Premium Essay

Web Server Security and Database Server Security

In: Other Topics

Submitted By jpar6711
Words 2494
Pages 10
Web Server Security and Database Server Security
Databases involve distributed updates and queries, while supporting confidentiality, integrity, availability, and privacy (Goodrich, & Tamassia, 2011). This entails robust access control as well as tools for detection and recovering from errors (2011).
When database information is masked, there is still a possibility of an attacker garnishing sensitive data from additional database information that is available, this can be achieved and called an inference attack (2011). For databases, strategies have been designed to mitigate against inference attacks.
Cell suppression is a technique used to combat an inference attack, by removing various cells in a database, and are left blank for published versions (2011). The objective is to suppress the critical cells that have relatively important information in them from being obtained in an attack (2011). Another strategy is called Generalization, and this involves replacing published versions of database information with general values (2011). Such as stating a specific date of birth with a range of years, thus a person born in 1990 could be generalized as a range 1985-1992. The critical values are intertwined with the actual values, so they are less discernable in an inference attack (2011).
A Noise Addition technique can also be utilized. This requires adding randomized values to real values in a published database (2011). This provides “noise” for all the records of the same attributes, such as adding a negative to a real number, -9 to 9. This obscures unique numbers while leaving the value for the average unaltered (2011). Additional techniques such as Obfuscation for protecting an individual’s privacy, Anonymization, and Differential privacy are also included (2011).
Various high-profile hacking attacks have proven that web security remains the most...

Similar Documents

Free Essay

Website Migration

...a failover in case the main site goes down. Therefore, the site will be redesigned so that customers will be able to place orders through the website and have them delivered as before. The design of the new system will be able to provide more data storage, faster retrieval, better security features and recovery solutions in the event that the website has any problems. With the operational reliability of the existing system, this will make it easier to improve the new system. The first part of the project goal is to discuss what it will take to build the web architecture, then what will have to be done to move the existing Website with minimal downtime, and then provide a disaster recovery plan in the event that the website should crash or stop working. In order to build the architecture, migrate the existing website along with adding the ability for the customers to place orders online and providing for redundancy of the site the system development life cycle (SDLC) will be used. The SDLC consists of five phases that will be utilized in this project and the five phases are systems planning, systems analysis, systems design, systems implementation, and systems support and security. When building a web architecture the first and possibly most important step in the process is the systems planning phase. The reason this is possibly the most important step in the process is that this is the time when you will gather all of the information required in order to build an architecture......

Words: 2274 - Pages: 10

Free Essay

Linux-Based Web Application Infrastructure Plan

...Secure File Storage Server First World Bank Savings and Loan has a need to deliver highly confidential customer data in PDF format for online customers. This can be done by uploading data to a Linux file server by bank employees within the LAN. This however is inaccessible for customers. First World Bank Savings and Loan has created a plan to make a secure web server so clients can access the data. In order to do this, we will set up a separate Linux virtual machine that will be running SFTP service that only works with a SSH connection. In order to connect with a SSH connection, users have to pre-authenticate through the web server and traffic needs to be forwarded from that web server to the SFTP server. The SFTP server will then take off the SSH “shell” and be able to read the SFTP traffic. In order to do this, we will implement MySecureShell software that will be installed on an Ubuntu release server. According to http://xmodulo.com/, MySecureShell is an OpenSSH server system that: •Limit per-connection download/upload bandwidth •Limit the number of concurrent connections per account •Hide file and directory owner/group/rights •Hide files and directories which user has no access to •Limit the life time of a connection •Chroot SFTP user into his/her home directory Secure Web and Database Servers Based on what is being asked I am recommending a database and Web server architecture along with this there will be explanations as to how they are secure and...

Words: 1306 - Pages: 6

Premium Essay

Securing a Linux System

...different views on security related to a Linux system. * You will be able to identify risks related to the implementation of a Web application in a Linux environment. Assignment Requirements A small community bank is studying the prospect of maintaining its own in-house Linux Web server for a Web application. The Web application will allow the bank’s customers to login, view their loan details, and check and save account balances. The company sends you a request for your services as a Linux and open source consultant. You grab the opportunity because you are dissatisfied with your current job. It is your first day in the community bank, and you are told that your role as a consultant will be to analyze all probable risks related to the prospective Web application. Your manager introduces you to the other employees, including Bob, who is an intern working on the development of the Web application. Bob is also the system administrator as he currently supports the local area network (LAN) environment. You discuss the Web application and its functioning in detail with Bob. Bob tells you that the server will be hosted at the bank’s location since the other servers are presently supporting their Microsoft Windows-based LAN. The Web application will run on any of the popular open source servers. Knowing your background, Bob is very excited to learn Linux and use this learning to make the Web application more effective and less vulnerable. Bob shares the following server......

Words: 967 - Pages: 4

Free Essay

Web Server Application Attacks

...Web Server Application Attacks Christopher Jones Theories of Security Management Dr. Alaba Oluyomi Most web attacks are executed by several different methods to interrupt the functions of web servers. Web applications incorporate several applications to make it work properly. The web administrator must monitor the databases, extended markup languages, and script interpreters to stay ahead of hackers. All website that are running on a web server are prone to compromise, even though they are coded. Attackers take advantage of vulnerabilities of the web server. Attacker takes advantage of vulnerabilities within the implementation of TCP/IP protocol suites. With the slow reactions to correct these deficiencies, attackers are shifting to the application layers and mainly the web. This is in part caused by most companies open their firewall systems to web traffic. Most of the attacks are broad, and comes in many versions that fall into similar categories. Companies are making their web servers more secure, so attacks are moving to the vulnerability of web application flaws. Below are types of attacks on a web server 1 Web application vulnerabilities can be categorized as follows; Web server vulnerabilities, Manipulation of URLs, Exploitation of weaknesses in session identifiers and authentication systems, HTML code Injection and Cross-Site Scripting, and SQL Injection. SQL injection is a technique often used to attack data driven applications. This is......

Words: 1565 - Pages: 7

Premium Essay

Lab 8 Assessment

...it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no attackers can penetrate your web application before the Web App goes live. It is critical to perform a penetration test on a Web application because the Web application is running on an Application Server or a Web Server, if an attacker is able to access the application code for how the database is called, it may be able to retrieve information about the database (name, attributes, IP address, etc.) and or access the Web Server and attempt a DoS attack. If a Web form cannot handle the unexpected data and fails to return the expected outcome. You have uncovered a vulnerability in this form; penetration testing in this area help IT security identify the vulnerabilities a Web Application may have.  2. What is a cross-site scripting attack? The goal of an XSS attack is see if the Web Application allows the attacker to have administrative read/write access to the functionality of the Web Application. This attack is a type of computer security vulnerability typically found inweb applications that enables attacks to inject client-side script into web pages viewed and accessed by other users. 3. What is a reflective cross-site scripting attack? If the attacker can type a script in a text field and the script alters or creates a pop-up display, the attacker can use these windows to navigate users off the Web Application pages and to constructed pages......

Words: 849 - Pages: 4

Premium Essay

Computer Tricks

...EC-Council Press | The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certified information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certification and education. EC-Council certifications are viewed as the essential certifications needed where standard configuration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification...

Words: 61838 - Pages: 248

Premium Essay

Security Project

...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN Contents Course........................................................................................................ Error! Bookmark not defined. Introduction ............................................................................................................................................ 3 Abstract .................................................................................................................................................. 4 Company Background.............................................................................................................................. 4 Software Weaknesses and Recommendations......................................................................................... 5 Hardware Weaknesses and Recommendations........................................................................................ 6 Network Security flaws and Recommendations ....................................................................................... 7 REFERENCES:........................................................................................................................................... 7 Introduction A company that deals with making web site and web business solutions is known as Quality web design. The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are......

Words: 1406 - Pages: 6

Free Essay

Xerox System

...APPROVED FOR THE UNIVERSITY Associate Dean Office of Graduate Studies and Research Date iii ABSTRACT INTRUSION DETECTION AND PREVENTION SYSTEM: CGI ATTACKS by Tejinder Aulakh Over the past decade, the popularity of the Internet has been on the rise. The Internet is being used by its clients to access both static and dynamic data residing on remote servers. In the client-server interaction, the client asks the server to provide information, and, in addition, the server may also request that clients provide information such as in “web forms.” Therefore, the Internet is being used for many different purposes which also include the web servers collecting the information from the clients. Consequently, attacks on the web servers have been increasing over the years. Due to the fact that web servers are now able to produce dynamic web pages based on the received requests, the web servers are now more vulnerable to attack than ever before. One of the ways to produce the dynamic web page is Common Gateway Interface (CGI) technology. Attackers take the advantage of CGI scripts to perform an attack by sending illegitimate inputs to the web server. This report includes the findings and the results of...

Words: 7097 - Pages: 29

Premium Essay

Database Security

...CSS330-1502A-01 Database Security Individual Project Key Assignment Chris Pangburn 27 April, 2015 Table of Contents Week 1: Database Security Architecture 4 Differentiate between a Database Management System and a database 4 Network Infrastructure for the best security posture 4 Additional Security mechanisms to protect the Database Server 6 Week 2: User Account Security 7 Creating Schemas 7 Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists 7 Creating Views 10 Week 3: Database Vulnerabilities 11 Description of tools used to perform scans 11 Scan Information 11 False Positive Information 12 Discuss SQL injection attack 12 Week 4: Auditing Techniques 14 Security hardened network design 14 Research of auditing features 14 Description of a trigger 14 Implementation of auditing 14 Week 5: Auditing Policies 15 Write SQL 15 Report based on access 15 Report based on system privileged 15 Audit report showing connection details 15 Report showing object access 15 References 16 Week 1: Database Security Architecture Differentiate between a Database Management System and a database Databases at their essence are nothing more than a collection of organized information (Mullins, 2013). A database can contain stored procedures, tables, fields, indexes, functions, views, security, and many other objects. Relationships between the data can be created which brings more meaning to how the data can......

Words: 1807 - Pages: 8

Free Essay

Web Design

...The World Wide Web provides a new paradigm in computer networking for human communication, which had an impact on the delivery of information and continues to stand in rapid developments. The word Web Technology represents a discontinuity in the way applications are connected. Using the Web Technology as the basis for an application brings substantial advantages to the adopter. This report focuses on 2-tier architecture and mainly on the 3-tier architecture, which is the present web technology. This report will also review the client-side scripting and the server-side scripting. TABLE OF CONTENTS EXECUTIVE SUMMARY 2 1. Introduction 3 2. Need for technology 4 3. Terminology 5 4. 2-Tier Architecture 5 5. 3-Tier Architecture 7 6. Client Server Architecture 10 7. Conclusion 12 REFERENCES 13 1. INTRODUCTION Web sites have quickly evolved from simple, static pages to complex Web applications performing critical operations for many businesses. These applications involve dynamic data from multiple sources; ever changing and various features for e-commerce, personalization and many more. At the same time, customers and internal users have understandably come to expect and demand more and more sophistication in the Web-based applications they use every day. The result? Web application solution providers — and their client companies — face several new challenges. They must meet or......

Words: 2397 - Pages: 10

Premium Essay

Lab 8

...Lab #8 – Assessment Worksheet Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response......

Words: 442 - Pages: 2

Free Essay

Financial Analyst

...extensive experience working with PeopleSoft (PIA) Administration for over the last 7 years. Demonstrated strong Technical and Problem Management skills. PeopleSoft Administrator, Oracle Database, LINUX, UNIX skills have enabled me to perform multiple installations, upgrades, performance tuning, and troubleshooting the infrastructure components required to establish and maintain the PeopleSoft PIA Architecture. PeopleSoft Server Administration – Installed and configured PeopleTools, File Server, Application Server, Process Scheduler Server, Tuxedo, WebLogic Web Server, PeopleSoft Internet Architecture (PIA) and Report Distribution, Load Balancing, Failover, Integration Broker, Single Signon, LDAP, Environment Management Framework, PeopleSoft Application Security Administration, Disaster Recovery, Business Continuity Planning for various PeopleSoft Oracle Database Instances. Expertise in performing routine maintenance activities - Environment Refreshes, PS Project Migration, File Object Migration, Performance Tuning of Web Server, Application Server, Tuxedo, Process Scheduler Server and Database, PeopleSoft Application Security. Successfully applied PeopleTools Product Patches, Application Patches, Bundles, Maintenance Packs, and PeopleTools Upgrades. Trouble shoot problems related to Server Components and Failed Process or Jobs, Performance Tuning, Turning on Traces, Working closely with Developers, QA Team and End users. Worked on distributed, large-scale and......

Words: 1065 - Pages: 5

Premium Essay

Database Security Plan

...CSS330-1404B-01: Database Security Phase 5 IP: Auditing Policies Database Security Project Plan Reginald “Reggie” Lee Colorado Technical University Online Professor Anita Arceneaux  December 22, 2014 Figure 1: (Microsoft.com, 2014) Table of Contents Database Security Architecture 3 Differences between a database and a DBMS 3 Types of database designs 4 Network Infrastructure for Database Security 5 Common Security Threats for Database Servers: 6 Additional Security Mechanisms for Protecting Database Server 9 User Account Security 11 1. New Schema for HR Database 11 2. Corporate Directory & Manager Information Views: 12 3. Created Users: 14 4. Created Roles: 15 5. Implemented the Following Access Control List using SQL: 15 6. Implementation and Utilization of Roles: 16 7. HR Database SQL 16 Database Vulnerabilities 29 Auditing Techniques 47 Example database Trigger 50 Creating and Implementing a Database Audit 50 Access Reports 61 Logon Activity History 63 Complete Audit Trail 65 DML History 67 Auditing Policies 69 SQL Server 2014 Audit Report Generation 78 Database Security Architecture Differences between a database and a DBMS When discussing the database management systems (DBMS) and databases, the lines can become blurred between the two. Many people consider a DBMS and a database to be one in the same. However, nothing could be further from the truth as they are two separate distinct entities that......

Words: 8566 - Pages: 35

Premium Essay

Security

...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN INTRODUCTION 3 ABSTRACT 3 COMPANY BACKGROUND 3 SOFTWARE WEAKNESSES 4 EMAIL SERVER WEAKNESSES 4 SOLUTION 4 DATABASE WEAKNESS 5 SOLUTION 5 HARDWARE RELATED WEAKNESSES 6 HARDWARE WEAKNESSES 6 SOLUTION 6 HARDWARE POLICY WEAKNESSES 6 SOLUTION 7 REFERENCES: 8 INTRODUCTION A company that deals with making web site and web business solutions is known as Quality Web Design (QWD). The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. ABSTRACT QWD provides business solutions via Internet to its customers. The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, upgrade whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and the network design. They provide the support to the companies by providing web solutions so that they can spread their business through internet. The company processes also......

Words: 1442 - Pages: 6

Free Essay

Client and Server Security

...Outline 3 Security Requirements 4 Perimeter Security 5 Client and Server Security 10 Database Security 10 Server Security 12 Wireless and Remote Access Security 15 Security Configuration Management 19 References 23   Project Outline Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees is located in Columbus, Georgia, and employs 10 people full time, and 4 persons part time. The third location is located in Washington, DC, and employs 15 people. The fourth location located in Richmond, Virginia is the smallest of all the locations employing 5 persons full time. Tiger Tees is a fast growing company in dire need of a secure network that will ensure that the confidentiality, integrity, and availability of client information remain confidential. All transactions completed are sent to the organizational headquarters in Beckley, WV and processed there. In the past these orders and transactions have been completed by telephone and e-mail. A secure wide area network would streamline this process making the transactions more secure, and providing faster service to the customers.   Security......

Words: 5336 - Pages: 22