeguarded by technology that enforces your particular information control policies.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)