The term database security refers to the control of privacy and integrity of
large data stores which are usually managed by a software program known as a
database management system. At present, such databases are used by an
enormous number of companies to store an incredible variety of data.
Typically, this data is extremely important to organizations and individuals,
and can also be of a very confidential nature; examples of such data include
bank account information, credit card information, medical records and inventory
records. It is clear that this data must not be accessible to unauthorized
persons (privacy), and that unauthorized persons must not be able to alter this
Maintaining privacy and integrity of a database
is not a trivial task; consequently, many instances of security breaches of
databases appear in the news and result in significant problems for both
companies and individuals. Some notable recent incidents include the theft
of 45.7 million credit card numbers along with other personal information from a
TJX database in January of 2007, and the theft of 40 million credit card
numbers from the database of a transaction processing company, CardSystems,
revealed in June 2005. In order to help prevent such database security
breaches from occurring, there are numerous security mechanisms that can be
employed. These security mechanisms can be grouped into the categories of
server security, access control, and encryption. Modern database management systems
Oracle Database 10g,
and Microsoft SQL Server 2005
provide a wide variety of such security mechanisms.
A typical database server system: the IBM System p5 570. This includes multiple cores for processing, and terabytes of disk storage for storing data.
One of the most critical issues related to database security is the security of
the server that the database resides on. If this server is not secure,
then unauthorized users could possibly gain access to or modify the database
regardless of how secure the database itself is. Some of the more important
things to consider are:
A proper treatment of server security is beyond the scope of this article, but
there are many books and online resources providing detailed information on
server security for machines running different operating systems and providing
- Ensure that the machine containing the database is directly connected to as few machines as possible (avoid direct connections to the internet!).
- Keep database servers and web servers on separate machines.
- Control user access to the machine hosting the database server.
To be useful, a database must allow users to connect to it in order to retrieve
or modify data. Precisely controlling the access that users have to the
data is imperative, and can be accomplished in several ways including setting up
privileges and the use of views.
Given the wide variety of data stored within any single database, it is crucial that users of the database
are only allowed to access and modify what they really need to. In order
to accomplish this, proper privileges must be assigned. All modern
database management systems allow the specification of privileges which
determine what actions users are allowed to perform and which database objects
they are allowed to perform these actions on. Examples of such privileges
would include the ability to select, insert, update or delete data from a
specific table in the database. In addition, the ability to assign privileges to
a whole group of users is generally provided in order to make the setup and
maintenance of privileges manageable. In this manner, a set of database
privileges which would be appropriate for a certain type of employee, such as a
sales clerk, could be assigned to a user group, and then all users who require
these privileges simply need to be added to this user group.
Often, a single table in a database may contain confidential as well as non-confidential data. For example, a table which records customer transactions may
store the customer's name, what they purchased and when, and the number of the
credit card that they used to pay. Allowing all this data, including the
credit card information, to be visible to many people would be a serious
security issue. Instead, a view can be created which allows users to see
only those certain data columns of the table which they are supposed to.
Additionally, the users could still modify data in the original table (provided
they have permission) using the view, and these modifications would be subject
to any integrity constraints that the original table may be subject to.
Using encryption in databases is another security tool that can be employed to help ensure that unauthorized users cannot obtain
confidential data. Encryption can be employed at two different levels when
dealing with databases: at the communication level, and at the data storage
level (often referred to as simply data encryption).
Communication encryption refers to the encryption of data for the purpose of
transmission across a network. The use of this type of encryption is
available in many modern database management systems. Firstly, a secure
connection to the database server is established using a protocol such as SSH,
then as data is read from or sent to the database, it is encrypted prior to
transmission and decrypted upon arrival at its destination. This makes it
very difficult for anyone capturing this transferring information to actually
retrieve coherent and useful data. The need for communication encryption
with a database can often be avoided altogether by ensuring that only
trusted hosts have a direct connection to the database server.
In contrast to communication encryption, data encryption deals with
permanently encrypting a database's data on the storage device on which it
resides. This form of encryption is a great defense against several
threats which communication encryption does not protect against at all.
Firstly, if a user was able to gain access to the machine on which the database
is stored, the actual files containing the database data could be accessible to
them. In this situation, no matter how secure the database was, the user
could simply read the data directly from the file rather then going through the
database management system. Secondly, if the physical storage devices
containing the database were stolen, the thief could again likely access the
database information directly from the files on the obtained storage devices.
Several current database management systems allow encryption of the database
on the storage device, although there are often limitations to the types of data
that may be encrypted in an active database. Furthermore, this type of
encryption can cause significant overhead during transactions due to the need to
decrypt data to be received, and encrypt data to be stored. Data
encryption is one area which many database management systems are still
attempting to improve on.
http://www.sun-sentinel.com/business/local/sfl-ztjx30mar30,0,3628774.story?coll=sfla-business-front TJX reveals 45.7 credit card numbers stolen by hackers
TJX: At least 45.7M card numbers stolen
40 Million Credit Card Numbers Hacked
http://www1.umn.edu/oit/security/serversecurity.html Server Security
- Bhavani M. Thuraisingham(2005). Database and Applications Security. CRC Press.
Web Server Security
Tools for Linux Security
Database Security (common sense principles)
Oracle Database 10g
Microsoft SQL Server 2005
Database Encryption 101
Author: Mike Darmitz
Last Updated: April 6, 2007