Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 19 Security.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 19 Security."— Presentation transcript:

1 Chapter 19 Security

2 Agenda Database Security Countermeasure Challenge over the Internet
Computer-based Non-computer-based Challenge over the Internet Firewall Web security

3 Database Security Definition Asset Threat Consequence
Mechanisms to protect the database against intentional or accidental threats Asset Hardware Software Communication network Database Individual (user, programmer, operator, administrator, and outsider) Threat Theft and fraud Consequence Loss of confidentiality Loss of privacy Loss of integrity Loss of availability

4 Countermeasures Computer-based controls Non-computer-based controls

5 Computer-based Controls - 1
Authorization & authentication Password and account number Discretionary access control (grant and revoke) Mandatory access control (object, security class, and clearance) Virtual views

6 Computer-based Controls - 2
Logs or journaling Transaction log Violation log Check points Integrity Domain Enterprise Entity Referential Backup (redundant array of independent disks - RAID) & recovery Audit

7 Computer-based Controls - 3
Encryption or cryptosystem Encryption key Encryption algorithm Decryption key Decryption algorithm Symmetric encryption (Data Encryption Standard (DES) Asymmetric encryption (RSA)

8 Example of Encryption - I
Divide text into groups of 8 characters. Pad with blank at end as necessary Select an 8-characters key Rearrange text by interchanging adjacent characters Translate each character into an ordinal number with blank as 0, A as 1, B as 2… Add the ordinal number of the key to the results Divide the total by 27 and retain the remainder Translate the remainder back into a character to yield the cipher text

9 Example of Encryption - II
Message: DATA COM Key: PROTOCOL A D A T C M O (switching) (adatc mo) (protocol) (sum) remainder Q V P M R C A SPACE

10 Example of Decryption - I
Divide cipher text into groups of eight characters. Pad with blanks at end as necessary Translate each cipher text alphabetic character and the encryption key into an ordinal number For each group, subtract the ordinal number of the key value from the ordinal number of the cipher text Add 27 to any negative number Translate the number back to alphabetic equivalents Rearrange the text by interchanging adjacent characters

11 Example of Decryption - II
Q V P M R C A SPACE (qvpmrca ) (protocol) (substract) plus A D A T C M O D A T A C O M

12 Non-Computer-based Controls
Security policy Contingency plan Person, phone no., procedures Site (cold, warm, or hot) Personnel control Reference Termination Training Balance of duty Escrow & maintenance agreements Physical

13 Challenge over the Internet
Privacy (inaccessible except sender & receiver) Integrity (no change during transmission) Authenticity (genuine sender) Non-fabrication (genuine receiver) Non-repudiation (sender can not deny)

14 Firewall Definition Types
A system to prevent unauthorized access to or from a private network Types Packet filter (difficult to configure and subject to IP spoofing) Application gateway (degrade performance) Circuit level gateway (TCP or User Datagram Protocol UDP) Proxy server (performance & filtering)

15 Web Security Message digest algorithms and digital signature
Digital signatures & Certificate Authority (CA) Kerberos: centralized security server (certificate server Secure Sockets Layer (SSL) for data & Secure HTTP (S-HTTP) for individual message Secure Electronic Transaction (SET) for credit card & Secure Transaction Technology (STT) for bank payment

16 Points to Remember Database Security Countermeasure
Computer-based Non-computer-based Challenge over the Internet Firewall Web security

17 Assignment Review chapters 5-6, 11-14, 19 Read chapter 20 Exam 3
Date: Project Normalization and Corrected EER diagram due date: SQL, corrected normalization, and EER diagram due date:

Download ppt "Chapter 19 Security."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 8 Web Security.

Chapter 8 Web Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

Similar presentations

Ads by Google