Database security: The sanctity of information

The term database security refers to all activity related to keeping a body of information safe from unintended access or alternation. It covers unauthorized access, manipulation, misuse and corruption, and even unwitting errors by authorized personnel or programs that may either affect the integrity of the data, or compromise the information contained in the database.

Understanding the basics of database securityDatabase Security

As broad classifications for the purpose of gaining a low level understanding, data security can refer to internal and external access to information; here is a brief look at each type, with security measures currently in vogue.

Internal access

As far as local access goes, there are several measures such as authentication and permissions, to name just two. Within a local network, authentication is required to confirm the identity of the computer or person accessing the database. This typically happens in two or more steps. First, the system will ask the user for a unique identity tag, such as a user name or an account number. Once this is input, the system will require that you prove that you have the authority to use that tag – this is usually a password or personal identification number, or PIN, which ideally only the user should have knowledge of. In some cases, there may be an additional step such as asking a pre-decided security question that only the authorized user will have access to. Passwords and such unique information is usually stored in an authentication server, or can be stored in a local password database.

External access

Network access poses a greater challenge simply because of the higher number of variables. To maintain database security against external infiltration, a number of solutions exist: firewalls, routers, and devices such as network and host-based intrusion detection systems. However, database security research is always on the move, and the applications and devices that are used today may be obsolete tomorrow; as security breaches increase in effectiveness, so do counter-measures.

Database security design

Database security, ideally, should start with the setting up of standards appropriate to the database platform. Once a set of best practices has been created and published, it can be linked to upper level policies and regulatory compliance. This, in some measure, ensures that the security system is designed from the bottom up.

Evaluation and monitoring

Evaluating database security is a critical part of setting up standard protocol. There are two approaches to this, one leading to the other. Vulnerability assessment is the precursor to compliance monitoring. The former allows database administrators to find gaps in the security system that can be used to modify security standards, while the latter ensures that the measures are indeed effective in thwarting unwanted access or modification.

Database activity monitoring, or DAM, is an added layer of security that either analyzes network traffic or local server activity, or in some cases, both. Such systems leave an audit trail that can be used to isolate suspicious activity and sometimes to terminate or quarantine users who may be considered security threats. Certain DAM systems are also designed to facilitate separation of duties, while excluding database administrators from DAM disablement or alteration. In such cases, the audit trail is necessarily located in a server that is inaccessible to the database administrator group included in the activity monitoring. It is merely an attempt to take monitoring to the next level.

In some cases, a native audit capability is incorporated into the system, which captures activity data and sends it to a secure system to which the administrators don't have access. However, switching on native audit on database platforms can negatively impact server performance. An alternative to this is the network level host-based monitoring system, which ensures an enhanced confidentiality factor for forensic analysis.

Database security: Plan B, C, and so on

Finally, a very important part of any database security protocol – back-up. Part of a disaster recovery system is to maintain duplicate databases at other geographical locations to mitigate the effects of an outage or security incident and maintain uninterrupted service to the users. This is especially important where the database is required for mission critical applications like financial and banking systems.