Post on 08-Aug-2018
transcript
8/22/2019 Chap05Database Administration and Security
1/24
Pearson Education Limited,2004 1
Chapter 5
Database Administration and
SecurityTransparencies
8/22/2019 Chap05Database Administration and Security
2/24
Pearson Education Limited,2004 2
Chapter 5 - Objectives The distinction between data
administration and database
administration.
The purpose and tasks associatedwith data administration and
database administration. The scope of database security.
8/22/2019 Chap05Database Administration and Security
3/24
Pearson Education Limited,2004 3
Chapter 5 - Objectives Why database security is a serious
concern for an organization.
The type of threats that can affect adatabase system.
How to protect a computer system
using computer-based controls.
8/22/2019 Chap05Database Administration and Security
4/24
Pearson Education Limited,2004 4
Data administration and
database administration
Data Administrator (DA) and DatabaseAdministrator (DBA) are responsible
for managing and controllingactivities associated with corporatedata and corporate database,
respectively. DA is more concerned with early
stages of lifecycle and DBA is more
concerned with later stages.
8/22/2019 Chap05Database Administration and Security
5/24
Pearson Education Limited,2004 5
Data administration Management and control of corporate
data, including: database planning
development and maintenance ofstandards, policies, and procedures
conceptual and logical database design
8/22/2019 Chap05Database Administration and Security
6/24
Pearson Education Limited,2004 6
Data administration tasks
8/22/2019 Chap05Database Administration and Security
7/24
Pearson Education Limited,2004 7
Database administration Management and control of physical
realization of a database system,including:
physical database design andimplementation
setting security and integrity controls
monitoring system performance
reorganizing the database
8/22/2019 Chap05Database Administration and Security
8/24
Pearson Education Limited,2004 8
Database administration
tasks
8/22/2019 Chap05Database Administration and Security
9/24
Pearson Education Limited,2004 9
Comparison of data and
database administration
8/22/2019 Chap05Database Administration and Security
10/24
Pearson Education Limited,2004 10
Database security Mechanisms that protect the
database against intentional or
accidental threats. Not only apply to the data held in a
database. Breaches of security may
affect other parts of the system,which may in turn affect thedatabase.
8/22/2019 Chap05Database Administration and Security
11/24
Pearson Education Limited,
2004 11
Database security Includes hardware, software, people,
and data.
Growing importance of security is theincreasing amounts of crucialcorporate data being stored on
computer.
8/22/2019 Chap05Database Administration and Security
12/24
Pearson Education Limited,
2004 12
Database security Outcomes to avoid:
theft and fraud
loss of confidentiality (secrecy)
loss of privacy
loss of integrity
loss of availability
8/22/2019 Chap05Database Administration and Security
13/24
Pearson Education Limited,
2004 13
Database security Threat
Any situation or event, whether
intentional or unintentional, that mayadversely affect a system andconsequently the organization.
8/22/2019 Chap05Database Administration and Security
14/24
Pearson Education Limited,
2004 14
Examples of threats andpossible outcomes
8/22/2019 Chap05Database Administration and Security
15/24
Pearson Education Limited,
2004 15
Summary of threats tocomputer systems
8/22/2019 Chap05Database Administration and Security
16/24
Pearson Education Limited,
2004 16
Typical multi-user computerenvironment
8/22/2019 Chap05Database Administration and Security
17/24
Pearson Education Limited,
2004 17
Countermeasures computer-based controls
authorization
views
backup and recovery
integrity
encryption Redundant array of independent
disks (RAID)
8/22/2019 Chap05Database Administration and Security
18/24
Pearson Education Limited,
2004 18
Countermeasures computer-based controls
Authorization
The granting of a right or privilege that
enables a subject to have legitimateaccess to a database system or adatabase systems object.
Authentication A mechanism that determines whether a
user is, who he or she claims to be.
8/22/2019 Chap05Database Administration and Security
19/24
Pearson Education Limited,
2004 19
Countermeasures computer-based controls
View
A view is a virtual table that does not
necessarily exist in the database but canbe produced upon request by aparticular user, at the time of request.
8/22/2019 Chap05Database Administration and Security
20/24
Pearson Education Limited,
2004 20
Countermeasures computer-based controls
Backup
Process of periodically taking a copy of the
database and log file (and possiblyprograms) onto offline storage media.
Journaling
Process of keeping and maintaining a logfile (or journal) of all changes made todatabase to enable recovery to beundertaken effectively in the event of
failure.
8/22/2019 Chap05Database Administration and Security
21/24
Pearson Education Limited,
2004 21
Countermeasures computer-based controls
Integrity
Prevents data from becoming invalid,
and hence giving misleading or incorrectresults.
Encryption
Encoding the data by a special algorithmthat renders the data unreadable by anyprogram without the decryption key.
8/22/2019 Chap05Database Administration and Security
22/24
Pearson Education Limited,
2004 22
Redundant array ofindependent disks (RAID)
Hardware that the DBMS runs on mustbefault-tolerant, meaning that the
DBMS should continue to operateeven if one of the hardwarecomponents fails.
Suggests having redundantcomponents that can be seamlesslyintegrated into the working system
whenever there are failures.
8/22/2019 Chap05Database Administration and Security
23/24
Pearson Education Limited,
2004 23
Redundant array ofindependent disks (RAID)
The main hardware components thatshould be fault-tolerant include disk
drives, disk controllers, CPU, powersupplies, and cooling fans.
Disk drives are the most vulnerable
components with the shortest timesbetween failure of any of thehardware components.
8/22/2019 Chap05Database Administration and Security
24/24
Pearson Education Limited,
2004 24
Redundant array ofindependent disks (RAID)
One solution is to provide a large diskarray comprising an arrangement of
several independent disks that areorganized to improve reliability andat the same time increase
performance.