Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

Slides:

Advertisements

Similar presentations

DMZ (De-Militarized Zone)

Advertisements

DMZ (De-Militarized Zone)

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Information System Security. Outline  Oracle Vulnerabilities  Oracle Security Assessment 2 Information System Security - Week 10.

Chapter 12 Network Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Installing Samba Vicki Insixiengmay Jonathan Krieger.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Telnet/SSH: Connecting to Hosts Internet Technology1.

Intranet, Extranet, Firewall. Intranet and Extranet.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Computation for Physics 計算物理概論 Introduction to Linux.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Web Server Administration Chapter 10 Securing the Web Environment.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Honeypot and Intrusion Detection System

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

Learningcomputer.com SQL Server 2008 Configuration Manager.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Module 5: Configuring Access for Remote Clients and Networks.

User Access to Router Securing Access.

INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.

CHAPTER 9 Sniffing.

File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.

REMOTE LOGIN. TEAM MEMBERS AMULYA GURURAJ 1MS07IS006 AMULYA GURURAJ 1MS07IS006 BHARGAVI C.S 1MS07IS013 BHARGAVI C.S 1MS07IS013 MEGHANA N. 1MS07IS050 MEGHANA.

Module 5: Designing Security for Internal Networks.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

Module 11: Designing Security for Network Perimeters.

Network Security & Accounting

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

Module 10: Windows Firewall and Caching Fundamentals.

Introduction to Secure Shell Greg Porter Data Processing Manager USPFO For California.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

1 Example security systems n Kerberos n Secure shell.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct

19 Copyright © 2008, Oracle. All rights reserved. Security.

Ssh: secure shell.

Introduction to Networking

Chapter 27: System Security

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

Computer Security Distributed System Security

– Chapter 3 – Device Security (B)

Network hardening Chapter 14.

Designing IIS Security (IIS – Internet Information Service)

Computer Networks Protocols

Presentation transcript:

Database Security David Nguyen

Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information is critical to success of a business

Analyzing the threat  Internet access  Port access  Server access  Network access

Internet access  If hackers can guess the IP address of a server, they can telnet to the server and get a login prompt. At this point, all they need is a user ID and password to gain access to the server

Port access  All Web applications are configured to listen on a predefined port for incoming connections, and they generally use a listener daemon process to poll for connections.

Server access  A four-tiered Web application incorporates a series of Web servers, application servers, and database servers. Each of these servers presents a potential point of entry, and if remote shell access is enabled, a hacker that gets access to a single database may get access to many servers.

Network access  OracleNet, as an example, allows for incoming connect strings to the Oracle listener process. If hackers know the port, IP address, Oracle ID, and password, they can gain direct access to the database.

Countermeasures  Restricting server access  Server account disabling  Trusted IP addresses  Restricting database access  Authentication of users

Restricting server access  Some companies use domain servers to restrict server access to specified users. However, hackers still might intercept user IDs and passwords. To prevent this, many companies employ tools that utilise secure shell (ssh) technologies to encrypt external Internet communications.

Trusted IP addresses  UNIX servers are configured to answer only pings from a list of “trusted” hosts. In UNIX, one can restrict server access to a list of specific users

Server account disabling  If you suspend the server ID after three password attempts, attackers are thwarted. Without user ID suspension, an attacker can run a program that generates millions of passwords until it guesses the user ID and password combination.

Authentication of users  Kerberos security  Virtual private databases  Role-based security  Grant-execute security  Port access security

Kerberos security  Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography

Virtual private databases  VPD technology can restrict access to selected rows of tables

Role-based security  Object privileges can be grouped into roles, which can then be assigned to specific users

Grant-execute security  Execution privileges on procedures can be tightly coupled to users. When a user executes the procedures, they gain database access, but only within the scope of the procedure

Port access security  All Oracle applications are directed to listen at a specific port number on the server. Like any standard HTTP server, the Oracle Web Listener can be configured to restrict access

Conclusion  Allowing outside access to critical applications creates vulnerabilities to a company’s security  These threats need to be dealt with due to the importance of the information