Comparison of Security Features in DB2 and MS Access - Research Paper Example

Comparison of security features in DB2 and MS access of Learning Introduction Database security is an important aspect that ensures that data availability, integrity and confidentiality are enhanced at all time in relational database. A secure database is important in the creation an efficient information system in an organization as it reduces the threat of information disclosure, data alteration and creation of inferences on classified data. DB2 and MS access database are both relational database and hence face the threats mentioned above. However, various measures such as encryption, auditing, access control and authentication when properly applied helps in securing stored data (Yu & Jajodia, 2007). This paper will compare some of the security features in DB2 and MS access from IBM and Microsoft Corporation respectively. Access Control This control ensures that the access to the information stored in the database follow the laid down policy regarding data protection (Chao, 2006). DB2 has three main forms of controls; Operations control - In addition it does not allow the mixing of write and read requests such that when writing the readers are blocked and vice versa. Row and Column Control - in this feature one can restrict the access to the rows and completely hide the columns from the view of the user. Label-Based Control- this form of control is very efficient in the management of classified data due to its multi-level security. On the other hand, MS access uses a security system made up of four parts. These parts are: workgroup, permission assignment, ownership, user level and work groups and accounts. A workgroup comprises of those users who share similar data in the database and are usually listed in the database file. Ownership security feature facilitates the establishment and differentiation of accounts to help determine the ownership of database as well as the objects. Permission assignment holds the different levels of authority granted to different users and groups while using database objects. User level security is tasked at controlling the kind of data that a particular user should be allowed to access (e.g. preventing the sales personnel from accessing accounting data) and restricting the actions that can be performed on those particular data. Work groups and accounts are located in the System.mdw information file which filters the information that can be accessed by different groups and user during Microsoft Access start up. To compliment the above system, MS access also offer accde and mde file format which deter the user making any changes to he object (Allison & Berkowitz, 2005). This security feature mainly helps to protect the design form alteration by user since the files are execute-only versions. Inference Policy This policy helps to protect secured information from detection by unauthorized users by use of inferences. This is due to the tendency of users’ uses the authorized information to try to infer what he is unauthorized to view based on his knowledge and work related experience. DB2 has a row-level security labelling with very strict security requirements to allow data access. A user can not access or update data if he is not allowed by his security label to do so. On the other hand, MS access has no inbuilt security measure to deter cases of inference (Chao, 2006). However, it is possible to initiate row level security configuring security views and labels. Unfortunately, the form of security created by these ensures are lower compared to those in the DB2. User Identification/Authentication This involve the verification of the identity of the user to either allow or disallow him access to the database by comparing the user ID and password. An authentication security plug-in located outside the DB2 database system is used to verify the user identity (Chao, 2006). It can be configured to facilitate authentication through an operating system, Kerberos or Lightweight Directory Access Protocol (LDAP) server. In addition, custom plug-ins for authentication purposes are supported by DB2 which offer the much needed flexibility that helps to match specific authentication requirements. To access the database in MS access, authentication procedures features three types of passwords namely: database, security accounts and visual basic modules passwords (Friedrichsen, 2014). The system.mdw file in MS access houses three types of accounts for different categories of user. These include: admin (default user account), admins (administrators’’ group account) and users (contain all users accounts). Accountability and auditing Auditing involves keeping record of activities done by a user to help track his actions on the information on the database. Auditing of database objects enhance accountability among users and help to fix any anomalies that may exist in the database. The audit trail created can help in detection of security breaches and determine the user responsible for that action. DB2 has an administrator tool that helps create n audit trail referred to as db2audit.the audit record is captured at the instance level and database level. It also has a configuration option for audit trail which can be either done synchronously or asynchronously (Sumathi & Esakkirajan, 2007). The audit facility in DB2 enhances monitoring of information to maintain the integrity of the database. On the other hand, MS access has Data macros that enable tracking on the table level which is more efficient than using the tracking module (Friedrichsen, 2014). Encryption This involves the encoding of information to make it accessible using a decryption key which mainly work as final layer of defence. DB2 uses software, the Database Encryption Expert to encrypt database information for enhanced security against numerous threats. It has a function that ensures that applications can use the RC2 block cipher for data encryption of values on the column level. The software creates a unified key management and policy that enable protection of off-line, on-line data and data in transit (Yu & Jajodia, 2007). On the other hand MS access uses symmetric cryptography for data encryption where the key used is the same for encryption and decryption. While encrypting the database the user is prompted to generate a strong password which will be used for the decryption process (Allison & Berkowitz, 2005). Data Forensic Data forensic involve the retrieval of persistent and volatile data for legal purposes or to aid an investigation. DB2 uses the iData Agent to restore or recover corrupt portions or entire database (Sumathi & Esakkirajan, 2007). The physical; files are first restored before recovering the database. Some of the restore types used include: DB2 system or user database restoration and recovery Recovery and restoration of portions of the database History files restoration Log files restoration Data corruption in MS access is repaired using the Compact and Database command. Instances of data corruption mostly occur if the database is shared among many users. In most cases, database corruption does not lead to data loss since it is only limited to action done by the last user (Allison & Berkowitz, 2005). Using the Compact and Database command, it is possible to carry out a repair though some data may be rendered irrecoverable. Database splitting can help minimizes instances of data loss since the files are stored separately. Conclusion It is clear from the above comparison; DB2 database has more stable security features than MS access. It is well designed to handle security threat from inferences which is very hard to handle in most relational database. Other crucial features involve securing data in transit which may prevent cases of information leakage during transmission over the internet. Therefore, DB2 database would be recommendable in organization handling classified and sensitive data over MS access. References Allison, C., & Berkowitz, N. A. (2005). SQL for Microsoft Access. Plano, TX: Wordware Pub. Chao, L. (2006). Database development and management. Boca Raton, FL: Auerbach Publications. Friedrichsen, L. L. (2014). Microsoft Access 2013: Advanced. Sumathi, S., & Esakkirajan, S. (2007). Fundamentals of relational database management systems. Berlin: Springer. Yu, T., & Jajodia, S. (2007). Secure data management in decentralized systems. New York: Springer. Read More