13th October 2016

Unit 1 Objective  To expose students to security management issues handled by Database System Administrators.

Learning outcome 

We expect clear understanding of basic security issues.

Advantages of Using Databases  Shared Access – …so that many users can use one common, centralized set of data.  Minimal Redundancy – Individual users do not have to collect and maintain their own sets of data.  Data Consistency – A change to a data value affects all users of that data value to avoid discrepancy.  Data Integrity – It helps track any accidental or malicious incorrect changes of data.  Controlled Access – …so that only authorized users are allowed to view or modify data values. 3

A dependable and trusted system should include: ◦ Confidentiality: No unauthorized disclosure of information ◦ Integrity: No accidental or malicious alterations of information have been performed (even by authorized entities) ◦ Availability: Accessible and usable upon demand for authorized entities ◦ Reliability: Continuity of service delivery ◦ Safety: Very low probability of catastrophes

Four types of security threats: ◦ Interception refers to the situation that an unauthorized party has gained access to a service or data. ◦ Interruption refers to the situation in which services or data become unavailable, unusable, or destroyed.

◦ Modifications involve unauthorized changing of existing data or tampering with a service. ◦ Fabrication refers to the situation in which additional data or activity are generated that originally did not exist.

◦ Interception  Transmission Channel: Reading the content of transferred messages  Database Object: Reading the data contained in an object

◦ Interruption  Transmission Channel: Preventing message transfer  Database Object: Denial of service

◦ Modification  Transmission Channel: Changing message content  Database Object: Changing an object's encapsulated data

◦ Fabrication

 Transmission Channel: Inserting messages  Database Object: Spoofing an object . Spoof is to imitate or exaggerate.

A security policy describes precisely which actions are allowed and which are prohibited.

To protect against security threats, we have a number of security mechanisms at our disposal:

◦ Encryption: Transform data into something that an attacker cannot understand (confidentiality). It is also used to check whether something has been modified (integrity). ◦ Authentication: Verify the claim that a subject says it is : verifying the identity of a subject. (username & password, cards, eye/retina scans, voice recognition, and fingerprints) ◦ Authorization: After Authentication; Determining whether a subject is permitted to make use of certain data in the system or services.

◦ Auditing: Trace which subjects accessed what, and in which way. Useful only if it can help catch an attacker. Log tray •

NB: Authorization makes sense only if the requesting subject has been authenticated.

Plaintext: The original form of the message that is sent is called the plaintext (P). • Ciphertext: The encrypted form of the plaintext is referred to as the Cipher text (C). • Cryptography: The field of study on data or information encryption (closing) and decryption(opening) techniques. •

Why Ciphertext is relevant? To prevent intruders/hackers ◦ Passive intruder only listens to messages in transmission ◦ Active intruder can alter messages before destination. ◦ Active intruder can insert messages before destination.

Symmetric (secret-key) system: Use a single key to (1) encrypt the plaintext and (2) decrypt the ciphertext. Requires that sender and receiver share the secret key. Asymmetric (public-key) system: Use different keys for encryption and decryption, of which one is private, and the other public. Hashing system: Only encrypt data and produce a fixedlength digest. There is no decryption; only comparison is possible. In simple terms you do not want the intruder to observe the whole format of the key; so you devide the key string/length into two. The authorised user may only need the short key and add it to the hidden key when message is received to view

Harvard ManageMentor: Organizing Your Presentation

 Case Study: Class Discussion 15minutes ATF Company ethically sacked their Database Administrator on sexual harassment; although there was no clear cut HR Policy on that issue. On Friday 3:30pm, the HR Director issued dismissal letter. Two days afterwards, the disgruntled employee logged-in to employer online database to compromise data integrity. Before Legal redress on the dismissal, employee used the unauthorized Access to add 10% increment to the annual salary figures recorded in the payroll system for the past 15-years of the employment contract to increase expected compensation. 1. Discuss the case in relation to Database compromises or threats 2. Propose mechanisms from different perspectives to protect future violations. 3. Who should answer the violations; HR, DBA or IT Head?


Next Week 9

Data Management & DBA Roles

13th October 2016 -

Transmission Channel: Preventing message transfer. Database Object: Denial of ... is referred to as the Cipher text (C). • Cryptography: The field of ... disgruntled employee logged-in to employer online database to compromise data integrity.

1MB Sizes 1 Downloads 283 Views

Recommend Documents

October 2016 -
to continue this dialogue with their organisations, communities and universities. Key messages included: ... Uta Dietrich. Research Fellow, United Nations University - International Institute for Global Health,. Malaysia ...... The UN MGCY demands th

October 2016.pdf
Summit & Expo for education. Find out more about BETT Asia. Summit here. BETT Asia 2016 Press Briefing. “The session was very. informative &. interactive”.

october 2016 newsletter.pdf
and a letter home to the parents about the pro- gram. VOLUNTEERS NEEDED FOR November 3rd and 4th. between 11:30 and 1:45. Please call the PCNC at.

october 2016.pdf
... to transfer $1000 from the TZ PTO Savings account to TZ PTO. Checking, to cover expenses. The bank actually pulled $1000 from Jana's personal savings on.

October 2016 Bulletin.pdf
There are 600 plus leaders in the H & C Region and 4000 odd in NSW. Ask any one ... Allan George Group Leader from 1st. Paterson/Bolwarra Scout Group on.

October 03, 2016
Oct 3, 2016 - October 03, 2016. Page 3. October 03, 2016. Page 4. October 03, 2016. Page 5. October 03, 2016. SMART Document Camera. Ensure that a SMART Document Camera is connected and isn't in use in another application. Page 6. October 03, 2016. P

2016 October Newsletter.pdf
Oct 20, 2016 - to update their child's health information, family. phone numbers, emergency contact numbers and. email accounts online. Simply click on the ...

2016 October Newsletter.pdf
our Early Childhood Special Education Support, and Ms. Zillmer has taken on the role as 3K/4K Lead Teacher. We have also welcomed Mrs. Hummel for music, ...

October 2016 Newsletter.pdf
Eastview's Flag Etiquette Region- al News Article. #IMWAYR (It's ... Twitter:: @EVEagles. Follow our ... Main menu. Displaying October 2016 Newsletter.pdf.

Adds from October 1 - October 10, 2016.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Adds from ...

October 2016 Newsletter.pdf
Page 1 of 1. Page 1 of 1. October 2016 Newsletter.pdf. October 2016 Newsletter.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying October 2016 Newsletter.pdf. Page 1 of 1.

october 2016.pdf
Administrator's Message Halloween Parade. Shout Out. Thank you to all the volunteers. who came out to help make. Picture Day a success! We. couldn't do it ...

Adds from October 21 - October 30, 2016.pdf
Oct 30, 2016 - There was a problem loading this page. Retrying... Adds from October 21 - October 30, 2016.pdf. Adds from October 21 - October 30, 2016.pdf.

Adds from October 11 - October 20, 2016.pdf
Oct 20, 2016 - There was a problem loading this page. Retrying... Adds from October 11 - October 20, 2016.pdf. Adds from October 11 - October 20, 2016.pdf.

[Pay Cell] DEPARTMENT GOMs.No.305, Dated 13th October 2017.
Oct 13, 2017 - -oOo-. ORDER: The Official Committee, 2017 constituted to examine revision of pay and allowances has inter-alia made recommendations ...

October 25, 2016 regular meeting.pdf
Weirick, Betsy Clapp, Severo Lara and Randy Haney. Also present were: City Manager. Steve McClary, City Attorney Matthew Summers and Amber Young, ...

27 October 2016.pdf
ßv±üËß ÎßÂëÂ× öÂûþ Îðà±Ëò±õþ Îû±áÉ ÷Ëò ßÂËõþ ò±- ü÷±æ ò±, õþ±©† ̃. ò±, Û¶¿î‡±ò ò±, ñ÷Ç ò±, ¿òËðòÂóË Û¶¿îÂËõúÏÝ ò±/ Õ±õþ Û. õɱÂó±Ëõþ ...

October 7th 2016.pdf
fund-raise to support special events and projects at Brendel. ... often and it helps ... and phone calls ... Please call the ... for free or reduced price meals for this school year, there is no further action needed. If ... Displaying October 7th 20

October Menu 2016 4 week.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. October Menu ...

MIS October - 2016.pdf
Page 1. MIS October - 2016.pdf. MIS October - 2016.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying MIS October - 2016.pdf. Page 1 of 1.

October 17-21 2016.pdf
Page 1 of 2. Northwood Middle School. Weekly Planner. Jennifer Steadman. For Week Ending: October 21, 2016 Email: [email protected] ...

October 2016 Game Bag.pdf
minor population of smallmouth bass, the. record of which .... 11508 Carl Road, Creedmoor, Texas 78610. The primary ... October 2016 Game Bag.pdf. October ...

Walt Prouty, Also present were Councilmen John Hubbard, Joe Borst, and Erik Holmberg, Town. Clerk James Vangalio, Deputy Town Clerk Michele Vangalio, Highway Superintendent Jack. Wickham, Town Attorney Steven Getman, members of the press and other in

October 2016 Employee Newsletter.pdf
... brothers and sisters,. and children. Next, you may want to talk to grandparents, uncles and aunts,. nieces and nephews, and half-brothers and half-sisters.