Security Issues for a Database System Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

Security Issues for a Database System

The biggest questions that any database system must check to ensure the proper operations of the system and the security of data within the system can be understood by following the three guidelines. The first question is to check whether the system administrators themselves are following the guidelines that have been established for the proper operations of the system. The second important question is to ensure the application of the latest patches by all the administrators of the system, This is very important as all the system administrators are not at one place and cannot directly check on each other, and the checks are essential for the security of the system. The final important question is to ensure that all the latest patches are properly tested out before they are used. If this is not done, then instead of solving the present glitches with the system, they may end up causing more problems. (Database Security)

These are very serious issues and must be dealt with in all seriousness as the fastest growing crime in the United States today is the theft of identities by outsiders who really do not possess those identities. This is only the gateway to obtain unauthorized information from the organization. This can cause misuse of information in various ways like borrowing or paying out large sums of money to different people who are not entitled to it, transferring personal purchases to other identities and thus causing harm to the individual or the organization, or even stealing large amounts of confidential data. How is this done? The normal procedure is that an individual steals somebody else's identity, and then uses that identity to collect the information from his database which is stored on the computer. There are certain security portals that the person must pass through to get at this information, and this process of gaining access is through a process known as authentication. This process is supposed to identify the individual whose database is being accessed. This process of authentication is not a part of the database itself, but is a part of the outside security facility. This may be a part of the operating system of the total system like it is in AIX, Solaris, Linux, HP-UX, Windows 2000/NT, etc. (Database Security)

In certain cases, this security is being provided by an add-on product like Distributed Computing Environment Security Services. In some of the systems there are no checks at all like Windows 95, Windows 98 and Windows Millennium. It is important for the security of the database to ensure that a security facility be made proper for access to the database. The general process of using a unique user ID and a corresponding password must be used. This must be known to only the user and the security checking people only. The user ID identifies the user to the security people or system, and the password confirms that the user is indeed the person claiming to have that user ID. (DB2 Universal Database Security) This process must be carried out in the organization as a whole, from coast to coast, as otherwise the security achieved one part of the organization will be nullified by the laxity of another part. It is very easy to approach the database of the other office from the not so secure office, and his firewall has not been configured properly. This can damage the entire database of the organization, and this can be achieved only if the seniors are looking at the total picture and not only at the small parts of the organization. (Database Security)

The flaws in the security system for any database come from the securities at different points - server security, database connections, table access control and restriction of database access. The first point mentioned is the most important. In simple terms this means that the access to the database must be restricted for the different users of the database, and people who are not concerned with the data should not be permitted to even see it. Once they know that it exists, there is an increase in the temptation to get at that data. For this purpose, the dynamic web pages of any system that can be accessed by most people within an organization should be housed in a different machine, and this is required so that the system can be accessed at a fast enough speed. From this, the data can be loaded on to the main web server of the organization, but only selected people should be able to access the web server. This will help in the preservation of serious data for the people who deserve access to the data. This will prevent misuse of the important data that is stored in the web server. (Database Security)

We have already entered the second area of the security system - the client workstations. Here, some of the workstations exist that are not having a tightly integrated security facility, and are also not tightly checked for security during use. This can even happen due to the systems that are being used there like Windows 95, Windows 98 and Windows Millennium. When these systems are being used, those stations must be automatically treated as un-trusted clients, and they cannot have access to the main database. The trusted clients who have to have access to the main database have to use operating systems that contain an integrated security facility like Windows NT, Windows 2000, all supported versions of Unix, etc. This should be used as the first step to establish the authenticity of the connection. (DB2 Universal Database Security)

Then it is evaluated for the authorities and privileges that can be given by the DB2 Database Manager. The privileges may be individually assigned, or even assigned as a group. This will tell the database the operations that the user is permitted to do. Authorities give the user the right to perform certain high level administrative, maintenance or utility functions with the database. The privileges of the user permit him to use the database in different ways like formation of tables and views. The users are permitted to work with only those objects for which they have the required authorization and if they try to enter any other area, the permission will not be given by the DB2 Database Manager. If these cause problems for some users, the status of any individual user can be changed by using the add user command. In certain cases even the add group command may be used, or in certain cases the privileges may even be removed by using the revoke user command. These actions have to be looked at very carefully by the database management so that the proper privileges are only granted. (DB2 Universal Database Security)

The next important question is that of table access control, and the proper application of this requires a lot of application of logic. This will require a lot of collaboration between the system administrator and the database developed. A simple example would be the facility that is available to a table which inputs the information to the database. When the person is feeding in the data, then he should not have a requirement to look at the data in the same period. If a person just needs to refer to the data, then why should he have any facility other than read available? These are the main questions in the area of database security, and the main area where security is required is that of the server. These are most often attacked through the Internet and the attacks through the Internet have been very common recently. The first step will be an attempt to find out whether the machine is at a specific address. This is…[continue]

Cite This Term Paper:

"Security Issues For A Database System" (2004, February 23) Retrieved December 10, 2016, from

"Security Issues For A Database System" 23 February 2004. Web.10 December. 2016. <>

"Security Issues For A Database System", 23 February 2004, Accessed.10 December. 2016,

Other Documents Pertaining To This Topic

  • Security Issues Creating a Site

    Even though there is always some form of a risk involved in the coding technique together with the deployment methods of a website, some technologies such as PHP and MySQL form some of the worst aggravators of online website security. The loopholes that exists in the use of these technologies results in some of the worst hack attacks and security breaches ever experienced in the field of web design. The

  • Privacy and Legal Issues to Consider for a Database System

    Private and Legal Issues in Database Privacy and legal issues to consider for a database system An essential component in the success of managing database is that management should be concerned with ethical and legal issues associated with both the creation and use of those data in the databases. The use of the database technology provides access to all kind of information about customers, employees, and subjects. However, it has often become

  • Security Issues and Features of

    The authors have expertise with Oracle databases and use examples from the enterprise products this software vendor provides to make their point regarding security of highly distributed networks. One of the more valuable aspects of this specific paper is the focus on how to create a multilevel secure environment in an enterprise. The authors have done enterprise-level database security work in their careers and this article and research communicate

  • Security Issues in Cloud Computing

    Despite these concerns however the world's largest companies still actively promote and routinely hype the value of cloud computing without mentioning the myriad of risk associated with this platform, despite its continual maturation from a security and stability standpoint [2]. An example of this is type of hype is when Microsoft's Steve Balmer described cloud computing as the next frontier and Dr. Ajei Gopal verified that the cloud is there

  • Database System Can Be Defined

    These laws also emphasize that obtaining such personal information and how it will be used should be made with the individual's knowledge and consent. Moreover, individuals also have the additional rights of viewing, correcting, and deleting the information pertaining to them. But do we really have access to all information that is being taken from us? We can never tell and we might end waking up one day being

  • Security Issues of Online Communities

    This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are:

  • New Database System Florodex Is

    Exercise 10-15 Subject: The need for information security Recently my proposal for a new set of control procedures was criticized as being "unnecessary red tape." I fully understand and share the concern. Reducing red tape minimizes costs and also reduces the chance for miscommunication and errors. Red tape can be detrimental to productivity. However, I can assure you that the recommendations in question are not red tape but are based on a sound

Read Full Term Paper
Copyright 2016 . All Rights Reserved