Database Security

CSS330-1704A-01

Database Security

Clifton Myers

25 OCT 2017

Contents

Database Security Architecture        3

User Account Security        7

Auditing Techniques        11

References        17

Database Security Architecture

        Databases are system that utilized daily by nearly every industry or business make it easier to analyze or access important information quickly. Databases are made up of two primary parts; the data used in database and the schema, which is the structure of the database. Databases come in many different types to meet all different types of business needs and regulatory requirements. Every industry is different and governed by different industry standards and regulatory requirements, therefore their need to be databases who meet these requirements. For example in the medical field there is a U.S. law called Health Insurance Portability and Accountability Act also known as HIPAA, this law requires that all reasonable attempts are made to protect patient’s sensitive medical records. If a hospital or other medical entity that must comply with HIPAA needs to employ a database it is necessary that the database uses features that will meet those requirements. In a case like this the medical organization may not want to use a database that will allow all users, but all nurses and doctors, to search patients by prognosis or treatments administered.

        How are access control, data flow, queries, and other important features of the databases managed though? This is job is done by specialized software programs called Database Management Systems (DBMS). DBMSs are made up of multiple parts that make a database successful, two of those being the query processing software and the storage management software. The query processing software is important because this regulates how queries are processed and what output should displayed for what users. The storage management software controls how the data is storied within the database. Just like there are many different types of databases there are also many different types of DBMSs to maintain and manage the wide variety of database configurations. For example there may databases that a part of an enterprise environment which has user from around the world or at least multiple location s accessing the database at once, in this a case the DBMS would have to be robust enough to accommodate this kind of traffic.

Network infrastructure is the hardware and software devices of a network that make connectivity, communication, and management possible for your network. It provides the communication path and services between users, processes, applications, services and external networks/the internet. The network infrastructure that supports a database can vary in configuration and size depending on where the database resides on your network and how it needs to be accessed by your users. A database may need to be accessible by customers who are outside your organization’s internal network. How can this be done without exposing sensitive customer or organizational data to extreme risk by having it accessible from the internet? A common network configuration that a lot of organizations employ in instances like this is using public-facing web servers that reside in their Demilitarized Zone or DMZ while keeping the actual database and DBMS on a server within the organization’s internal network. This allows for there to be a less attack surface, or ways that an attacker could possible gain unauthorized access to the database and DBMS. The public-facing web server would host a webpage with a place on it for outside users of the database to authenticate themselves so that an encrypted tunnel, using a web app, can be established for queries to be run against the database and user get the data they need. Once the outside user authenticates themselves there queries, or requests for data from the database would pass through the firewall that separate the DMZ from the first internal router. A firewall rule will be set to allow authenticated user’s requests to pass through and all other requests to be denied entry into the internal network. Once the request has passed through the firewall it will reach the internal router which will use its prebuilt routing table to route the request to the appropriate server which contains the database and the DBMS. The DBMS will match the user’s credentials and verify that the user has the right to query the database. Next the DBMS will validate that query from the user is valid and allow it to be run. When the query is successfully run, the data will then be displayed back to the user based through the encrypted tunnel previously created. Once the user has completed the queries they need to run, they will log off the web app, which will tear down the encrypted tunnel.