Security Issues for a Database System The biggest questions that any database system must check to ensure the proper operations of the system and the security of data within the system can be understood by following the three guidelines. The first question is to check whether the system administrators themselves are following the guidelines that have been established for the proper operations of the system. The second important question is to ensure the application of the latest patches by all the administrators of the system, This is very important as all the system administrators are not at one place and cannot directly check on each other, and the checks are essential for the security of the system. The final important question is to ensure that all the latest patches are properly tested out before they are used. If this is not done, then instead of solving the present glitches with the system, they may end up causing more problems. (Database Security)

These are very serious issues and must be dealt with in all seriousness as the fastest growing crime in the United States today is the theft of identities by outsiders who really do not possess those identities. This is only the gateway to obtain unauthorized information from the organization. This can cause misuse of information in various ways like borrowing or paying out large sums of money to different people who are not entitled to it, transferring personal purchases to other identities and thus causing harm to the individual or the organization, or even stealing large amounts of confidential data. How is this done? The normal procedure is that an individual steals somebody else's identity, and then uses that identity to collect the information from his database which is stored on the computer. There are certain security portals that the person must pass through to get at this information, and this process of gaining access is through a process known as authentication. This process is supposed to identify the individual whose database is being accessed. This process of authentication is not a part of the database itself, but is a part of the outside security facility. This may be a part of the operating system of the total system like it is in AIX, Solaris, Linux, HP-UX, Windows 2000/NT, etc. (Database Security)

In certain cases, this security is being provided by an add-on product like Distributed Computing Environment Security Services. In some of the systems there are no checks at all like Windows 95, Windows 98 and Windows Millennium. It is important for the security of the database to ensure that a security facility be made proper for access to the database. The general process of using a unique user ID and a corresponding password must be used. This must be known to only the user and the security checking people only. The user ID identifies the user to the security people or system, and the password confirms that the user is indeed the person claiming to have that user ID. (DB2 Universal Database Security) This process must be carried out in the organization as a whole, from coast to coast, as otherwise the security achieved one part of the organization will be nullified by the laxity of another part. It is very easy to approach the database of the other office from the not so secure office, and his firewall has not been configured properly. This can damage the entire database of the organization, and this can be achieved only if the seniors are looking at the total picture and not only at the small parts of the organization. (Database Security)

The flaws in the security system for any database come from the securities at different points - server security, database connections, table access control and restriction of database access. The first point mentioned is the most important. In...

Once they know that it exists, there is an increase in the temptation to get at that data. For this purpose, the dynamic web pages of any system that can be accessed by most people within an organization should be housed in a different machine, and this is required so that the system can be accessed at a fast enough speed. From this, the data can be loaded on to the main web server of the organization, but only selected people should be able to access the web server. This will help in the preservation of serious data for the people who deserve access to the data. This will prevent misuse of the important data that is stored in the web server. (Database Security)
We have already entered the second area of the security system - the client workstations. Here, some of the workstations exist that are not having a tightly integrated security facility, and are also not tightly checked for security during use. This can even happen due to the systems that are being used there like Windows 95, Windows 98 and Windows Millennium. When these systems are being used, those stations must be automatically treated as un-trusted clients, and they cannot have access to the main database. The trusted clients who have to have access to the main database have to use operating systems that contain an integrated security facility like Windows NT, Windows 2000, all supported versions of Unix, etc. This should be used as the first step to establish the authenticity of the connection. (DB2 Universal Database Security)

Then it is evaluated for the authorities and privileges that can be given by the DB2 Database Manager. The privileges may be individually assigned, or even assigned as a group. This will tell the database the operations that the user is permitted to do. Authorities give the user the right to perform certain high level administrative, maintenance or utility functions with the database. The privileges of the user permit him to use the database in different ways like formation of tables and views. The users are permitted to work with only those objects for which they have the required authorization and if they try to enter any other area, the permission will not be given by the DB2 Database Manager. If these cause problems for some users, the status of any individual user can be changed by using the add user command. In certain cases even the add group command may be used, or in certain cases the privileges may even be removed by using the revoke user command. These actions have to be looked at very carefully by the database management so that the proper privileges are only granted. (DB2 Universal Database Security)

The next important question is that of table access control, and the proper application of this requires a lot of application of logic. This will require a lot of collaboration between the system administrator and the database developed. A simple example would be the facility that is available to a table which inputs the information to the database. When the person is feeding in the data, then he should not have a requirement to look at the data in the same period. If a person just needs to refer to the data, then why should he have any facility other than read available? These are the main questions in the area of database security, and the main area where security is required is that of the server. These are most often attacked through the Internet and the attacks through the Internet have been very common recently. The first step will be an attempt to find out whether the machine is at a specific address. This is done by pinging the system. These attacks…