can define data as recorded facts and numbers. From this we can define database
as the structure used to hold or store that data. We process this data to
provide information. Hence in general terms we can define database as
structured set of data that can be accessed, managed and updated in various
Security refers to the utilization of wide scope of data security measures to
ensure and secure a database or database administration software against their
secrecy, Integrity and availability.
Importance of Database Security:
this modern information technology age, it is very important for wide range of
organizations to make avail their data resources online constantly through
databases. Databases often hold the backbone of an organization. The security
of database is not only important in organization but also even crucial in
personal computers where important files are stored. Hence it is crucial to
establish security guidelines for every database. Databases contain important
information related to transactions, clients, employee information, social
security number, credit card details, financial data and business transactions
and much more. Insecurity of database affects not only that particular database
itself but also affects the other databases which have relationship with that
databases. This entire data is very sensitive and highly confidential and must
be prevented from various threats occurring in different ways.
main aspects of database security are as follows:
Ø Secrecy/Confidentiality :
It is concerned with
improper disclosure of important data.
To protect the
data from unauthorized users.
Makes sure that
users have the authorization to do things what they want to do.
technique is used to make sure that only authorized users can access the data.
It is a basic
component of information security.
It is concerned
with inaccurate modification of information.
users should be allowed to make modifications to the data.
· The term availability is concerned with
inappropriate disclaimer of access to information
· No risk assessment.
· Authorized user must be provided with all the
data with proper credentials.
When it comes to security threats, they are
nearly the same. However, the bias procedure routine with regards to security
hack changes. Thus we should know about constantly trending database security
dangers keeping in mind the end goal to make sure that our database is secure
to the maximum level. Some of the database security threats are as follows:
§ Excessive Privilege Abuse
§ Legitimate Privilege Abuse
§ Privilege Elevation
§ Database Platform Vulnerabilities
§ SQL Injection
§ Weak Audit Trail
§ Denial of Service
§ Database Communication Protocol
§ Weak Authentication
§ Backup Data Exposure
Some of others threats include threats caused
from different kinds of viruses which include
§ Macro Viruses
§ Direct Action Viruses
§ Directory Virus
§ Web Scripting Virus
When clients are granted more than required
benefits to access database that surpasses the requirements of their job, these
benefits may be abused.
This occurs mainly due to the errors/faults
made by the database administrators as they did not find time to update the controlling
access to users.
Users may also abuse legitimate database privileges
for unapproved purposes. For example when a person/healthcare worker imports
the data of multiple patients from hospital database which are not accessible
as the application structure is designed in such a way that only one patient
data will be accessible at one time. This causes threats as the information can
be used in many other purposes.
Hackers may take advantage of the database
platform software vulnerabilities to convert access benefits from those of a
common client to those of an administrator. These vulnerabilities may be found
in database design while writing stored procedures, SQL statements, table
designs and many more. With this privilege elevation the hacker may cause lot
of security issues to the organizations.
Vulnerabilities in underlying operating
systems like windows/Mac/Linux and other malware software’s installed on the
database may result in several threats to data in the database. It results in
data loss, hacker’s may get access to the database and eventually results in
In this hacker inserts some SQL statements
which are not authorized into the vulnerable SQL data channel. As a result of
this SQL injection the data channel containing the important information
related to all the clients and website applications gets corrupted and becomes
accessible to the hacker.
Mechanized account of all delicate as well as
uncommon database transactions ought to be part of the establishment
fundamental any database arrangement. Weak database audit policy results in
serious organizational threats.
Denial of service is a threat in which the
access to some of the important data is denied or not allowed to many users.
The authorized access will be given to only limited users. But, this may be
taken by taking advantage of the bugs present in the database or some of the
techniques mentioned in the above threats.
Communication Protocol Vulnerabilities:
A very large growing number of security vulnerabilities
are being identified in the database communication protocols of most of the
database traders. Database traders like Oracle fixed their 11 out of 23
database communication protocol vulnerabilities recently.
Due to weak authentication attackers may get
the authorized information like login credentials from the clients or the
administrators in many possible ways which results in the loss of data.
The devices used to store the backup data are
mostly unprotected and as a result attackers uses several techniques to get
those backup data devices and heard disks.
Macro viruses are software infecting files
using some applications such as Documents, XLS and
MDB programs. These viruses usually hide in
shared documents via e-mail and network.
Direct Action viruses duplicate once they gets
installed. After it meet a particular condition it infects the entire
directory. One of the Direct Action Virus which we can find mostly is Vienna
Web scripting virus is a malware software that
breaches your web browser security. As a result attackers can access control
your web browser and steal your valuable information.
The main solution
to reduce excessive privileges abuse threat is to control the query-level access.
abuse threat can be reduced by controlling access not only to the query level
but to the context surrounding the database access.
elevation can be reduced by the combination of Intrusion Prevention System and
query-level access control
Vulnerabilities can be prevented by software updates and Intrusion prevention.
prevention, Query-level access control and event correlation can be combined to
prevent SQL injection.
separation of duties and cross-platform auditing together reduce weak audit
validation technique can be used to prevent database communication protocol
authentication mechanisms and technologies should be implemented in order to
reduce attacks of weak authentication system.
· In order to protect the backup data all the
data must be encrypted. This reduces the threat to the unprotected backup data.
Ø The DMCS framework will utilize a few distinct
kinds of security techniques to guarantee the classification and security of
the customer information.
associated with the administration, process, and development of information
might have limitations on access to hardware and documents.
instructional classes on the significance of security, and a comprehension of
security strategies and methods.
be introduced to shield the system from potential hackers.
Ø The database and the data records will
incorporate validation strategies, consents for documents, get to checking, and
a password policy to strengthen the security of the DMCS framework.
1) Ten Database Security Threats How to Mitigate
the Most Significant Database Vulnerabilities
Type Lister. “The different types of
computer viruses. Internet:
Oct. 9, 2014Jan. 16, 2016
3) Inside the
Mind of a Hacker: Attacking Databases with SQL Injection. (2017). Security Intelligence. Retrieved 16 January 2017:
4) Ravi S. Sandhu and Sushil Jajodia. Data and
Database Security and Controls.FairFax, VA: Auerbach, 1993, pp. 481-499.