2. Managing Multi-User Databases (3) IS 240 – Database Management Lecture #20 2004-04-27 Prof. M. E. Kabay, PhD, CISSP Norwich University mkabay@norwich.edu

3. 2 Copyright © 2004 M. E. Kabay. All rights reserved. Topics Fundamentals of Information Security Database Security Database Recovery Management Issues

4. 3 Copyright © 2004 M. E. Kabay. All rights reserved. Fundamentals of IA The Classic Triad Confidentiality Integrity Availability The Parkerian Hexad Possession Authenticity Utility Information Assurance (IA)

5. 4 Copyright © 2004 M. E. Kabay. All rights reserved. The Classic Triad C IA

6. 5 Copyright © 2004 M. E. Kabay. All rights reserved. Confidentiality Restricting access to data Protecting against unauthorized disclosure of existence of data E.g., allowing industrial spy to deduce nature of clientele by looking at directory names Protecting against unauthorized disclosure of details of data E.g., allowing 13-yr old girl to examine HIV+ records in Florida clinic C

7. 6 Copyright © 2004 M. E. Kabay. All rights reserved. Integrity Internal consistency, validity, fitness for use Avoiding physical corruption E.g., database pointers trashed or data garbled Avoiding logical corruption E.g., inconsistencies between order header total sale & sum of costs of details CI

8. 7 Copyright © 2004 M. E. Kabay. All rights reserved. Availability Timely access to data Avoid delays E.g., prevent system crashes & arrange for recovery plans Avoid inconvenience E.g., prevent mislabeling of files CI A

9. 8 Copyright © 2004 M. E. Kabay. All rights reserved. Problem: Missing Elements Which principle of the C-I-A triad has been breached when A child takes bank card with password in envelope but does not open it? Someone sends threat to President using your e-mail address but not your e-mail logon? Someone converts all the salary figures in your database to Iraqi Dinars? ANSWER: NONE OF THEM – THE TRIAD IS INSUFFICIENT TO DESCRIBE SECURITY BREACHES

10. 9 Copyright © 2004 M. E. Kabay. All rights reserved. The Parkerian Hexad Protect the 6 atomic elements of INFOSEC: Confidentiality Possession or control Integrity Authenticity Availability Utility

11. 10 Copyright © 2004 M. E. Kabay. All rights reserved. Why Parkerian? Donn G. Parker Recipient of Lifetime Achievement Award from NCSC in 1993

12. 11 Copyright © 2004 M. E. Kabay. All rights reserved. Possession Control over information Preventing physical contact with data E.g., case of thief who recorded ATM PINs by radio (but never looked at them) Preventing copying or unauthorized use of intellectual property E.g., violations by software pirates CPI A

13. 12 Copyright © 2004 M. E. Kabay. All rights reserved. Authenticity Correspondence to intended meaning Avoiding nonsense E.g., part number field actually contains cost Avoiding fraud E.g., sender's name on e-mail is changed to someone else's CPA AuAv

14. 13 Copyright © 2004 M. E. Kabay. All rights reserved. Utility Usefulness for specific purposes Avoid conversion to less useful form E.g., replacing dollar amounts by foreign currency equivalent Prevent impenetrable coding E.g., employee encrypts source code and "forgets" decryption key CPI AuAv U

15. 14 Copyright © 2004 M. E. Kabay. All rights reserved. Functions of IA (1) Avoidance: e.g., prevent vulnerabilities and exposures Deterrence: make attack less likely Detection: quickly spot attack Prevention: prevent exploit Mitigation: reduce damage Transference: shift control for resolution

16. 15 Copyright © 2004 M. E. Kabay. All rights reserved. Functions of IA (2) Investigation: characterize incident Sanctions & rewards: punish guilty, encourage effective responders Recovery: immediate response, repair Correction: never again Education: advance knowledge and teach others

17. 16 Copyright © 2004 M. E. Kabay. All rights reserved. Information Assurance (IA) Avoid Deter Detect Prevent Mitigate Transfer Investigate Punish/reward Recover Correct Educate

18. 17 Copyright © 2004 M. E. Kabay. All rights reserved. Database Security Processing Rights I&A Individuals & User Groups Application Security

19. 18 Copyright © 2004 M. E. Kabay. All rights reserved. Processing Rights Who gets to do what to which records? Different functions Modify DB structure Grant rights to users Change records Delete Modify (change) Insert See entire records See selected fields MORE POWER / DANGER LESS POWER / DANGER

20. 19 Copyright © 2004 M. E. Kabay. All rights reserved. I&A: Identification & Authentication Each individual user has unique identifier User ID for operating system logon User ID for DBMS access Connection between user ID and actual person is known as authentication based on What you know What you have What you are What you do User IDs should never be shared

21. 20 Copyright © 2004 M. E. Kabay. All rights reserved. Individuals & User Groups Individual users may have specific rights Call this authorization or privileges for specific functions Can also define rights for groups of people (aka role- based security) Call these user groups; e.g., Human resources clerks vs HR managers Accounting book-keepers vs Accounting managers Managers for different departments May define public or visitor group if necessary Provide safe privileges for specific functions E.g., lookups, interactions for requesting info, subscribing to newsletter….

22. 21 Copyright © 2004 M. E. Kabay. All rights reserved. Application Security DBMS security may not suffice for specific applications Business rules may be more complex than simply assigning privileges according to identity; e.g., Some patient records may be accessible to nurse or doctor only while they are treating a specific patient Some financial information may be locked while SEC is performing an audit Such requirements are programmed at the application level

23. 22 Copyright © 2004 M. E. Kabay. All rights reserved. Topics Database Security Database Recovery Management Issues

24. 23 Copyright © 2004 M. E. Kabay. All rights reserved. Database Recovery Transactions Application Logging Transactions and Log Files Backups & Log Files Recovery from Backups Recovery from Log Files

25. 24 Copyright © 2004 M. E. Kabay. All rights reserved. Transactions What are transactions? Why would we care if a transaction were interrupted by a DBMS failure or a system failure?

26. 25 Copyright © 2004 M. E. Kabay. All rights reserved. Application Logging Benefits of logging Audit trail for security / investigations Performance data Debugging What might a logging process write into the log file when a process is Adding a record? Changing a record? Deleting a record?

27. 26 Copyright © 2004 M. E. Kabay. All rights reserved. Transactions and Log Files Why would it matter to anyone that a log file keep a distinction among different transactions? How does a log file mark an atomic transaction?

28. 27 Copyright © 2004 M. E. Kabay. All rights reserved. Backups & Log Files Distinguish among the following types of backups: System vs application Full (everything) Differential (aka Partial) (everything changed since last full) Incremental (everything changed since last incremental) Delta (only changed data) Log files (only the information about the changes)

29. 28 Copyright © 2004 M. E. Kabay. All rights reserved. Backup Types

30. 29 Copyright © 2004 M. E. Kabay. All rights reserved. Recovery from Backups Discuss how one would use each of the following types of backup in recovering from a system failure Full Differential Incremental Delta

31. 30 Copyright © 2004 M. E. Kabay. All rights reserved. Recovery from Log Files Roll-backward recovery Use log file to identify interrupted (incomplete) transactions using checkpoints How? ____________________________ Remove all changes that are part of those incomplete transactions Roll-forward recovery Start with valid backup Use log file to re-apply all completed transactions Leave out the incomplete transactions Which kind is faster?_____________________

32. 31 Copyright © 2004 M. E. Kabay. All rights reserved. Topics Database Security Database Recovery Management Issues

33. 32 Copyright © 2004 M. E. Kabay. All rights reserved. Management Issues Performance Inflection points Capacity Application Evolution

34. 33 Copyright © 2004 M. E. Kabay. All rights reserved. Performance Management Log files help DBAs monitor and improve application and system performance Identify application errors quickly Identify operators with high error rates Calculate response times on different servers Can monitor trends in transaction volumes Response times Look for inflection points and study reasons

35. 34 Copyright © 2004 M. E. Kabay. All rights reserved. Inflection Points Watch for changes in slope Always find out why pattern has changed Time Resource ?

36. 35 Copyright © 2004 M. E. Kabay. All rights reserved. Capacity Same reasoning: look for trends in disk space usage Identify which applications are growing fastest Project when you will need to increase storage capacity Never let a database fill up to maximum capacity Be curious about any sudden change in rate of growth – find out if there are problems

37. 36 Copyright © 2004 M. E. Kabay. All rights reserved. Application Evolution All applications must change Environment changes Operating systems / DBMS versions Regulations & laws Business needs Therefore databases change DBAs must plan to meet demands for change Keep track of structure, usage Define data repository Full metadata about all organization data systems

38. 37 Copyright © 2004 M. E. Kabay. All rights reserved. Homework Finish very carefully reading all of Chapter 11 using the full SQ3R techniques. REQUIRED by MONDAY NOON 3 rd May (hand in at B&M office) for 26 points Group I Questions #11.37 through 11.49 ALL remaining outstanding homework is due by that date. No further extensions. MK will return all homework to B&M office by Tuesday NOON OPTIONAL also by Monday 3 rd May for 3 extra points each 11.52 and/or 11.53 on p. 327

39. 38 Copyright © 2004 M. E. Kabay. All rights reserved. Final Exam Thursday 6 May 2004 08:00-10:30 Dewey 211 Covers entire course material T/F, short answer, diagrams, short essay,

40. 39 Copyright © 2004 M. E. Kabay. All rights reserved. DISCUSSION