...Maximum Security in Database Management Maximum Security in Database Management Rackspace Introduction In the current world there people and organization experience un-eventualities and risk of their confidential information. My organization, Rackspace, is a hosting and cloud system organization. For this company it is vital that information is stored in data bases that are run by organizations, locally hosted on personal computers. Intruders can access this information if it is not properly secured. Therefore the purpose of this study is to inform about the current savvy technologies that can be applied to completely thwart intruders from accessing such delicate information within Rackspace. Part 1: Project Identification and Business Environment For this project to go on in a smooth and effective manner different individuals must carry on certain specified task. For Rackspace, this means that every person must hold on to a responsibility to properly and pursue it to the end. Some of the responsibilities are interdepended and other are depended. In case of an interdependent responsibility there will be a proper communicated channel of events that will ensure that information is traversed from one source to another to smoothen up events. Therefore, the following a list of responsible individuals who will implement the process of securing the database of an organization. Company Chief Executive Officer Responsible for overseeing the success of...
Words: 3927 - Pages: 16
...CSS330-1502A-01 Database Security Individual Project Key Assignment Chris Pangburn 27 April, 2015 Table of Contents Week 1: Database Security Architecture 4 Differentiate between a Database Management System and a database 4 Network Infrastructure for the best security posture 4 Additional Security mechanisms to protect the Database Server 6 Week 2: User Account Security 7 Creating Schemas 7 Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists 7 Creating Views 10 Week 3: Database Vulnerabilities 11 Description of tools used to perform scans 11 Scan Information 11 False Positive Information 12 Discuss SQL injection attack 12 Week 4: Auditing Techniques 14 Security hardened network design 14 Research of auditing features 14 Description of a trigger 14 Implementation of auditing 14 Week 5: Auditing Policies 15 Write SQL 15 Report based on access 15 Report based on system privileged 15 Audit report showing connection details 15 Report showing object access 15 References 16 Week 1: Database Security Architecture Differentiate between a Database Management System and a database Databases at their essence are nothing more than a collection of organized information (Mullins, 2013). A database can contain stored procedures, tables, fields, indexes, functions, views, security, and many other objects. Relationships between the data can be created which brings more meaning to how the data can be...
Words: 1807 - Pages: 8
...mandatory access control, discretionary access control and role-based access control. Discretionary (DAC) The creator of a file is the ‘owner’ and can grant ownership to others. Access control is at the discretion of the owner. Most common implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC) Much more structured. Is based on security labels and classifications. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made by management, configured by the administrators and enforced by the operating system. Mandatory access control is required for the Orange Book “B” Level. Role-Based (RBAC) Continually administered set of controls by role within organization. Access rights assigned to roles – not directly to users. Roles are tighter controlled than groups - a user can only have one role. Can use different types of RBAC Role-based Role within organization. Task-based Specific task assigned to the user. Lattice-based Upper and Lower bounds Access Control Techniques and Technologies Once a company decides on the access control model to use, the technologies and techniques to implement that model need to be determined Role-based Can be used with MAC – Labels assigned to roles. Or with non-discretionary controls such as NT Groups. Rule-based Example - Router or firewall rules – user cannot change...
Words: 1719 - Pages: 7
...SQL Server 2012 Security Best Practices - Operational and Administrative Tasks SQL Server White Paper Author: Bob Beauchemin, SQLskills Technical Reviewers: Darmadi Komo, Jack Richins, Devendra Tiwari Published: January 2012 Applies to: SQL Server 2012 and SQL Server 2014 Summary: Security is a crucial part of any mission-critical application. This paper describes best practices for setting up and maintaining security in SQL Server 2012. Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual...
Words: 15647 - Pages: 63
...Vulnerabilities and Countermeasures.……………..…………..3 Section II: Recommended Changes to Security Management Policies………...……………..7 Section III: Adaption of Requirements to Reduce Security Risk……….……………....…......11 Conclusion. …………………………………….…………………………………….…21 References ……………………………………………………………...………………23 Introduction There are multiple benefits of electronic health records (EHR), which include improved care, quicker access to patient files, and increased physician oversight of care. However, with the benefit of convenience of using EHRs, comes the responsibility of protecting electronic protected health information (ePHI) and safeguarding sensitive patient data. The Health Insurance Portability and Accountability Act (HIPAA) focuses on protecting ePHI with guidelines to ensure organizations have implemented “reasonable and appropriate” security measures to adhere to HIPAA rules and maintain patient confidentiality. HIPAA requires covered entities to conduct risk assessments to verify compliance and attempt to uncover areas where ePHI is at risk of compromise. This analysis of the iTrust database, as related to the new requirements that iTrust wishes to implement, will discuss the threats and vulnerabilities and the potential impact on the iTrust web application and database. Section I: iTrust Threats & Vulnerabilities and Countermeasures A detailed analysis of the iTrust database detected several high-risk vulnerabilities that...
Words: 5631 - Pages: 23
...National Instituate of Technology,Rourkela Department of Computer Science and Engineering Term Paper on Directions for Web and E-Commerce Applications Security SupervisorProf.P.M. Khilar Submitted byDinesh Shende Roll No-212CS2102 M.Tech(1st year) Directions for Web and E-Commerce Applications Security Abstract: This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and e-commerce applications are discussed. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the e-commerce site itself. Another threat may originate at ostensibly friendly companies such as DoubleClick, MemberWorks and similar firms that collect customer information and route it to other firms. Much of this transaction information is able to be associated with a specific person making these seemingly friendly actions potential threats to consumer privacy. Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and server...
Words: 3283 - Pages: 14
...up-to-dated and secured in proper way to allow scalability, availability, confidentiality and accessibility. (CIS050-6/CIS008-6: Assignment paper, 2014) Directory server DirX Lightweight Directory Access Protocol (LDAP) is a protocol that used on internet to fetch information from servers. LDAP can be used in accessing data by using a role of the user; also it allows permissions to access network resources such as printers. It used also to control contacts information specially emails. It supports single identification for any user among various databases. DirX Directory...
Words: 1278 - Pages: 6
...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities that...
Words: 2085 - Pages: 9
...5 2 Management Overview 5 2.1 Problem Statement 5 2.2 Description of Implementation 6 2.3 Points-of-Contact 6 2.4 Major Tasks 7 2.4.1 Project Tasks 7 2.4.2 MS Access to Oracle Tasks 7 2.4.3 Oracle to Mongo Tasks 7 2.5 Implementation Schedule 8 2.6 Security and Privacy 8 2.6.1 System Security Features 8 2.6.2 Security Set Up During Implementation 8 3 Implementation Support 8 3.1 Hardware, Software, Facilities, and Materials 9 3.1.1 Hardware 9 3.1.2 Software 9 3.1.3 Facility 9 3.1.4 Materials 9 3.2 Documentation 9 3.3 Personnel 9 3.3.1 Staffing Requirements 9 3.3.2 Training of Implementation staff 9 3.4 Outstanding Issues 10 3.5 Implementation Impact 10 3.6 Communications Plan 10 3.7 Change Management 12 4 Implementation Risks and Contingencies 13 4.1 Technical Risks and Contingencies 13 5 Acceptance Criteria 14 6 Implementation Verification and Validation 14 APPENDIX A: Project Implementation Plan Approval 15 APPENDIX B: REFERENCES 16 APPENDIX C: SECURITY FEATURES 17 APPENDIX D: MIGRATION DETAILS 21 1.1 Description of Access to Oracle Implementation 21 * Introduction 1.1 Purpose The implementation plan describes the migration of data from an MS Access database to Oracle and...
Words: 4932 - Pages: 20
...organizations are considered to posses’ high amount of information pertaining to customer and diagnosis which is of vital importance from the security point of view. Looking at the high security requirement for the information contained in the system for health organizations it is important to maintain an information system which can provide data security so that unauthorized access to information contained in information system can be prevented. In present context Nickol Bay hospital has been selected for the paper to consider review of information security system. Nickol Bay is one of the famous health organizations in Australia which is evolving at a rapid pace and looking at the increasing information requirement for the organization it is important to have a robust information system which can cater to the requirement of various stakeholders. The aim of present paper is to analyze information security in context of Nickol Bay hospital located in Australia. Information risk management system would be analyzed for the current organization along with several protection mechanisms which are in place in order to safeguard information system against any kind of undesired usage of information system. In addition to protection mechanism role of personnel in information security and consideration for legal & ethical aspect for information security would be considered. Finally present paper would review implementation of PRTG network in context to Nickol Bay hospital so that network traffic...
Words: 1742 - Pages: 7
...CSS330-1404B-01: Database Security Phase 5 IP: Auditing Policies Database Security Project Plan Reginald “Reggie” Lee Colorado Technical University Online Professor Anita Arceneaux December 22, 2014 Figure 1: (Microsoft.com, 2014) Table of Contents Database Security Architecture 3 Differences between a database and a DBMS 3 Types of database designs 4 Network Infrastructure for Database Security 5 Common Security Threats for Database Servers: 6 Additional Security Mechanisms for Protecting Database Server 9 User Account Security 11 1. New Schema for HR Database 11 2. Corporate Directory & Manager Information Views: 12 3. Created Users: 14 4. Created Roles: 15 5. Implemented the Following Access Control List using SQL: 15 6. Implementation and Utilization of Roles: 16 7. HR Database SQL 16 Database Vulnerabilities 29 Auditing Techniques 47 Example database Trigger 50 Creating and Implementing a Database Audit 50 Access Reports 61 Logon Activity History 63 Complete Audit Trail 65 DML History 67 Auditing Policies 69 SQL Server 2014 Audit Report Generation 78 Database Security Architecture Differences between a database and a DBMS When discussing the database management systems (DBMS) and databases, the lines can become blurred between the two. Many people consider a DBMS and a database to be one in the same. However, nothing could be further from the truth as they are two separate distinct entities that server...
Words: 8566 - Pages: 35
...Role Based Access Controls June 16, 2013 Professor M. Hansen In order to establish system design controls that are directly related to the data input mechanism of a network and in order to control data entry operations and prevent unauthorized access to information or data; Role Based Access Controls (RBAC) are required. The basic principle of these controls is that the data entry personnel, on any level, should be allowed limited access to only specific information in order to get their jobs done. Because of higher data requirements, more data access streams, higher employee turnover and outsourcing of data-entry processes there are many avenues where data can acquired illegally from an outside source and within the organization it can also be lost or stolen. “Organizations must provide granular, resource-based access. Every organization must protect business applications and information from unauthorized disclosure and abuse, not only for the obvious business reasons but especially to comply in a confusing, evolving and unforgiving regulatory environment.” (Piscitello, 2005) Access control is the process by which resources or services are granted or denied on a computer system or network. There are four standard access control models as well as specific practices used to enforce access control; identification, authentication, authorization and access.. Identification defines a user accessing a computer system would present credentials or identification, such as...
Words: 1484 - Pages: 6
...In order to better serve Riordan Manufacturing’s information security infrastructure, a solid plan must be put in place to ensure that the approach to its implementation is logical, easy to follow, and effective. Many aspects must be considered when formulating an information security policy, including the needs of the company vs. best practice, thus striking a delicate balance between both variables. Therefore Smith Systems Consulting is dedicated to ensuring that a quality service is delivered that will meet these objectives. However, before a more comprehensive plan can be put into place, it is important that Smith Systems Consulting understands exactly how the security plan will be managed, and how to enforce it on the most basic level. It is therefore the opinion of our company to begin by defining a simple, yet utterly crucial part of Riordan’s base information security policy: separation of duties via the practice and implementation of role assignments. Separation of duties, in information technology, is the practice of dividing both IT staff and end users into managed groups, or roles. While users and IT staff, from an administrative level, may fall into several groups (ex., Accounting Department, Maintenance, Security, etc), these groups are not enough to enforce proper security policy. A more comprehensive approach is to define what the base access is for all of these groups, thus the use of roles. Roles basically define what level of system access each user and user...
Words: 1690 - Pages: 7
...Austin Powell PT2520 Week 5 Essay 07/16/14 Security Plan Authentication- Will designate using SQL Server, which includes a two-step log-in process that drastically improves security. The initial log-in will grant the user access to the server, there will be an additional log-in required to access the database. Due to the nature of each user having different permissions granted, SQL Server is a better choice over Windows and will require each user to enter a username and password. Authorization-SQL Server will only grant permissions to which the user is specifically given. Each permission granted is distinct and specifically granted. Roles will be established based on the permissions that are to be granted. There will be a tenant, owner, and property manager role. Once established, then the permissions will be setup and access to the various areas of the database will be given. Roles Tenants- Access will be given to such information as their lease, rental agreement, payment history, as well as any maintenance requests requested. Tenants will be allowed to change or delete information such as payment information. Owners-Access will only be given to information that pertains to the owner. Owner will have permission to only view information about leases, rental agreements, tenants and maintenance requests. Property Managers-Access to all information will be given to users of this role. Property Managers will be able to not only view but insert and...
Words: 448 - Pages: 2
...Database Management System Basith Shaik Southern New Hampshire University September 7, 2015 Abstract The intent of this paper is to design and propose a database management system solution to Grandfield College for tracking software installed. I have analyzed the organizational issues and needs and developed conceptual, logical, and physical designs of DBMS solution. In order to implement the solution, substantial research had been done on best practices in design, available products, and the legal and ethical standards to which we must adhere during design. This paper includes Business rules, Conceptual, Logical, and Physical database designs, Recommendations on best DBMS required for Grandfield College, Data model, Legal Compliance, Ethical Practices, Security Needs and Security Plan Keywords: Grandfield College, Database Design, Recommendations, Business Rules, Data model, Security Plan Database Management System Grandfield College is in need of Database Management System as law requires that any business, including a school, track its software. It is important to know what software the school owns, in what versions, and what the license agreement for that software is. For this purpose I have developed a Software Tracking database for Grandfield College. Problem Grandfield College is in need of a database for effectively tracking faculty and staff computers, the software installed on those systems, User access to each computer, and requests for new software installation...
Words: 4672 - Pages: 19
