SE-2222_DatabaseSecurity

Содержание

Слайд 2

Contents

Main Concepts
Control Measures
Common threats and challenges
Database Security Priority Areas

Contents Main Concepts Control Measures Common threats and challenges Database Security Priority Areas

Слайд 3

1. Main Concepts

Types of Security
Threats to Databases
Database Security - Part of a

1. Main Concepts Types of Security Threats to Databases Database Security -
Common System

Слайд 4

1. Types of Security

Database Security Issues

1. Types of Security Database Security Issues

Слайд 5

Company that we have analyzed

Company that we have analyzed

Слайд 6

Kaspi+Egov

Kaspi+Egov

Слайд 7

Threats to Databases

Loss of integrity. Database integrity refers to the requirement to

Threats to Databases Loss of integrity. Database integrity refers to the requirement
protect information from incorrect changes. 
Loss of availability. Database availability means the accessibility of objects to a user or program that has a legal right to these data objects.
Loss of confidentiality. Database confidentiality refers to the protection of data from unauthorized disclosure.

Слайд 8

Database security must address and protect the following:
The data in the database
The

Database security must address and protect the following: The data in the
database management system (DBMS)
Any associated applications
The physical database server and/or the virtual database server and the underlying hardware
The computing and/or network infrastructure used to access the database

Слайд 9

2. Control Measures

2. Control Measures

Слайд 10

Access control 
It includes two main components: authentication and authorization.
Authentication is a method

Access control It includes two main components: authentication and authorization. Authentication is
of verifying the identity of a person who is accessing your database. 
Authorization determines whether a user should be allowed to access the data or make the transaction he’s attempting.

Слайд 11

5. Data encryption
Database encryption is the process of converting data, within a database, in plain

5. Data encryption Database encryption is the process of converting data, within
text format into a meaningless cipher text by means of a suitable algorithm. 
Database decryption is converting the meaningless cipher text into the original information using keys generated by the encryption algorithms.

Слайд 12

Common threats and challenges

1. Human error
2. Exploitation of database software vulnerabilities
3. Denial

Common threats and challenges 1. Human error 2. Exploitation of database software
of service (DoS/DDoS) attacks
4. Malware
5. Attacks on backups

Слайд 15

Human error

Accidents,
weak passwords,
password sharing,
and other unwise or uninformed user

Human error Accidents, weak passwords, password sharing, and other unwise or uninformed
behaviours continue to be the cause of nearly half (49%) of all reported data breaches.

Слайд 16

Denial of service (DoS/DDoS) attacks

In a denial of service (DoS) attack, the

Denial of service (DoS/DDoS) attacks In a denial of service (DoS) attack,
attacker floods the target server — in this case, the database server — with so many queries that the server can no longer perform legitimate queries from real users, and in many cases the server becomes unstable or crashesor making it extremely slow.
In a distributed denial of service (DDoS) attack, a stream arrives from multiple servers, making it difficult to stop the attack.

DoS/DDoS Attacks Solutions:
security patches for operating systems,
router configuration,
firewalls
intrusion detection systems.

Слайд 17

Malware

Malware is software written specifically to exploit vulnerabilities or otherwise cause damage

Malware Malware is software written specifically to exploit vulnerabilities or otherwise cause
to the database. Malware may arrive via any endpoint device connecting to the database’s network.
Malware Solutions:
A range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present, and to recover from malware-associated malicious activity and attacks.

Слайд 18

8. Attacks on backups

Threats are compounded by the following:
Growing data volumes: Data

8. Attacks on backups Threats are compounded by the following: Growing data
capture, storage, and processing continues to grow exponentially across nearly all organizations. Any data security tools or practices need to be highly scalable to meet near and distant future needs.

Cybersecurity skills shortage: Experts predict there may be as many as 8 million unfilled cybersecurity positions by 2022..

Слайд 19

Encryption, software and applications

Encryption: ALL data—including data in the database, and credential

Encryption, software and applications Encryption: ALL data—including data in the database, and
data—should be protected with best-in-class encryption while at rest and in transit.
Database software security: Always use the latest version of your database management software, and apply all patches as soon as they are issued.
Application/web server security: Any application or web server that interacts with the database can be a channel for attack and should be subject to ongoing security testing and best practice management.

Слайд 20

Backup security: All backups, copies, or images of the database must be subject

Backup security: All backups, copies, or images of the database must be
to the same (or equally stringent) security controls as the database itself.
Auditing: Record all logins to the database server and operating system, and log all operations performed on sensitive data as well. Database security standard audits should be performed regularly.

https://www.ibm.com/cloud/learn/database-security

Backup and Auditing

Имя файла: SE-2222_DatabaseSecurity.pptx
Количество просмотров: 40
Количество скачиваний: 0