In the modern days, a database safety has become a huge argument in the technical world. The Database safety affirms the security of database against danger. It is majored within information safety control that is in line with the data armament, the applications database or stored operations safety, database servers, database systems safety and affiliate network links safety. All of these security methods are essential when database management system is built in a way and developing for providing safety to database. Recently, the security threats in the mobile database has become of more significant concern and needs to have a solution in order to prevent those prone to danger. Mobile database is a distinctive class of allocated systems. The old safety database cannot deal with malicious attacks by persons with legal entity and is not cost effective to users having different safety needs. The network database security dangers are not permitted move or misuse by permitted database users, authority database, or network or system executive, disproportionate access to delicate data, metadata or action within databases or unsuitable alteration to the programs database, makeup or security configuration. As if that is not enough, contamination of malware causing circumstances like unpermitted access, leakage as well as revelation of personal data, deletion of contamination to the data program, interruptions or prohibition of access of permitted persons to the database.
The communication has basically turned to be more of an everyday necessity in the current universe by use of computer to communicate with other people as well as in the business world to help in the creation of advance documents, drawings, and data storage With this advancement of technical knowledge, it has led to an increment in need for internet and file safety. More companies have developed a need for a fast and efficient way of data transmission for various purposes within their organizations. With the increased use of the computer, there is a big concern that the information that they have stored is vulnerable to attacks and manipulations. It is thus significant for organizations to incorporate security measures so users both within the company and outside the company do not obtain, change, and even destroy the data that is contained on their database. There exist diverse database safety dimensions that a company can enforce in order to supply enough safety. The corporations will need to keep on enhancing their security measures up to date as new things are discovered or exploited. Organizations will also need to understand that when dealing with data security it is a continuous process, it is continuous and ever-evolving process. Among the warnings for telecommuting are; computer viruses, password hacking, self-theft, and social engineering. The security gurus at Tech Target’s warn that the only way to make your computer completely hacker proof is to turn it off or disconnect it from the Internet. It’s significant for data security experts to guarantee system safety for the organizational data. The following are the essential safety products and methods, which supported the research;
Safety in database is a key thing that many of us forget to include. This is because we basically think of securing as something in our computer systems is all about making sure that the web server is safe. That’s not all. This leads to the database being overlooked leaving it with vulnerabilities and many dangers. Other organizations and individuals overlook the database as a place to keep the data and think to be a place where most of the businesses are stored. We need to protect it so that it can function well. If left unsecured it can course a lot of damages to daily organizational functions.
Virtual Private Network (VPN)
A VPN can be containing of one or several computers systems metered together to a single computer. A private network is a directed line and set of equipment with the major goal of permitting two or more devices to pass data from one pc to another securely. Tremendous raise in telecommuting has made the use of VPN technology. VPN uses only encryption technical knowledge to build computer messages incomprehensible as they move between computers.
As hackers try to find access into one’s PC, telecommuters have to secure their systems with strong passwords. Usually, enduring passwords mean hackers can be kept from accessing the computer system because of the length of time required for the pattern to be broken into. For IT experts and data security experts, a good advice for choosing good passwords would be a mixture of upper and lower case letters, numbers, and special characters.
For added protection, anti-virus software programs exist to protect telecommuter’s computer systems from viruses, worms, and Trojan horses. Anti-virus programs are designed to scan a computer system to find and rid the system of such malicious programs. They are effective against known viruses but they are not effective on unknown viruses or on computer systems that have not been updated.
Organizations should have removable hard disks or devices to allow data to be put in different from the computer. Removable hard disks also allow to have duplicate copies of data in cases of theft and other incidences.
Outward and inner Attacks
To minimize the likelihood that hackers, either via inner or outward assails, will access private data from the database, corporates should use multiple database servers. This necessitates storage of information on two different servers and thus encourages safety. Hence, if a hacker acquires access to the database, they will only acquire light information of data. The application server collects data from the web and then sends it to the database server. Hence, the only actual data that the identity assail may be able to get access to is packets that are being gathered and this is a very small figure of concession of database. With the encryption keys divided among three different database servers, if access was granted to the database server the invader would not manage to acquire the complete data from the corporate and would not be able to use the data badly that they did got. Invasion would be able to acquire private data that they would be able to totally use would be by getting full control to all three database servers.
Network Intrusion Detection System (NIDS)
A significant part of safety and an extra measure of safeguarding with the firewall is the Network Intrusion Detection System (NIDS). NIDS measure is designed to look after the movement of data over the LAN. The general function of the NIDS system is to notify safety user that an assail is being carried on and whether or not they have made it through in breaking in or are in the process of breaking into the system. Again, the NIDS complex can give essential information concerning the traffic incident that is coming into the network and if the traffic poses any security warnings.
Network Sniffers and Proper Encryption
Network sniffers assist to grab data as it is moved through the network from the client to the application server. Once they get authorization to the data, they will misuse it. Encryption is the procedure of character substitution in a manner determined by an encryption procedure. In some cases, only integrity protection may be needed, and then confidentiality protection would not be required. The non-repudiation protection standards have proof that a third identity was the formal of a transaction and that the message was not interrupted. Encryption is necessary when the data is passed to other sites, this way if someone gets to it, they will not be able to know the data that they obtained. Therefore, encryption requires a chipper system which consists of the following elements:
1. Encrypting algorithm: This takes the normal text, as input, performs some operations on it and also produces the encrypted text, which is usually a cipher text, as output.
2. Encryption key: This is fundamentally, the flow of the input for encrypting the algorithm, and commonly chosen from a big set of likely keys.
3. Decrypting algorithm: This usually works on the cipher text as input and can result a plain text as output.
1. Policy issues in the institutional, governmental or company level as to which models of information should be made publicly available.
2. Legitimate and the ethical issues regarding the right to reach for certain information. This is because certain information may be set to be private and cannot be available to anyone not allowed to or not permitted.
3. The urge in some corporates to discover diverse safety standards and to put in order the data and users regarding on these classifications for example top secret, secret, confidential and unclassified. The security policy of the corporate with respect to granting permit to diverse classifications of data must be implemented.
The Need for Security
When the DBA is given too much authority and control without any restrictions, the system as a whole could become compromised. Thus, the whole system could become compromised if a DBAs account is compromised. If you want to add more security to this type of system, you would want to use segregation of duties and systems. This way, there exists more than one DBA hence not one of them can affect any changes minus the permission of the other DBAs. That way more safety is added with all of the power because not one identity is entrusted. They are responsible for system security in the drawing, developing, organizing, managing, and controlling the database in accordance with company’s security policies. They also play the role of necessitating the security access administration function with the necessary data to maintain user IDs and privileges. Lastly, they take the role of recovering databases in a secure manner when damaged or compromised.
Implementing the Improved Security
Companies should at least upgrade the standards of safety that does not only contain one application but they will use several different layers that work together to make a safer environment. For instance, they may begin with a firewall and thereafter add a process of safeguarding the application servers. With this kind of start, the corporation hopes that the general result the company in the safer environment with less accessibility by unpermitted persons. A corporate’s reputation can be spoilt if private data is accessed by an unpermitted user.
Further Security Improvement
Lightweight Directory Access Protocol (LDAP) is always used to get authorization and to socialize within a directory. For instance, a client would get into the directory using LDAP to track a certain certificate. The LDAP showed to be of much more efficiency in getting data than the DAP. Thus, it is now considered to be the more legitimate way of acquiring data on a directory. For instance, to enforce the LDAP, there must be rules set that gives direction of the use within a company and its clients. These rules would include the following:
• Confidentiality which would picture the way workers could obtain the data. This action would let the workers know that the data in the server is very confidential and should not be shared with the others. Therefore, the worker’s news of the importance of confidentiality would apprehend, deter, or discover the misuse of information that was obtained off the server that could include giving the data out when they shouldn’t have.
• Integrity of the data would make sure that the end user does not alter any information without going through the proper channels. Some type of obtaining control would be implemented to help control the honour.
• Authentication which is automatically built into the LDAP. They include general, simple, and strong. The general is read only. With the simple, the user would be connecting only after the correct ID and password were entered. With the firm password, the user would only be connected after entering the certificates.
• Non-repudiation- test that would make sure that the worker was really the one who sent the data. Non-repudiation, which is the use of a modern signature, does not provide enough proof of who signed it and would not hold up in the court of law because they cannot prove who signed it.
• Backdoor Access shows that a corporate would wish to make sure that the company retains privacy, company must also make sure that there is no chance that someone can obtain security to the network or the server and acquire data from the directory.
• Command Layer: command layer ensure that layers can be made available within the server. The safety that requires to be enforced put into consideration at this level is the urge of privacy and honour of the data and someone trying to hack the system. Some of the safety tests that require to be considered are getting rid of any unnecessary services or programs, not operating LDAP on the same server as other services that you have, keeping some of the data confined such as the file store from the network, and being objective when you want to know what administrative rights you give to the server.
• Data Layer: This layer outlines what can be done to the data that can be obtained. Some things that you will want to put into consideration; know what data you want to keep confidential and what data you want to keep open to everyone. With the public data, you could consider having that data be obtained outside the firewall.
One additional test would be of an extra firewall that would be configured to another network that is disconnected from the demilitarized zone. The computers that are not within the firewall intercept traffic and broken requests for other part of the LAN hence boosting extra safety. This way, when you make a device compatible to another you only allow very small traffic, the corporate will therefore end up with a safer database server. Therefore, if an assail is made to the DMZ, the second firewall will safe guard against the invader trying to get to the database server. The safety that you can get while operating the DMZ design includes: the aptitude to apprehend invader, data linkage and fraud, and doubtful user confidentiality and data honour. Furthermore, the data centres need firewall sieve for traffic that have a safety danger thereby enhancing additional prevention to the corporate’s data in the Demilitarized zones (DMZ) and extranet server farms. Research endeavours are required to be devoted in things like:
1. Data quality
The society requires technical knowledge and arranged answers to assess and measure the aspect of data in database. These techniques comprise of cheap mechanisms such as quality stamps that are posted on websites. Also needs techniques to give more productive honour semantics affirmation and tools for the appraisal of data quality, regarded on techniques such as record linkage. Standards reformation techniques are also required for automatically repairing wrong data. Afterwards, what is referred as Extract Transform Load tools extensively for loading the data in the data warehouse that are soon grappling with the issues.
2. Intellectual property rights
Legitimate and informational aspects of data are becoming major concerns of organizations with the diverse connection to the internet. To address these issues, watermarking techniques for relational data have recently been put forward. The major use of digital watermarking is to guard content from unpermitted copies and distribution by authorizing confirmable ownership of the content. It has traditionally depended upon availability of the big noise field within which the object can be changed while remaining with its important details. However, research is required to assess the robustness of such techniques and to inquire on diverse approaches targeted at apprehending intellectual property rights breaching.
3. Database Survivability
Database organizations are required to do and continue their process even with decreased abilities, despite distracting occurrences such as data warfare assailing. A DBMS make every exertion to apprehend an assail and detecting one in the affair of occurrence and should be able to do the following:
• Confinement – act immediately and take action to get rid of the invader’s access to the system and to confine or contain the issue to apprehend further spread.
• Damage assessment – know the degree of the issue including failed process and disrupted data. A good DBMS should help fix such problems when it arises.
• Reconfiguration – Reconfigure to have a chance for process to take place in a degraded mode when the recovery carries on.
• Repair – Repair perverted or lost data and repair or reinstall failed organization functions to re-establish a normal standard of process.
Conclusion and Recommendations
It is clear that, there might be no database that can be innovated that will keep out every invasion in whatever way since every one and then invaders are working their ways of attacks. This means there is no resting in the field of safeguarding the databases. There have been upgrades to tighten the safety so that the invasion is reduced to minimal cases. We also know that invaders always will keep trying to get authority to any corporate. To acquire raw data for their own benefits or for any other reasons, which leads to high technical safety measures. Many companies lose data which causes losses to their firms in any way or another or may cause other effects such as theft and corruption. Thus raising big alarm in the database safeguard. The reason under safety is so that the danger to the company can be minimized and so they can have all tests possible to keep their environment free from invasions. There are a number of things that companies must put into consideration, such as cost effectiveness, vulnerabilities present and most confidential information. A company also has to keep in mind that the effort to keep an environment safe is a continual process. A good software serves business needs and is concerned on the network root and business environment. It should also be user friendly. The managers should ensure a good software is installed to solve all the worker’s issues. The vulnerabilities in a company should be made before it is scattered. . Thus safety structure for this kind of database organization shows safety administration and management operations for example the administration and reporting of persons obtaining rights, log management. Diverse safety related actions that is manual are usually put into the process, outlines concerned with the depiction, configuration, use, administering and service of databases
Afyouni, H. (2009). Database Security and Auditing. Boston, MA. Thomson Course Technology.
E-Week (2006). Database Security. Accessed on June 18, 2010
Fenson, B., & Hill S. (2003). Implementing and Managing Telework. Connecticut: Praeger Publishers. Hummel,
Natan, R. (2010). 8 Steps to Holistic Database Security. Guardiam (IBM)
Palmer, M. (2003). Guide to Operating Systems Security. Boston, MA. Course Technology.
Phifer, L. (2003). Securing Teleworker Networks. Business Communications Review Vol.33, Iss.10, pg.28. Accessed January 10, 2010 from ProQuest.
Iqra Basharat, Farooque Azam, Abdul Wahab Muzaffar,”Database Security and Encryption: A Survey Study”, International Journal of Computer Applications (0975 – 888) Volume 47– No.12, June 2012