Database Security and Data Protection Suseel Pachalla, CISSP.

Slides:

Advertisements

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

Oracle Database Security

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

Database Management System

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Security Controls – What Works

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Stephen S. Yau CSE , Fall Security Strategies.

Chapter 19 Security.

1 Database Security & Encryption

Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.

Storage Security and Management: Security Framework

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Attacks Against Database By: Behnam Hossein Ami RNRN i { }

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Security Architecture

SEC835 Practical aspects of security implementation Part 1.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Additional Security Tools Lesson 15. Skills Matrix.

Database Vulnerability And Encryption Presented By: Priti Talukder.

Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

K E Y : DATA SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Hardware (Storage, Networking, etc.) Big Data Framework Scalable.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Information Systems Design and Development Security Precautions Computing Science.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.

CS457 Introduction to Information Security Systems

Security and Encryption

BOMGAR REMOTE SUPPORT Karl Lankford

Systems Design Chapter 6.

Information Security Awareness

Presentation transcript:

Database Security and Data Protection Suseel Pachalla, CISSP

Outline  Why is Database Security Critical?  Database Environment  Database Security Threats  Database Hardening  Database Activity Monitoring/Auditing  Database Encryption  Risk Reduction  Business / Solution Challenges  Solution requirements  Recommendations  Q&A

Why is Database Security Critical ?  Protect Data from Internal/External Threats- Intellectual, Business Confidential Information, Customer and Consumer Data, Employee data etc  Separation of Duties  Data Integrity  Regulatory Requirements-GLBA, HIPAA etc…  Of course, to protect sensitive Data

Database Environment  Network Environment-Internal/External  Hardware- Server, Desktop etc  SHARED Environment- Co-Existence of different Applications  Off Shore Environment  Environment-Specific to OS/Database

Database Security Threats  Insider Threat  Authentication, Authorization and Access Control-(AAA)  Privilege Abuse- Legitimate/Excessive/Elevation  SQL Injection  Weak Audit Trail  DB Platform Vulnerabilities  DB Communication Protocol Vulnerabilities  DOS Attacks

Database Hardening  Least Privilege  Secured Infrastructure  Access Control  Disable/Rename unwanted accounts  Password Management  Patch Management  Securing Ports

Database Activity Monitoring/Auditing  Monitoring is a Detective control, not preventive.  Access Policies-Well Defined to Monitor  Impact on application and Network Performance-Monitoring  Auditing Audit what is required Disk Space Issues Audit as per Regulatory Requirements

Database Encryption - Strategies  Encryption of Data within or outside the database ClientApplication Server Database ClientApplication Server Encryption within DBEncryption outside DB Database Key management server

Database Encryption - Methods  Generic Encryption Methods: Symmetric Encryption – uses same key to encrypt and decrypt, usage of Block Cipher or Stream Cipher, Algorithm usage such as 3DES, AES with a key length of at least 128-bits. Asymmetric Encryption- Uses a pair of keys, mainly used for data transmissions.  Kinds of DB Encryption: DB File Level Encryption DB Column Level Encryption

Symmetric Database Encryption  Encryption Process SSN Encryption Key + Encryption Algorithm Encrypted SSN –

Risk Reduction – Database Encryption  Risk is reduced, in case of Theft of media Abuse of DBMS privilege Abuse of OS system level privilege Theft of Privilege Transaction record tampering

Business / Solution Challenges  Business Challenges Expensive Need more resources to manage – security DBA Need additional hardware and processing capabilities  Solution Challenges Legacy application changes Performance Issues Application integration Key Management-Encryption

Solution requirements  Native DB Security Tools  Third party tools – Protegrity, Vormetric, Voltage etc..  Additional Hardware  Resources- Security DBA, Hardware maintenance etc …

Recommendations  Trade-off between security and performance  Apply appropriate security strategy keeping performance and data flow in mind  Separation of Environments  Encryption-Separate DB from Key storage location

Questions