StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Potential Threats to the Database - Case Study Example

Cite this document
Summary
This research will begin with the statement that a database is a collection of interrelated files. Presently all the corporations run their business through the database technology. Additionally, this technology component has become a vital part of almost every business and corporation…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.3% of users find it useful
Potential Threats to the Database
Read Text Preview

Extract of sample "Potential Threats to the Database"

Potential Threats to the Database and Ways to Ensure Database Security Table of Contents 1- Introduction A database is a collection of interrelated files. Presently all the corporations run their business through the database technology. Additionally, this technology component has become a vital part of almost every business and corporation. However, with the increase in use of the databases, the rate of attacks against these databases has as well increased. Thus, at the present, there are a lot of issues and scenarios that can crate serious problems to the security and confidentiality of the data. Just as a corporation locks file cabinets having necessary data files and documents should be protected. In the same way, database security needs a bit more consideration and up-front endeavor than physical security; however it is necessary to stop data theft and corruption (Fulkerson et al., 2002; Lunt & Fernandez, 1990; Anjard, 1994). This paper presents a detailed analysis of the potential threats to the database as well as ways of ensuring database security. The aim of this research is to discuss the threats that can create problems for the security of databases and present the ways or techniques that can be adopted to ensure the security of databases. 2- Database Attacks! Main Reasons Databases require having higher level of security to defend against malicious and accidental threats. In this scenario, a threat is some kind of situation that can badly affect the database system and data inside it. Additionally, the attacks on database are increasing day by day due to improvements in technology and online web. However, there is an important question that is “what is the cause behind database attacks?”. The answer to this question is increase in access to data stored in databases. For instance, the data stored in a database is accessed by a number of people (employees, customers etc), thus the probability of data theft augments. However, another reason of database attack can be earning money by selling sensitive business, personal or economic information such as social security numbers, credit card numbers. This can be done by hackers or corporation’s employees (Anuramn, 2010; Castano et al., 1995; Beaver, 2010; Hoffer et al., 2007, p.500). 3- Main Database security Threats and Sources of threats The database is typically assumed to be trustworthy. Additionally, the objective behind this assumption is to achieve security in opposition to outside attacks and also against users trying to attain information outside their rights. In addition, the issues and threats to data security mean security threats to the database. In this scenario, a person (employee, customer, or hacker) who is able to access a database can peruse, change, or even steal the data. Thus, focusing only on database security is not enough to ensure the database security. However, all the elements of the corporation should be confined, such as database, the network, the operating system, employees who have any chance to use the system, and the building(s) in which the database exists actually (Maurer, 2004; Hoffer et al., 2007, p.500). 4- Types of database security threats and Ways of ensuring database security This section presents some important database security threats. This section will outline the security threats and ways to ensure database security. 4.1- Database root-kits The root-kit is an application program or written procedure that is placed deliberately inside the database using some hidden means. Additionally, this program presents a number of administrator-level rights to access and retrieve secret data in the database. In addition, these root-kits can turn off alerts triggered through some attached IPS (Intrusion Prevention Systems). The solution is to install root-kit software simply after compromising the fundamental operating system security access. Moreover, this is able to be avoided through periodical audit trails (Anuramn, 2010). 4.2- Operating System vulnerabilities Outsider attacks and vulnerabilities in fundamental operating systems like that UNIX, Windows, Linux, etc., as well as the services that are connected to the databases could cause illegal access to database. Additionally, this can take to a DoS (Denial of Service) attack. However, this could be prohibited by updating the operating system associated security patches that are obtainable in case of any problem acceptance as when they become available (Anuramn, 2010). 4.3- Privilege abuse The database users are offered with privileges according to their day-to-day job conditions; however, they can use these privileges in wrong way. Also, this can be done unintentionally or intentionally. For instance, a corporation assigns a “work from home” choice to its workers as well as the worker takes a backup of important and sensitive business data to work from his home. Thus, this not simply breaches the security policies of the company but also breaks data security if the business system at home is compromised. In this scenario to establish a tight security practice there is need to carry out strict authentication policy, which offers some restricted options to its employees in handling the system (Anuramn, 2010). 4.4- Weak authentication The weak authentication of database allows attackers to apply strategies like that social engineering and brute force to acquire database login credentials and identity of legal database users. However, to deal with these issues, there are tight procedures such as especial login procedures to databases and proper rights to users of database (Ponemon, 2007; Anuramn, 2010; Shulman, 2007). 4.5- Weak audit trails There is another reason of the security threat that is weak audit logging system in a database server that signifies a critical risk to a corporation particularly in financial, retail, healthcare, and other businesses through inflexible regulatory compliance. In this scenario, the Audit trails take action as the last line of database protection. Additionally, the Audit trails are able to identify the existence of an infringement that could facilitate trace back the abuse to a particular point of time as well as a particular user (Shulman, 2007). Conclusion Since the databases are precious and important to the businesses thus they need to be protected. In the past, the techniques of personal identification numbers (PINs) and passwords have been used to authorize the access to databases and still these methods are in use. Additionally, the databases can also be protected by some efforts for instance upholding physical security and training and guiding users (such as employees, customer, and vendors) about security. On the other hand, at the present, computer crimes have become biggest challenge and modern tools and technologies are making it simple to access, retrieve, and distribute a huge amount of data and information, both public and private databases, thus they need better ways to protect these databases through authorized ways. Moreover, illegal access to databases is the main reason of significant damage to commercial interests (Gallegos, 2000). This paper has presented a detailed analysis of some of the main aspects regarding the potential threats to the database and ways of ensuring database security. This paper has outlined some important aspects that can cause potential risks to the database security. This paper has also suggested initiatives and ways to protect the database. 6- Bibliography Anjard, R.P., 1994. The Basics of Database Management Systems (DBMS). Industrial Management & Data Systems, 94(5), pp.11-15. Anuramn, 2010. Threats to Database Security. [Online] Available at: http://www.brighthub.com/computing/smb-security/articles/61554.aspx [Accessed 03 May 2010]. Beaver, K., 2010. Database security threats include unruly insiders. [Online] Available at: http://searchsqlserver.techtarget.com/tip/Database-security-threats-include-unruly-insiders [Accessed 02 May 2010]. Castano, S., Fugini, M.G., Martella, G. & Samarati, P., 1995. Database security. New York: Addison-Wesley. ComputingStudents.com, 2009. Database Security Threats and Countermeasures. [Online] Available at: http://www.computingstudents.com/notes/database_systems/database_security_threats_countermeasures.php [Accessed 01 May 2010]. Fulkerson, C.L., Gonsoulin, M.A. & Walz, D.B., 2002. Database Security. Strategic Finance, 84(6), pp.48-53. Gallegos, F., 2000. Database Protection: Selected legal and technical issues. Information Systems Security, 9(1), p.44. Hoffer, J.A., Prescott, M.B. & McFadden, F.R., 2007. Modern Database Management, Eighth Edition. New York: Pearson Education, Inc. Lunt, T.F. & Fernandez, E.B., 1990. Database Security. ACM SIGMOD Record, 19(4), pp.90-97. Maurer, U., 2004. The role of cryptography in database security. In International Conference on Management of Data, Proceedings of the 2004 ACM SIGMOD international conference on Management of data. Paris, France, 2004. ACM New York, USA. Ponemon, L., 2007. Database Security 2007: Threats and Priorities within IT Database Infrastructure. Traverse City: Ponemon Institute, LLC Ponemon Institute. Secerno, 2006. External Threats to your Data. [Online] Available at: http://www.secerno.com/?pg=threats-to-data [Accessed 01 May 2010]. Shulman, A., 2007. Top Ten Database Security Threats, How to Mitigate the Most Significant Database Vulnerabilities. White Paper. Foster City: Imperva, Inc. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Potential Threats to the Database Case Study Example | Topics and Well Written Essays - 1250 words, n.d.)
Potential Threats to the Database Case Study Example | Topics and Well Written Essays - 1250 words. https://studentshare.org/information-technology/1737323-data-base
(Potential Threats to the Database Case Study Example | Topics and Well Written Essays - 1250 Words)
Potential Threats to the Database Case Study Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1737323-data-base.
“Potential Threats to the Database Case Study Example | Topics and Well Written Essays - 1250 Words”. https://studentshare.org/information-technology/1737323-data-base.
  • Cited: 0 times

CHECK THESE SAMPLES OF Potential Threats to the Database

The Current Position of CanadaCo and the Potential Threats

The SWOT analysis has given a clear picture of the current position of CanadaCo and also the potential challenges it has to face in the future due to the recent course of events.... The report then critically evaluates the various options available for CanadaCo and whether CanadaCo should pursue any of the opportunities and the rationale behind the… Currently, CanadaCo is the largest discount retailer in Canada with 500 stores while the second largest retailer (who has been bought out by UsCo) has only 300 stores....
4 Pages (1000 words) Essay

Information Management and Statistics, Component A - Case Study Assessment

the database is administered by an expert who engineered it; he has become part of the data management team.... The use of a database is an effective way of storing data about a certain aspect at once.... Databases in the bank allows for instant changes in the data thus affecting the whole database and not just changing file by file.... However, the threat to potential customer's personal financial data is high since such information held by the various organizations in databases is at risk certainly from This paper discusses how chase bank manages their data so as not to hurt their dear customers in the human resources department....
12 Pages (3000 words) Essay

Q1 - Using Knowledge & skills to Assess Usage of Web Technologies in Your organization

ConclusionFrom the above discussion, it is clear that the combined use of IT and management skills would assist an organization to strengthen its database and network security, and enlighten employees to avoid practices that would increase the firm's vulnerability to data theft/loss.... Reports indicate that inappropriate data management practices by employees is one of the major problems making sensitive customer/management data vulnerable to external security threats (Cisco, n....
2 Pages (500 words) Essay

RCP 3 Chapter 3

This measure is appropriate because a larger number of malicious users of database systems are found among this user category (Meghanathan & CNSA, 2010).... In view of the numerous information assets that it already owns, Data Mart has no reason to be left out of the organizations already embracing the principle of least privilege....
3 Pages (750 words) Coursework

The Impact of Privacy on the Society

Although some of the actions that are routinely taken by the government such as compelling individuals to identify themselves, database profiling, and conducting physical searches on people's home can be argued to be done with good intentions, some government actions such as genetic testing and surveillance can be deemed as being an infringement on the society's privacy.... Despite the need for increased privacy, a number of ethical concerns have been raised as a result of unnecessary government surveillance and privacy threats in the market as companies force customers to provide personal details when making some purchases....
2 Pages (500 words) Assignment

Companys Business Foundation and Deliberate Threats to Information Systems

These two threats to the foundation of a company are specific in threatening the company's survival as both a sustainable entity and a competitive rival to other companies as well.... The reporter answers several questions, for example, what do you see as the three biggest threats to corporate cybersecurity that CSOs should be aware of?... Case StudyWhat do you see as the three biggest threats to corporate cyber security that CSOs should be aware of?...
2 Pages (500 words) Assignment

Data and Information in a Company - Essential Facilities That Should Be Properly Maintained and Protected

nbsp; This essay is an evaluation of the threats to the company's assets and the most common vulnerabilities from the current operations and by introducing teleworking for its employees.... This paper "Data and Information in a Company - Essential Facilities That Should Be Properly Maintained and Protected" focuses on the fact that information refers to processing data that helps in decision making....
8 Pages (2000 words) Essay

Illegal Physical and Internet Intrusion

The Deputy Commissioner and internal control officer of the Massachusetts Department of Revenue John Moynihan are said to have quoted as follows about the threats to the data of an organization:  "Any organization that collects data has to acknowledge that people are abusing it because they have access to it .... Furthermore, it throws light upon what might be the physical or Internet-based threats to an organization's database.... It highlights what measures could be taken to keep the data within the organization's database secure from any kind of physical and Internet intrusions....
5 Pages (1250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us