Potential Threats to the Database - Case Study Example

Potential Threats to the Database and Ways to Ensure Database Security Table of Contents 1- Introduction A database is a collection of interrelated files. Presently all the corporations run their business through the database technology. Additionally, this technology component has become a vital part of almost every business and corporation. However, with the increase in use of the databases, the rate of attacks against these databases has as well increased. Thus, at the present, there are a lot of issues and scenarios that can crate serious problems to the security and confidentiality of the data. Just as a corporation locks file cabinets having necessary data files and documents should be protected. In the same way, database security needs a bit more consideration and up-front endeavor than physical security; however it is necessary to stop data theft and corruption (Fulkerson et al., 2002; Lunt & Fernandez, 1990; Anjard, 1994). This paper presents a detailed analysis of the potential threats to the database as well as ways of ensuring database security. The aim of this research is to discuss the threats that can create problems for the security of databases and present the ways or techniques that can be adopted to ensure the security of databases. 2- Database Attacks! Main Reasons Databases require having higher level of security to defend against malicious and accidental threats. In this scenario, a threat is some kind of situation that can badly affect the database system and data inside it. Additionally, the attacks on database are increasing day by day due to improvements in technology and online web. However, there is an important question that is “what is the cause behind database attacks?”. The answer to this question is increase in access to data stored in databases. For instance, the data stored in a database is accessed by a number of people (employees, customers etc), thus the probability of data theft augments. However, another reason of database attack can be earning money by selling sensitive business, personal or economic information such as social security numbers, credit card numbers. This can be done by hackers or corporation’s employees (Anuramn, 2010; Castano et al., 1995; Beaver, 2010; Hoffer et al., 2007, p.500). 3- Main Database security Threats and Sources of threats The database is typically assumed to be trustworthy. Additionally, the objective behind this assumption is to achieve security in opposition to outside attacks and also against users trying to attain information outside their rights. In addition, the issues and threats to data security mean security threats to the database. In this scenario, a person (employee, customer, or hacker) who is able to access a database can peruse, change, or even steal the data. Thus, focusing only on database security is not enough to ensure the database security. However, all the elements of the corporation should be confined, such as database, the network, the operating system, employees who have any chance to use the system, and the building(s) in which the database exists actually (Maurer, 2004; Hoffer et al., 2007, p.500). 4- Types of database security threats and Ways of ensuring database security This section presents some important database security threats. This section will outline the security threats and ways to ensure database security. 4.1- Database root-kits The root-kit is an application program or written procedure that is placed deliberately inside the database using some hidden means. Additionally, this program presents a number of administrator-level rights to access and retrieve secret data in the database. In addition, these root-kits can turn off alerts triggered through some attached IPS (Intrusion Prevention Systems). The solution is to install root-kit software simply after compromising the fundamental operating system security access. Moreover, this is able to be avoided through periodical audit trails (Anuramn, 2010). 4.2- Operating System vulnerabilities Outsider attacks and vulnerabilities in fundamental operating systems like that UNIX, Windows, Linux, etc., as well as the services that are connected to the databases could cause illegal access to database. Additionally, this can take to a DoS (Denial of Service) attack. However, this could be prohibited by updating the operating system associated security patches that are obtainable in case of any problem acceptance as when they become available (Anuramn, 2010). 4.3- Privilege abuse The database users are offered with privileges according to their day-to-day job conditions; however, they can use these privileges in wrong way. Also, this can be done unintentionally or intentionally. For instance, a corporation assigns a “work from home” choice to its workers as well as the worker takes a backup of important and sensitive business data to work from his home. Thus, this not simply breaches the security policies of the company but also breaks data security if the business system at home is compromised. In this scenario to establish a tight security practice there is need to carry out strict authentication policy, which offers some restricted options to its employees in handling the system (Anuramn, 2010). 4.4- Weak authentication The weak authentication of database allows attackers to apply strategies like that social engineering and brute force to acquire database login credentials and identity of legal database users. However, to deal with these issues, there are tight procedures such as especial login procedures to databases and proper rights to users of database (Ponemon, 2007; Anuramn, 2010; Shulman, 2007). 4.5- Weak audit trails There is another reason of the security threat that is weak audit logging system in a database server that signifies a critical risk to a corporation particularly in financial, retail, healthcare, and other businesses through inflexible regulatory compliance. In this scenario, the Audit trails take action as the last line of database protection. Additionally, the Audit trails are able to identify the existence of an infringement that could facilitate trace back the abuse to a particular point of time as well as a particular user (Shulman, 2007). Conclusion Since the databases are precious and important to the businesses thus they need to be protected. In the past, the techniques of personal identification numbers (PINs) and passwords have been used to authorize the access to databases and still these methods are in use. Additionally, the databases can also be protected by some efforts for instance upholding physical security and training and guiding users (such as employees, customer, and vendors) about security. On the other hand, at the present, computer crimes have become biggest challenge and modern tools and technologies are making it simple to access, retrieve, and distribute a huge amount of data and information, both public and private databases, thus they need better ways to protect these databases through authorized ways. Moreover, illegal access to databases is the main reason of significant damage to commercial interests (Gallegos, 2000). This paper has presented a detailed analysis of some of the main aspects regarding the potential threats to the database and ways of ensuring database security. This paper has outlined some important aspects that can cause potential risks to the database security. This paper has also suggested initiatives and ways to protect the database. 6- Bibliography Anjard, R.P., 1994. The Basics of Database Management Systems (DBMS). Industrial Management & Data Systems, 94(5), pp.11-15. Anuramn, 2010. Threats to Database Security. [Online] Available at: http://www.brighthub.com/computing/smb-security/articles/61554.aspx [Accessed 03 May 2010]. Beaver, K., 2010. Database security threats include unruly insiders. [Online] Available at: http://searchsqlserver.techtarget.com/tip/Database-security-threats-include-unruly-insiders [Accessed 02 May 2010]. Castano, S., Fugini, M.G., Martella, G. & Samarati, P., 1995. Database security. New York: Addison-Wesley. ComputingStudents.com, 2009. Database Security Threats and Countermeasures. [Online] Available at: http://www.computingstudents.com/notes/database_systems/database_security_threats_countermeasures.php [Accessed 01 May 2010]. Fulkerson, C.L., Gonsoulin, M.A. & Walz, D.B., 2002. Database Security. Strategic Finance, 84(6), pp.48-53. Gallegos, F., 2000. Database Protection: Selected legal and technical issues. Information Systems Security, 9(1), p.44. Hoffer, J.A., Prescott, M.B. & McFadden, F.R., 2007. Modern Database Management, Eighth Edition. New York: Pearson Education, Inc. Lunt, T.F. & Fernandez, E.B., 1990. Database Security. ACM SIGMOD Record, 19(4), pp.90-97. Maurer, U., 2004. The role of cryptography in database security. In International Conference on Management of Data, Proceedings of the 2004 ACM SIGMOD international conference on Management of data. Paris, France, 2004. ACM New York, USA. Ponemon, L., 2007. Database Security 2007: Threats and Priorities within IT Database Infrastructure. Traverse City: Ponemon Institute, LLC Ponemon Institute. Secerno, 2006. External Threats to your Data. [Online] Available at: http://www.secerno.com/?pg=threats-to-data [Accessed 01 May 2010]. Shulman, A., 2007. Top Ten Database Security Threats, How to Mitigate the Most Significant Database Vulnerabilities. White Paper. Foster City: Imperva, Inc. Read More