Database Security

Databases are often the backbone of an organization; Its’ transactions, customers, employee info,
financial data for both the company and its customers, and much more are all held in databases.

Database security refers to the collective measures used to protect and secure a database or
database management software from illegitimate use and malicious threats and attacks. It is a broad
term that includes a multitude of processes, tools and methodologies that ensure security within a
database environment.

Database security covers and enforces security on all aspects and components of databases. This
includes:

 Data stored in database

 Database server

 Database management system (DBMS)

 Other database workflow applications

With the growing prevalence and importance of data driven processes and systems and ever-
increasing records, the need to store data securely cannot be undermined. As more and more
organisations adopt database systems as the key data management technology for their daily
operations and decision making, the security of data managed by these systems becomes crucial.
Database security is a broad area that addresses many issues such as legal and ethical issues
regarding the right to access certain information- for example, some information may be deemed to
be private and cannot be accessed legally by the unauthorised organisations or persons. In some
organisations such as the military, hospitals etc. There is a need to identify multiple security levels
and categorise the data and users based on these classifications- for example, top secret, secret,
confidential and unclassified. The security policy of the organisation with respect to permitting
access to various classifications of data must be enforced.

Database security is generally planned, implemented and maintained by a database administrator

and or other information security professional. Some of the ways database security is analyzed and
implemented include:

 Restricting unauthorized access and use by implementing strong and multifactor access and
data management controls.

 Load/stress testing and capacity testing of a database to ensure it does not crash in a
distributed denial of service (DDoS) attack or user overload.

 Physical security of the database server and backup equipment from theft and natural
disasters.

 Reviewing existing system for any known or unknown vulnerabilities and defining and
implementing a road map/plan to mitigate them.

Moving to the next slide, let us discuss in detail about the CIA Principle.
A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity
and Availability; three key principles which should be guaranteed in any kind of secure system. This
principle is applicable across the whole subject of Security Analysis, from access to a user's internet
history to security of encrypted data across the internet. If any one of the three can be breached it
can have serious consequences for the parties concerned.

Confidentiality: - Confidentiality is the ability to hide information from those people unauthorised to
view it. It is perhaps the most obvious aspect of the CIA triad when it comes to security; but
correspondingly, it is also the one which is attacked most often. Cryptography and Encryption
methods are an example of an attempt to ensure confidentiality of data transferred from one
computer to another.

Integrity: - The ability to ensure that data is an accurate and unchanged representation of the
original secure information. One type of security attack is to intercept some important data and
make changes to it before sending it on to the intended receiver.

Availability: - It is important to ensure that the information concerned is readily accessible to the
authorised viewer at all times. Some types of security attack attempt to deny access to the
appropriate user, either for the sake of inconveniencing them, or because there is some secondary
effect. For example, by breaking the web site for a particular search engine, a rival may become
more popular.

A complete solution to data security must include confidentiality, integrity and availability.
Confidentiality or secrecy refers to the protection of data against unauthorised disclosures.
Unauthorised, unanticipated, or unintentional disclosure could result in loss of public confidence,
embarrassment, or key action against the organisation. Integrity refers to the prevention of the
unauthorised and improper modification of data. If the loss of system or data integrity is not
corrected, continued use of the contaminated system or corrupted data could result in inaccuracy,
fraud, or erroneous decisions. Database availability refers to making objects available to a human
user or a program to which they have a legitimate right to prevent hardware and software errors
and malicious data denials. Let us consider an example of a datives storing information of patients in
a hospital, Since the data of patients is confidential and its secrecy must be maintained in order to
maintain the privacy of patients, the records must be modified and viewed only by the users who are
properly authorised. In order for the patients to be taken good care of, data integrity must be
ensured so the medical history as stored in the databases can be relied upon by doctors’ disposal for
their diagnosis. At the same time, it is very important that this data is available at the doctors’
disposal at any time they need it for speedy diagnosis. Data confidentiality can generally be ensured
by access control mechanisms and encryption techniques. Access control mechanisms keep a check
on the rights of users against a set of authorisations. An authorisation is a permission allowing a
subject can perform a particular action on an object. In this figure we see how encryption can ensure
confidentiality. The data is first encrypted at the sender’s end and then decrypted at the receiver’s
end using the same secret key. The main issue in this context is how efficiently can operations be
performed on encrypted data.

Having Discussed about the CIA triad lets now discuss about the various types of cyber
threats and countermeasures to deal with them
With the increase in usage of databases, the frequency of attacks against those databases has also
increased. Database attacks are an increasing trend these days. One reason for that is the increase in
access to data stored in databases. When the data is been accessed by many people, the chances of
data theft increases. Another reason for database attacks is to gain money selling sensitive
information, which includes credit card numbers, Social Security Numbers, etc. Now let's look at the
various types of threats that affect database security.

1. Privilege abuse: When database users are provided with privileges that exceeds their day-to-
day job requirement, these privileges may be abused intentionally or unintentionally.
Take, for instance, a database administrator in a financial institution. What will happen if he
turns off audit trails or create bogus accounts? He will be able to transfer money from one
account to another thereby abusing the excessive privilege intentionally.

2. Weak audit trails: A weak audit logging mechanism in a database server represents a critical
risk to an organization especially in retail, financial, healthcare, and other industries with
stringent regulatory compliance. Regulations such as PCI, SOX, and HIPAA demand
extensive logging of actions to reproduce an event at a later point of time in case of an
incident Audit trails can detect the existence of a violation that could help trace back the
violation to a particular point of time and a particular user.

3. Database injection attacks. The two major types of database injection attacks are SQL
injections that target traditional database systems and NoSQL injections that target “big data”
platforms. A crucial point to realize here is that, although it is technically true that big data
solutions are impervious to SQL injection attacks because they don’t actually use any SQL-
based technology, they are, in fact, still susceptible to the same fundamental class of attack,
In both types, a successful input injection attack can give an attacker unrestricted access to
an entire database.

4. Exploitation of vulnerable databases. It generally takes organizations months to patch

databases, during which time they remain vulnerable. Attackers know how to exploit
unpatched databases or databases that still have default accounts and configuration
parameters. Unfortunately, organizations often struggle to stay on top of maintaining
database configurations even when patches are available. Typical issues include high
workloads and mounting backlogs for the associated database administrators, complex and
time-consuming requirements for testing patches, and the challenge of finding a maintenance
window to take down and work on what is often classified as a business-critical system.
To protect the database system from these threats, some countermeasures in-place are

Access Control: - A database for an organization contains a great deal of information and usually has
several users. Most of them need to access only a small part of the database. A policy defines the
requirements that are to be implemented within hardware and software and those that are external
to the system, including physical, personal, and procedural controls.

Flow Control: - Flow control provides the flow of information among accessible objects. Flow
controls check that information contained in objects does not flow explicitly or implicitly into less
protected objects.

Encryption: - An encryption algorithm should be applied to the data, using a user-specified

encryption key. The output of the algorithm is the encrypted version. There is also a decryption
algorithm, which takes the encrypted data and a decryption key as input and then returns the
original data.
Inference Control: - It attempts to prevent users to infer classified information from rightfully
accessible chunks of information with lower classification. Computer security professionals install
protocols into databases to prevent inference attacks by software.

Proceeding the discussion and heading towards the next slide let us discuss one of the most
important access control method: Role Based access Control Model.

RBAC
Role-based access control (RBAC) is a method of access security that is based on a person’s role
within an organization and has become one of the main methods for advanced access control. The
roles in RBAC refer to the levels of access that employees have to the network.

Employees are only allowed to access the information necessary to effectively perform their job
duties. Access can be based on several factors, such as authority, responsibility, and job competency.
In addition, access to computer resources can be limited to specific tasks such as the ability to view,
create or modify a file.

As a result, lower-level employees usually do not have access to sensitive data if they do not need it
to fulfil their responsibilities. This is especially helpful if an organisation has many employees and
uses third-parties and contractors that make it difficult to closely monitor network access. Using
RBAC helps in securing organisation’s sensitive data and important applications.

The access models like RBAC are implemented in databases using fully committed software called
IDS.

As an example, let us consider this figure that represents a typical institution hierarchy. The top-level
management has the privilege to access data belonging to their subordinates and also grant
permissions or revoke permissions, but they don’t enjoy the privilege to access the data belonging to
their comrades, or in other words horizontal sharing is not permitted whereas vertical inheritance is
an inherent feature of RBAC.

Continuing To the Next Slide, We will now be discussing the Intrusion Detection system.

An intrusion detection system (IDS) is a device or software application that monitors a network or
systems for malicious activity or policy violations. Any malicious activity or violation is typically
reported either to an administrator or collected centrally using a security information and event
management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses
alarm filtering techniques to distinguish malicious activity from false alarms.

An IDS may be classified as:

1. Anomaly-based: - Anomaly-based intrusion detection systems were primarily introduced to

detect unknown attacks, in part due to the rapid development of malware. The basic
approach is to use machine learning to create a model of trustworthy activity, and then
compare new behaviour against this model. Although this approach enables the detection of
previously unknown attacks, it may suffer from false positives: previously unknown
legitimate activity may also be classified as malicious.
2. Misuse detection: - In misuse detection approach, abnormal system behaviour is defined
first, and then all other behaviour is defined as normal. It stands against the anomaly
detection approach which utilizes the reverse: defining normal system behaviour first and
defining all other behaviour as abnormal. With misuse detection, anything not known is
 normal. An example of misuse detection is the use of attack signatures in an intrusion
detection system. Misuse detection has also been used more generally to refer to all kinds of
computer misuse. Its advantage is the simplicity of adding known attacks to the model. Its
disadvantage is its inability to recognize unknown attacks.

Concluding this presentation we will be discussing a few integral areas where Database security and
IDS play key role.

Financial Institutions: Record of transactions, accounts, lockers, cash flows etc require security of
databases on the whole. Dedicated IDS are employed for the purpose.

Military Institutions hold responsibility to secure information about secret weapons, military plans,
locations and personnel information.

Medical organisations employ efficient software to secure confidential information related to history
of diseases, medication data, hospital policies, salaries etc.