Database Security

What Does Database Security Mean?

Database security refers to the collective measures used to protect and secure a
database or database management software from illegitimate use and malicious
cyber threats and attacks.

Database security encompasses multiple controls, including system hardening,

access, DBMS configuration, and security monitoring. These different security
controls help to manage the security protocols.

Why is database security important?

Data security is an imperative aspect of any database system. It is of particular

importance in distributed systems because of large number of users, fragmented
and replicated data, multiple sites and distributed control.
Types of Security
Database security is a broad area that addresses many issues, including the
following:
■ Various legal and ethical issues regarding the right to access certain
information—
for example, some information may be deemed to be private and cannot be accessed
legally by unauthorized organizations or persons.

■ Policy issues at the governmental, institutional, or corporate level as to what

kinds of information should not be made publicly available—for example, credit
ratings and personal medical records.

■ System-related issues such as the system levels at which various security

functions should be enforced—for example, whether a security function should be
handled at the physical hardware level, the operating system level, or the DBMS
level.
■ The need in some organizations to identify multiple security levels and to
categorize the data and users based on these classifications—
Threats in a Database

Availability loss − Availability loss refers to non-availability of database objects

by legitimate users. i.e making objects available to a human user or a
program to which they have a legitimate right.

•Integrity loss − Integrity loss occurs when unacceptable operations are

performed upon the database either accidentally or maliciously. This may happen
while creating, inserting, updating or deleting data. It results in corrupted data
leading to incorrect decisions.

•Confidentiality loss − Confidentiality loss occurs due to unauthorized or

unintentional disclosure of confidential information. It may result in illegal
actions, security threats and loss in public confidence.

To protect databases against these types of threats, it is common to implement

four kinds of control measures: access control, inference control, flow
control, and encryption
Measures of Control
The measures of control can be broadly divided into the following categories
−
•Access Control − Access control includes security mechanisms in a
database management system to protect against unauthorized access. A
user can gain access to the database after clearing the login process through
only valid user accounts. Each user account is password protected.

•Flow Control − Distributed systems encompass a lot of data flow from one
site to another and also within a site. Flow control prevents data from being
transferred in such a way that it can be accessed by unauthorized agents. A
flow policy lists out the channels through which information can flow. It also
defines security classes for data as well as transactions.

•Data Encryption − Data encryption refers to coding data when sensitive

data is to be communicated over public channels. Even if an unauthorized
agent gains access of the data, he cannot understand it since it is in an
incomprehensible format.
The database provides various types of access controls among that the
major two types of database security mechanisms are:
•Discretionary Access Control (DAC)
•Mandatory Access Control (MAC)

Discretionary security mechanisms. These are used to grant privileges to

users, including the capability to access specific data files, records, or fields
in a specified mode (such as read, insert, delete, or update).

■ Mandatory security mechanisms. These are used to enforce multilevel

security by classifying the data and users into various security classes (or
levels) and then implementing the appropriate security policy of the
organization.
Pros and cons of DAC
Pros and cons of MAC
Comparing the two approaches
 ROLE-BASED ACCESS CONTROL (RBAC)
• Role-based access control (RBAC) restricts network access based on a
person's role within an organization and has become one of the main
methods for advanced access control.
• The roles in RBAC refer to the levels of access that employees have to the
network.
• Employees are only allowed to access the information necessary to
effectively perform their job duties.
• Access can be based on several factors, such as authority, responsibility,
and job competency.
• In addition, access to computer resources can be limited to specific tasks
such as the ability to view, create, or modify a file.
• As a result, lower-level employees usually do not have access to sensitive
data if they do not need it to fulfill their responsibilities.
• This is especially helpful if you have many employees and use third-
parties and contractors that make it difficult to closely monitor network
access. Using RBAC will help in securing your company’s sensitive data
and important applications.
EXAMPLES OF ROLE-BASED ACCESS CONTROL

Through RBAC, you can control what end-users can do at both broad
and granular levels.

You can designate whether the user is an administrator, a specialist

user, or an end-user, and align roles and access permissions with your
employees’ positions in the organization.

Permissions are allocated only with enough access as needed for

employees to do their jobs.

What if an end-user's job changes? You may need to manually assign

their role to another user, or you can also assign roles to a role group or
use a role assignment policy to add or remove members of a role group.
 SQL Injection (SQLi)
What is SQL Injection (SQLi) and How to Prevent It
• SQL Injection (SQLi) is a type of an injection attack that makes it possible
to execute malicious SQL statements.
• These statements control a database server behind a web application.
Attackers can use SQL Injection vulnerabilities to bypass application
security measures.
• They can go around authentication and authorization of a web page or web
application and retrieve the content of the entire SQL database.
• They can also use SQL Injection to add, modify, and delete records in the
database.
• An SQL Injection vulnerability may affect any website or web application
that uses an SQL database such as MySQL, Oracle, SQL Server, or others.

• Criminals may use it to gain unauthorized access to your sensitive data:

customer information, personal data, trade secrets, intellectual property,
and more. SQL Injection attacks are one of the oldest, most prevalent, and
most dangerous web application vulnerabilities.
 How and Why Is an SQL Injection Attack Performed
• To make an SQL Injection attack, an attacker must first find vulnerable
user inputs within the web page or web application.
• A web page or web application that has an SQL Injection vulnerability
uses such user input directly in an SQL query.
• The attacker can create input content. Such content is often called a
malicious payload and is the key part of the attack. After the attacker
sends this content, malicious SQL commands are executed in the
database.
• SQL is a query language that was designed to manage data stored in
relational databases.
• You can use it to access, modify, and delete data.
• Many web applications and websites store all the data in SQL databases.
• In some cases, you can also use SQL commands to run operating system
commands.
• Therefore, a successful SQL Injection attack can have very serious
consequences.
•Attackers can use SQL Injections to find the credentials of other users in the
database. They can then impersonate these users. The impersonated user
may be a database administrator with all database privileges.

•SQL lets you select and output data from the database. An SQL Injection
vulnerability could allow the attacker to gain complete access to all data in a
database server.

•SQL also lets you alter data in a database and add new data. For example,
in a financial application, an attacker could use SQL Injection to alter
balances, void transactions, or transfer money to their account.

•You can use SQL to delete records from a database, even drop tables. Even
if the administrator makes database backups, deletion of data could affect
application availability until the database is restored. Also, backups may not
cover the most recent data.
•In some database servers, you can access the operating system using the
database server. This may be intentional or accidental. In such case, an attacker
could use an SQL Injection as the initial vector and then attack the internal
network behind a firewall.

Other SQL Injection attack types

SQL Injections can do more harm than just by passing the login algorithms. Some
of the attacks include
•Deleting data
•Updating data
•Inserting data
•Executing commands on the server that can download and install malicious
programs such as Trojans
•Exporting valuable data such as credit card details, email, and passwords to the
attacker’s remote server
•Getting user login details etc
 How to Prevent against SQL Injection Attacks
An organization can adopt the following policy to protect itself against SQL
Injection attacks.
•User input should never be trusted - It must always be sanitized before it is used
in dynamic SQL statements.
•Stored procedures – these can encapsulate the SQL statements and treat all input
as parameters.
•Prepared statements –prepared statements to work by creating the SQL statement
first then treating all submitted user data as parameters. This has no effect on the
syntax of the SQL statement.
•Regular expressions –these can be used to detect potential harmful code and
remove it before executing the SQL statements.
•Database connection user access rights –only necessary access rights should be
given to accounts used to connect to the database. This can help reduce what the
SQL statements can perform on the server.
•Error messages –these should not reveal sensitive information and where exactly an
error occurred. Simple custom error messages such as “Sorry, we are experiencing
technical errors. The technical team has been contacted. Please try again later” can
be used instead of display the SQL statements that caused the error.