For Business And Large Networks

Physical Security And User Authentication:

Database security is best implemented as part of a broader security control plan. The plan should begin with physical security measures for building itself, with special precautions for the computer room. Designing a physically security measures for the building itself, with special precautions for the computer room. Designing a physically secure building is clearly outside the domain of the database designer. However, the DBA or data administrator should be able to suggest measures that would control access to database facilities. Often by using badges, hand prints, sign in or other mechanisms. Additional identification should be required to enter the computer room itself. Physical security measures should be extended to cover any location where off line data such as backups are stored as well.

Because physical security of individual terminals may be difficult to implement, security control of terminals requires authentication of users. Authentication means verifying the identity of the user, checking to ensure that the actual user is who he or she clams to be. It is usually implemented at the operating system level. When the user signs on, he or she enters a user ID, which is checked for validity. The system then has a user profile for that ID, giving information about the user, the profile normally includes a password, which is illegally known only to the user. Passwords should be kept secret and change frequently. A simple security precaution is for the system to require that passwords be changed monthly. The system should obviously never display passwords at sign in time, and the stored profiles should be kept secure, possibly in encrypted form. Although passwords are the mostly used authentication method, they are not very secure, since some users write them down, choose words that are easy to guess or they log on. In others, voice, finger prints or physical characteristics of the user are examined. Some use an authentication procedure rather than a single password. A procedure might consist of answering a series of questions and would take longer and be more difficult to reproduce than a password. Authentication is usually done only at the operating system level. At the very least, this would require that the user produce an additional password to access to a database.

Security Policy: System of safeguard for protecting information technology against disasters, systems failure, and authorized access that can result in damage or loss. Four components of security are identification and access, encryption, protection of software and data, and disaster recovery plans. Why it’s important: with proper security, organizations and individuals can minimize information losses from disasters, system failures, and UN authorized access.

Security threats can occur either accidentally or deliberately. Some examples are accidentally security violations are:

1) The user may unintentionally request an object or an operation for which he or she should not be authorized, and the request may be granted because of an oversight in authorization procedures or because of an error in the database management system or operating system.

2) The person must accidentally be sent a message that should be directed to another user, resulting in unauthorized disclosure of database contents.

3) A communication system error may result in connecting a user to a session that belongs to another user with different access privileges.

4) Occasionally, the operating system may accidentally overwrite files and destroy part of the database, may fetch the wrong files and then inadvertently send them to the user, or may fall to erase files that should be destroyed.

Thus security can be done or measured by the methods given above and it is an important part of every organization.