SlideShare a Scribd company logo

ASSIGNMENT 2 LOGICAL DATABASE DESIGN (CPT307).pdf

Suzanne Simmons
Suzanne Simmons

Custom Writing Service http://StudyHub.vip/ASSIGNMENT-2-LOGICAL-DATABASE-DESIGN-(C

Education
1 of 13
Download to read offline
ASSIGNMENT 2 CPT307 LOGICAL DATABASE DESIGN ASADHU SHUJAAU (000033475) WORD COUNT: 2487 MAY 7, 2015 Faculty of Science
Assignment 2 1 Table of Contents 1.0 Abstract................................................................................................................................2 2.0 Introduction..........................................................................................................................3 3.0 Key issues on database security today.................................................................................4 3.1 Privilege Abuse................................................................................................................4 3.2 SQL Injection...................................................................................................................4 3.3 Weak Authentication .......................................................................................................5 3.4 Platform Vulnerabilities...................................................................................................5 3.5 Malware ...........................................................................................................................6 3.6 Weak Auditing.................................................................................................................6 3.7 Deployment Failure .........................................................................................................6 4.0 How to solve the key issues.................................................................................................7 5.0 Losses faced by database when it comes to security ...........................................................9 6.0 My opinion.........................................................................................................................10 7.0 Conclusion .........................................................................................................................11 Bibliography ............................................................................................................................12
Assignment 2 2 1.0 Abstract This paper is about database security. It looks into the key database security issues that are faced by databases today. These include privilege abuse, weak authentication, platform vulnerabilities, SQL injection, malware, weak auditing and deployment failures. It goes further by looking into solutions for each aspect of security issue described here. Security measures that help overcome the issues are discussed for each security problem. Next, the losses faced by database when it comes to security are explained. These include loss of data manipulation of data and corporate losses etc. As the writer my own opinion is included before concluding this paper.
Assignment 2 3 2.0 Introduction In today’s world millions of data are shared, collected and retained every day. Privacy and security are great concerns as most of these data are stored and shared digitally. These content that users share and corporate companies collect are stored on databases located in different areas of the world. Main cause of data security issues are in the databases itself. This is evident by the growing number of reported events of loss, theft or exposure of sensitive information (Murray, 2010). Before moving on to the topic of database security issues and solutions, first it is necessary to understand what database security is about. In a journal (Murray, 2010) states that, database security should provide controlled and protected access to information stored within databases. Furthermore, it is stated that database should preserve the integrity and consistency along with the overall quality of the data that is stored. This writing will look into the key database security challenges that are common today. Before moving on to the solutions for these issues the next section will briefly explain each identified issue and why they are risky. After covering aforementioned areas, the losses faced by the database due to security issues will be highlighted next. My own opinion about the database security as the writer is included as well before concluding the writing with the overall findings and judgements about the concerned areas of database security.
Assignment 2 4 3.0 Key issues on database security today 3.1 Privilege Abuse Sometimes databases are created in such a way that users can access features of the database that they do not necessarily need all the time. These may lead to privilege abuse whereby a user may use his rights for illegal or dishonest purpose. (Stonecypher, 2010), has given a great example to explain this issue. He states that a database administrator in a financial business such as a bank can use his rights to create fake accounts and also transfer money from one account to another if he wished to. Above example is one where a user abuses the privilege intentionally. In his writing (Stonecypher, 2010), goes further by giving an example on how privilege can be abused unintentionally as well. In case of a company offering “work from home” option to its staff, an employee may take backup of sensitive while working from home, so that he or she could work easily without accessing the company network every time. This violates security policies of the company and will result in data security breach if the employee’s home system is compromised. 3.2 SQL Injection SQL Injection is a web attack method by hackers that target databases. This technique can be used to steal sensitive corporate data via online platforms. It can be said that this is one of the most common methods used to breach database security today. This attack becomes possible due to the improper coding of web applications that allows hackers to inject SQL commands through input fields on forms such as login form (acunetix, 2015). In 2014, (Goldman, 2014) has written about cyber-attacks by CyberVor, a Russian gang of fewer than a dozen hackers who stole billions of usernames and passwords. In it he has written that a research was conducted in order to identify the vulnerabilities of websites where by they found that “over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites' databases.” Furthermore to aid the severity of this issue, in another writing of (Goldman, 2014) he has stated that in 2013 alone two thirds of U.S. companies were breached by SQL Injection. This alone shows it is a major database security issue.
Assignment 2 5 3.3 Weak Authentication A lot of databases allow creation of users with short, weak passwords. This makes the application and database more prone to attacks. As said by (Shulman, 2006), weak authentication can help attackers to disguise as authentic users of the database by stealing and or obtaining login credentials of users with weak authentications. Different techniques are used by attackers to take advantage of weak authentication in systems used by companies. An attacker can use guesswork or enumeration of possible username and password combinations. This technique is called brute forcing which is done mostly by using a specialized application. Also an attacker may present themselves as company IT staff via a phone in order to gain credentials from employees of the company. This method is called social engineering which uses trust as a weapon. This method becomes possible because only few security matters are taken into consideration when authenticating users to use the database (Shulman, 2006). Think of the impact if a bank uses weak authentication for its online user. It might lead to losing their customers and customers losing their money deposited in their bank accounts. Hence, this issue can have a severe outcome if left unsolved. 3.4 Platform Vulnerabilities Databases can be affected due to the vulnerabilities in the operating system it is running on. For example, systems like UNIX, Linux or Windows. Due to bugs in the platform, services related to database may lead to unauthorized access (Stonecypher, 2010). For example (Shulman, 2006) mentions about the Blaster Worm, which took advantage of a Windows 2000 vulnerability to create denial of service conditions. Due to such reasons, platform vulnerability issues, lead to database security issues.
Assignment 2 6 3.5 Malware Above in the platform vulnerabilities an example was given about a malware which used platform vulnerabilities to create denial of service conditions. This is another serious issue that presents databases to cyber threats. Unlike other issues malware can be used to create automatic exploitation of the above mentioned points and few more. Attackers use these malicious software to steal information and or sabotage on damage the entire database system (Paganini, n.d.). In the writing, (Paganini, n.d.) mentions that, in November 2013, Symantec released a security alert about a malware that could damage corporate databases which wipes out the infected PCs hard disk. The malware was called W32.Narilam. 3.6 Weak Auditing As per (Shulman, 2006), recording of sensitive and unusual database transactions should be a part of database foundation before it is deployed. This is to ensure better auditing. The following are threats faced due to weak auditing as mentioned by (Shulman, 2006).  Weak database audits are against government regulatory policies. This applies to many countries while it might not apply to all.  No way of forensic evidence of intruders in order to track them.  Better audits lead to better detection and recovery. It helps to pinpoint the origin of the attack and to know which account was used to access the database. This can help take actions accordingly. Without a good audit, this will not be possible. 3.7 Deployment Failure (Lane, 2013) explains that deployment failure as the most common database vulnerability. He mentions that as all databases are tested for what they should do functionally. Many fail to certify that it is not doing something it should not. Databases should be tested for all kinds of criteria before they are deployed. Database platforms are insecure after fresh installations. It would have problems like having default accounts with default passwords which everyone who uses databases know very well. it will remain same until these are manually configured and changed. If it is left as it is, these can be exploited by attackers for unauthorized access to database.
Assignment 2 7 4.0 How to solve the key issues This section will discuss the solutions for the problems mentioned in the previous section. This section will be divided to paragraph each relating to one of the issues mentioned above. Solutions are discussed in the order the issues are discussed in the previous section. First of all privilege abuse can be solved by implementing SecureSphere’s Dynamic Profiling technology. This application automatically creates a model of the context surrounding normal database interactions. It can tell time of day, IP address, volume of data retrieved, application client used to access the database. When users excess and retrieve too much information or they try unauthorized tasks, SecureSphere triggers an alert (Shulman, 2006). As (Osborne, 2013) says SQL injection can be prevented by protecting online databases with firewalls. However, (acunetix, 2015) says it is not enough just to use firewalls. In addition to firewall protection, while building web applications inputs should be cleaned off of SQL strings that can cause issues in the database. This is called sanitizing. In order to overcome weak authentication, strongest practical authentication should be used. Usage of Two-factor authentication are preferred where possible. Strong username/password can also be used to overcome this issue. Sometimes even these measures might not be enough. In such cases logging failed sign in attempts can help identify possible cyber-attacks (Shulman, 2006). Platform vulnerabilities can be solved by having the system updated regularly. This will help system have the latest patches for bug fixes and other security updates. Also having a secure password on the platform itself can help minimize the risk of platform vulnerabilities. Also encrypting the data stored in databases can help prevent further damage in case of platform breach. In case of malware, corporate companies and other database users’ needs to have a strong anti- virus program which will help to identify and eliminate the malware. The mentioned anti-virus programs need to be up-to-date at all times in-order to identify and eliminate latest threats. Having database backups in a safer offline environment can help restore the database in case of malware take over (Paganini, n.d.). The following are ways to overcome weak auditing ad suggested by (Shulman, 2006). Quality network-based audit applications addresses flaws associated with inbuilt audit tools in database. Network-based audit tools help improve auditing along with improved database
Assignment 2 8 performance. These audit tools are separate from database hence it is invulnerable to privilege elevation attacks. Also they perform over different platforms. These help reduce server costs, load-balancing and administrative costs. While at the same time it delivers better security. By testing database software for different criteria can help overcome deployment failures. Existing default accounts should be removed or changed to have a different name and a strong password. Hiring experts for testing can help minimize the risks that come along with failure in database deployment.
Assignment 2 9 5.0 Losses faced by database when it comes to security This section will discuss different losses faced by database due to unhandled security issues that exists within the database. Different issues can cause different types of database losses related to three constructs of databases, the CIA, confidentiality, integrity and availability. Each will be discussed separately in this section. Sometimes as mentioned in previous section Denial of Service attacks take place due to improper security measures. This kind of attacks restrict access to network applications or data for actual users (Shulman, 2006). This can mean database facing unexpected downtimes. From a corporate firms point of view, if it is a firm serving thousands of customers every day. This can be a huge loss as it can lead to loss of customers and profits for the company and lot of time being wasted on resolving the issue. Another loss that database can face is loss of data itself. As previously mentioned. There are malwares that target systems to wipe clean its hard disks (Paganini, n.d.). Hard disks are mainly used to store everything that on a computer system. This means databases as well. If anti-virus are not used or other proper measures like backups are not in place. Then databases can lose huge amounts of data and in the worst case scenario they can be destroyed fully. For huge businesses this might mean losing sensitive information about customers, projects, employees, etc. In turn losing the database’s availability or identification and recovery from hardware and software applications (Murray, 2010). Database data leaks is another issue faced due to weak security measures. Data can be stolen through online attacks or by stealing backups which can be gained access through different means like, from an employee system of a “work from home” company. Moreover, it can be done by an employee within a company as well (Stonecypher, 2010). This effects the confidentiality or protection of data from unauthorized disclosure (Murray, 2010). Last but not the least, another loss faced by the databases when it comes to security can be unauthorized manipulation of data within a database. This can be done through SQL injection, Denial of Service attacks which will give time for attackers to perform other types of operations on the database. Also privilege abuse can lead to data manipulation. This effects the integrity of information present in the database making it untrustworthy.
Assignment 2 10 6.0 My opinion As the writer, in my opinion there are some issue of database security that can be solved easily. Like platform vulnerabilities can be solved by anyone by simply having the system on auto update. Also, almost everyone familiar with computers today are familiar with anti-virus programs. Hence issues like these can be resolved easily. However, some issues need specialists. For example SQL injections cannot be solved by people without programming knowledge and database configurations can be corrected by experts in the field. So in order to have the best security measures best expertise are also needed. Furthermore, it might not be always possible to prevent database from attacks in such cases having proper security measures will help bring database back on track in least amount of time. Other than the above mentioned, it is also worth mentioning that although the discussed are the issue of database security present today. Future might show new threats that arise with new technologies. When relational database model gets deprecated and object oriented databases takes over it is bound to bring security issues of its own along with it.
Assignment 2 11 7.0 Conclusion This paper looked into most common security issues that are present today in database security. With the help of identified security issues the suggested solutions can be implemented by companies to safeguard their content store on databases. The explanations given by different authors about different securities were understandable and examples presented were related or cases that have happened or are likely to happen. This helps to understand possible breaches due to different kinds of vulnerabilities in the database. Database security issues discussed here can be used while setting up databases so that it is ready in terms of security before going forward. As mentioned early technology is evolving rapidly. It might be a good idea to think about possible future security issues that come along with the changes that come to database management system. Although it may solve some problems it might also bring another.
Assignment 2 12 Bibliography Acunetix. (2015). SQL Injection: What is it? Retrieved from acunetix: https://www.acunetix.com/websitesecurity/sql-injection/ Goldman, J. (2014, August 6). CyberVor Breach Exposes 1.2 Billion User Names, Passwords. Retrieved from eSecurity Planet: http://www.esecurityplanet.com/hackers/cybervor-breach-exposes-1.2-billion-user- names-passwords.html Lane, A. (2013, June 23). 10 Most Common Security Vulnerabilities In Enterprise Databases. Retrieved from Dark Reading: http://www.darkreading.com/risk/10-most-common- security-vulnerabilities-in-enterprise-databases/d/d-id/1139979? Murray, M. C. (2010). Database Security: What Students Need to Know. (A. Scime, Ed.) Journal of Information Technology Education: Innovations in Practice, 9, 62-77. Osborne, C. (2013, June 26). The top ten most common database security vulnerabilities. Retrieved from ZDNET: http://www.zdnet.com/article/the-top-ten-most-common- database-security-vulnerabilities/ Paganini, P. (n.d.). Databases - Vulnerabilities, Costs of Data Breaches and Countermeasures. Retrieved from Infosec Institute: http://resources.infosecinstitute.com/databases-vulnerabilities-costs-of-data-breaches- and-countermeasures/ Shulman, A. (2006). Top Ten Database Security Threats. Retrieved from www.schell.com/Top_Ten_Database_Threats.pdf Stonecypher, L. (2010, January 14). Threats to Database Security. Retrieved from Bright Hub: http://www.brighthub.com/computing/smb-security/articles/61554.aspx

Recommended

SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
DATABASE SECURITY - ATTACKS AND CONTROL METHODS
DATABASE SECURITY - ATTACKS AND CONTROL METHODSDATABASE SECURITY - ATTACKS AND CONTROL METHODS
DATABASE SECURITY - ATTACKS AND CONTROL METHODSijistjournal
 
System and Enterprise Security Project - Penetration Testing
System and Enterprise Security Project - Penetration TestingSystem and Enterprise Security Project - Penetration Testing
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injectionA. Shamel
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerceijceronline
 

Recommended

SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
DATABASE SECURITY - ATTACKS AND CONTROL METHODS
DATABASE SECURITY - ATTACKS AND CONTROL METHODSDATABASE SECURITY - ATTACKS AND CONTROL METHODS
DATABASE SECURITY - ATTACKS AND CONTROL METHODSijistjournal
 
System and Enterprise Security Project - Penetration Testing
System and Enterprise Security Project - Penetration TestingSystem and Enterprise Security Project - Penetration Testing
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injectionA. Shamel
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Prevention of SQL injection in E- Commerce
Prevention of SQL injection in E- CommercePrevention of SQL injection in E- Commerce
Prevention of SQL injection in E- Commerceijceronline
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxtodd521
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxcowinhelen
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxhealdkathaleen
 
What To Do If Compromised - Fraud Control and Investigations Procedures
What To Do If Compromised - Fraud Control and Investigations ProceduresWhat To Do If Compromised - Fraud Control and Investigations Procedures
What To Do If Compromised - Fraud Control and Investigations Procedures- Mark - Fullbright
 
A1802030104
A1802030104A1802030104
A1802030104IOSR Journals
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comBaileyabl
 
A Study of Database Protection Techniques
A Study of Database Protection TechniquesA Study of Database Protection Techniques
A Study of Database Protection TechniquesIJSRED
 
Running head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxRunning head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
 
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET Journal
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...raufik tajuddin
 
Running head CHALLENGES OF CYBER SECURITY9.docx
Running head CHALLENGES OF CYBER SECURITY9.docxRunning head CHALLENGES OF CYBER SECURITY9.docx
Running head CHALLENGES OF CYBER SECURITY9.docxsusanschei
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseDavid Murphy
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemEnterprise Technology Management (ETM)
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET Journal
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
Write Scientific Paper Abstract - Essaynparaph.W
Write Scientific Paper Abstract - Essaynparaph.WWrite Scientific Paper Abstract - Essaynparaph.W
Write Scientific Paper Abstract - Essaynparaph.WSuzanne Simmons
 
10 Lines On My School Essay I
10 Lines On My School Essay I10 Lines On My School Essay I
10 Lines On My School Essay ISuzanne Simmons
 

More Related Content

Similar to ASSIGNMENT 2 LOGICAL DATABASE DESIGN (CPT307).pdf

Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxtodd521
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxcowinhelen
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxhealdkathaleen
 
What To Do If Compromised - Fraud Control and Investigations Procedures
What To Do If Compromised - Fraud Control and Investigations ProceduresWhat To Do If Compromised - Fraud Control and Investigations Procedures
What To Do If Compromised - Fraud Control and Investigations Procedures- Mark - Fullbright
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comBaileyabl
 
A Study of Database Protection Techniques
A Study of Database Protection TechniquesA Study of Database Protection Techniques
A Study of Database Protection TechniquesIJSRED
 
Running head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxRunning head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
 
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET Journal
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...raufik tajuddin
 
Running head CHALLENGES OF CYBER SECURITY9.docx
Running head CHALLENGES OF CYBER SECURITY9.docxRunning head CHALLENGES OF CYBER SECURITY9.docx
Running head CHALLENGES OF CYBER SECURITY9.docxsusanschei
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseDavid Murphy
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET Journal
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 

Similar to ASSIGNMENT 2 LOGICAL DATABASE DESIGN (CPT307).pdf (20)

Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docx
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docx
 
What To Do If Compromised - Fraud Control and Investigations Procedures
What To Do If Compromised - Fraud Control and Investigations ProceduresWhat To Do If Compromised - Fraud Control and Investigations Procedures
What To Do If Compromised - Fraud Control and Investigations Procedures
 
A1802030104
A1802030104A1802030104
A1802030104
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.com
 
A Study of Database Protection Techniques
A Study of Database Protection TechniquesA Study of Database Protection Techniques
A Study of Database Protection Techniques
 
Running head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docxRunning head Assignment 1 Identifying Potential Malicious Attack.docx
Running head Assignment 1 Identifying Potential Malicious Attack.docx
 
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application Environment
 
The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...The literature and write report on information system security part 1 of 5 p...
The literature and write report on information system security part 1 of 5 p...
 
Running head CHALLENGES OF CYBER SECURITY9.docx
Running head CHALLENGES OF CYBER SECURITY9.docxRunning head CHALLENGES OF CYBER SECURITY9.docx
Running head CHALLENGES OF CYBER SECURITY9.docx
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational Database
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
IRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer System
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 

More from Suzanne Simmons

Write Scientific Paper Abstract - Essaynparaph.W
Write Scientific Paper Abstract - Essaynparaph.WWrite Scientific Paper Abstract - Essaynparaph.W
Write Scientific Paper Abstract - Essaynparaph.WSuzanne Simmons
 
10 Lines On My School Essay I
10 Lines On My School Essay I10 Lines On My School Essay I
10 Lines On My School Essay ISuzanne Simmons
 
Sample Hl English Essay - IBDP Year 2 Group 1 - Stu
Sample Hl English Essay - IBDP Year 2 Group 1 - StuSample Hl English Essay - IBDP Year 2 Group 1 - Stu
Sample Hl English Essay - IBDP Year 2 Group 1 - StuSuzanne Simmons
 
An Outline Of What To Write In Your Evaluations. Art Ass
An Outline Of What To Write In Your Evaluations. Art AssAn Outline Of What To Write In Your Evaluations. Art Ass
An Outline Of What To Write In Your Evaluations. Art AssSuzanne Simmons
 
What Is Hypothesis In Thesis. How To Writ
What Is Hypothesis In Thesis. How To WritWhat Is Hypothesis In Thesis. How To Writ
What Is Hypothesis In Thesis. How To WritSuzanne Simmons
 
Ielts Writing Task 2 Academic Samples - Ielts
Ielts Writing Task 2 Academic Samples - IeltsIelts Writing Task 2 Academic Samples - Ielts
Ielts Writing Task 2 Academic Samples - IeltsSuzanne Simmons
 
This Package Includes Groundhog Day Letter Writi
This Package Includes Groundhog Day Letter WritiThis Package Includes Groundhog Day Letter Writi
This Package Includes Groundhog Day Letter WritiSuzanne Simmons
 
Freedom Writers Film Review Slant Magazine
Freedom Writers Film Review Slant MagazineFreedom Writers Film Review Slant Magazine
Freedom Writers Film Review Slant MagazineSuzanne Simmons
 
How To Build A Writing Portfolio With No Experienc
How To Build A Writing Portfolio With No ExperiencHow To Build A Writing Portfolio With No Experienc
How To Build A Writing Portfolio With No ExperiencSuzanne Simmons
 
Professional Essay Writing Service Uk
Professional Essay Writing Service UkProfessional Essay Writing Service Uk
Professional Essay Writing Service UkSuzanne Simmons
 
2. Find Your Healthy Mind -
2. Find Your Healthy Mind -2. Find Your Healthy Mind -
2. Find Your Healthy Mind -Suzanne Simmons
 
Diversity Essay Ideas. Diversity Essay Ideas. 202
Diversity Essay Ideas. Diversity Essay Ideas. 202Diversity Essay Ideas. Diversity Essay Ideas. 202
Diversity Essay Ideas. Diversity Essay Ideas. 202Suzanne Simmons
 
School Essay Essay Writing Assistance
School Essay Essay Writing AssistanceSchool Essay Essay Writing Assistance
School Essay Essay Writing AssistanceSuzanne Simmons
 
Frog Writing Papers - Spring Writing Activities By From T
Frog Writing Papers - Spring Writing Activities By From TFrog Writing Papers - Spring Writing Activities By From T
Frog Writing Papers - Spring Writing Activities By From TSuzanne Simmons
 
How To Write An Informative Essay - UNUGTP News
How To Write An Informative Essay - UNUGTP NewsHow To Write An Informative Essay - UNUGTP News
How To Write An Informative Essay - UNUGTP NewsSuzanne Simmons
 
SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...
SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...
SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...Suzanne Simmons
 
How To Write An Essay In APA Format - Complete G
How To Write An Essay In APA Format - Complete GHow To Write An Essay In APA Format - Complete G
How To Write An Essay In APA Format - Complete GSuzanne Simmons
 
WRITING TERM PAPER - Life Tips Pro
WRITING TERM PAPER - Life Tips ProWRITING TERM PAPER - Life Tips Pro
WRITING TERM PAPER - Life Tips ProSuzanne Simmons
 
Five Paragraph Essay Sample In Sixth Grade Li
Five Paragraph Essay Sample In Sixth Grade LiFive Paragraph Essay Sample In Sixth Grade Li
Five Paragraph Essay Sample In Sixth Grade LiSuzanne Simmons
 

More from Suzanne Simmons (20)

Write Scientific Paper Abstract - Essaynparaph.W
Write Scientific Paper Abstract - Essaynparaph.WWrite Scientific Paper Abstract - Essaynparaph.W
Write Scientific Paper Abstract - Essaynparaph.W
 
10 Lines On My School Essay I
10 Lines On My School Essay I10 Lines On My School Essay I
10 Lines On My School Essay I
 
Sample Hl English Essay - IBDP Year 2 Group 1 - Stu
Sample Hl English Essay - IBDP Year 2 Group 1 - StuSample Hl English Essay - IBDP Year 2 Group 1 - Stu
Sample Hl English Essay - IBDP Year 2 Group 1 - Stu
 
An Outline Of What To Write In Your Evaluations. Art Ass
An Outline Of What To Write In Your Evaluations. Art AssAn Outline Of What To Write In Your Evaluations. Art Ass
An Outline Of What To Write In Your Evaluations. Art Ass
 
What Is Hypothesis In Thesis. How To Writ
What Is Hypothesis In Thesis. How To WritWhat Is Hypothesis In Thesis. How To Writ
What Is Hypothesis In Thesis. How To Writ
 
TOK ESSAY INSTRUCTIONS
TOK ESSAY INSTRUCTIONSTOK ESSAY INSTRUCTIONS
TOK ESSAY INSTRUCTIONS
 
Ielts Writing Task 2 Academic Samples - Ielts
Ielts Writing Task 2 Academic Samples - IeltsIelts Writing Task 2 Academic Samples - Ielts
Ielts Writing Task 2 Academic Samples - Ielts
 
This Package Includes Groundhog Day Letter Writi
This Package Includes Groundhog Day Letter WritiThis Package Includes Groundhog Day Letter Writi
This Package Includes Groundhog Day Letter Writi
 
Freedom Writers Film Review Slant Magazine
Freedom Writers Film Review Slant MagazineFreedom Writers Film Review Slant Magazine
Freedom Writers Film Review Slant Magazine
 
How To Build A Writing Portfolio With No Experienc
How To Build A Writing Portfolio With No ExperiencHow To Build A Writing Portfolio With No Experienc
How To Build A Writing Portfolio With No Experienc
 
Professional Essay Writing Service Uk
Professional Essay Writing Service UkProfessional Essay Writing Service Uk
Professional Essay Writing Service Uk
 
2. Find Your Healthy Mind -
2. Find Your Healthy Mind -2. Find Your Healthy Mind -
2. Find Your Healthy Mind -
 
Diversity Essay Ideas. Diversity Essay Ideas. 202
Diversity Essay Ideas. Diversity Essay Ideas. 202Diversity Essay Ideas. Diversity Essay Ideas. 202
Diversity Essay Ideas. Diversity Essay Ideas. 202
 
School Essay Essay Writing Assistance
School Essay Essay Writing AssistanceSchool Essay Essay Writing Assistance
School Essay Essay Writing Assistance
 
Frog Writing Papers - Spring Writing Activities By From T
Frog Writing Papers - Spring Writing Activities By From TFrog Writing Papers - Spring Writing Activities By From T
Frog Writing Papers - Spring Writing Activities By From T
 
How To Write An Informative Essay - UNUGTP News
How To Write An Informative Essay - UNUGTP NewsHow To Write An Informative Essay - UNUGTP News
How To Write An Informative Essay - UNUGTP News
 
SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...
SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...
SonyS Digital Paper Tablet Lets The Office Go Paperless Gadgets ...
 
How To Write An Essay In APA Format - Complete G
How To Write An Essay In APA Format - Complete GHow To Write An Essay In APA Format - Complete G
How To Write An Essay In APA Format - Complete G
 
WRITING TERM PAPER - Life Tips Pro
WRITING TERM PAPER - Life Tips ProWRITING TERM PAPER - Life Tips Pro
WRITING TERM PAPER - Life Tips Pro
 
Five Paragraph Essay Sample In Sixth Grade Li
Five Paragraph Essay Sample In Sixth Grade LiFive Paragraph Essay Sample In Sixth Grade Li
Five Paragraph Essay Sample In Sixth Grade Li
 

Recently uploaded

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...EADTU
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfPondicherry University
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....Ritu480198
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFVivekanand Anglo Vedic Academy
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppCeline George
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnershipsexpandedwebsite
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17Celine George
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...Nguyen Thanh Tu Collection
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesAmanpreetKaur157993
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaEADTU
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSAnaAcapella
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxAdelaideRefugio
 
Book Review of Run For Your Life Powerpoint
Book Review of Run For Your Life PowerpointBook Review of Run For Your Life Powerpoint
Book Review of Run For Your Life Powerpoint23600690
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital ManagementMBA Assignment Experts
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...Nguyen Thanh Tu Collection
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project researchCaitlinCummins3
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge App
 
Mattingly "AI and Prompt Design: LLMs with NER"
Mattingly "AI and Prompt Design: LLMs with NER"Mattingly "AI and Prompt Design: LLMs with NER"
Mattingly "AI and Prompt Design: LLMs with NER"
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17
 
Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategies
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
Book Review of Run For Your Life Powerpoint
Book Review of Run For Your Life PowerpointBook Review of Run For Your Life Powerpoint
Book Review of Run For Your Life Powerpoint
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 

ASSIGNMENT 2 LOGICAL DATABASE DESIGN (CPT307).pdf

  • 1. ASSIGNMENT 2 CPT307 LOGICAL DATABASE DESIGN ASADHU SHUJAAU (000033475) WORD COUNT: 2487 MAY 7, 2015 Faculty of Science
  • 2. Assignment 2 1 Table of Contents 1.0 Abstract................................................................................................................................2 2.0 Introduction..........................................................................................................................3 3.0 Key issues on database security today.................................................................................4 3.1 Privilege Abuse................................................................................................................4 3.2 SQL Injection...................................................................................................................4 3.3 Weak Authentication .......................................................................................................5 3.4 Platform Vulnerabilities...................................................................................................5 3.5 Malware ...........................................................................................................................6 3.6 Weak Auditing.................................................................................................................6 3.7 Deployment Failure .........................................................................................................6 4.0 How to solve the key issues.................................................................................................7 5.0 Losses faced by database when it comes to security ...........................................................9 6.0 My opinion.........................................................................................................................10 7.0 Conclusion .........................................................................................................................11 Bibliography ............................................................................................................................12
  • 3. Assignment 2 2 1.0 Abstract This paper is about database security. It looks into the key database security issues that are faced by databases today. These include privilege abuse, weak authentication, platform vulnerabilities, SQL injection, malware, weak auditing and deployment failures. It goes further by looking into solutions for each aspect of security issue described here. Security measures that help overcome the issues are discussed for each security problem. Next, the losses faced by database when it comes to security are explained. These include loss of data manipulation of data and corporate losses etc. As the writer my own opinion is included before concluding this paper.
  • 4. Assignment 2 3 2.0 Introduction In today’s world millions of data are shared, collected and retained every day. Privacy and security are great concerns as most of these data are stored and shared digitally. These content that users share and corporate companies collect are stored on databases located in different areas of the world. Main cause of data security issues are in the databases itself. This is evident by the growing number of reported events of loss, theft or exposure of sensitive information (Murray, 2010). Before moving on to the topic of database security issues and solutions, first it is necessary to understand what database security is about. In a journal (Murray, 2010) states that, database security should provide controlled and protected access to information stored within databases. Furthermore, it is stated that database should preserve the integrity and consistency along with the overall quality of the data that is stored. This writing will look into the key database security challenges that are common today. Before moving on to the solutions for these issues the next section will briefly explain each identified issue and why they are risky. After covering aforementioned areas, the losses faced by the database due to security issues will be highlighted next. My own opinion about the database security as the writer is included as well before concluding the writing with the overall findings and judgements about the concerned areas of database security.
  • 5. Assignment 2 4 3.0 Key issues on database security today 3.1 Privilege Abuse Sometimes databases are created in such a way that users can access features of the database that they do not necessarily need all the time. These may lead to privilege abuse whereby a user may use his rights for illegal or dishonest purpose. (Stonecypher, 2010), has given a great example to explain this issue. He states that a database administrator in a financial business such as a bank can use his rights to create fake accounts and also transfer money from one account to another if he wished to. Above example is one where a user abuses the privilege intentionally. In his writing (Stonecypher, 2010), goes further by giving an example on how privilege can be abused unintentionally as well. In case of a company offering “work from home” option to its staff, an employee may take backup of sensitive while working from home, so that he or she could work easily without accessing the company network every time. This violates security policies of the company and will result in data security breach if the employee’s home system is compromised. 3.2 SQL Injection SQL Injection is a web attack method by hackers that target databases. This technique can be used to steal sensitive corporate data via online platforms. It can be said that this is one of the most common methods used to breach database security today. This attack becomes possible due to the improper coding of web applications that allows hackers to inject SQL commands through input fields on forms such as login form (acunetix, 2015). In 2014, (Goldman, 2014) has written about cyber-attacks by CyberVor, a Russian gang of fewer than a dozen hackers who stole billions of usernames and passwords. In it he has written that a research was conducted in order to identify the vulnerabilities of websites where by they found that “over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites' databases.” Furthermore to aid the severity of this issue, in another writing of (Goldman, 2014) he has stated that in 2013 alone two thirds of U.S. companies were breached by SQL Injection. This alone shows it is a major database security issue.
  • 6. Assignment 2 5 3.3 Weak Authentication A lot of databases allow creation of users with short, weak passwords. This makes the application and database more prone to attacks. As said by (Shulman, 2006), weak authentication can help attackers to disguise as authentic users of the database by stealing and or obtaining login credentials of users with weak authentications. Different techniques are used by attackers to take advantage of weak authentication in systems used by companies. An attacker can use guesswork or enumeration of possible username and password combinations. This technique is called brute forcing which is done mostly by using a specialized application. Also an attacker may present themselves as company IT staff via a phone in order to gain credentials from employees of the company. This method is called social engineering which uses trust as a weapon. This method becomes possible because only few security matters are taken into consideration when authenticating users to use the database (Shulman, 2006). Think of the impact if a bank uses weak authentication for its online user. It might lead to losing their customers and customers losing their money deposited in their bank accounts. Hence, this issue can have a severe outcome if left unsolved. 3.4 Platform Vulnerabilities Databases can be affected due to the vulnerabilities in the operating system it is running on. For example, systems like UNIX, Linux or Windows. Due to bugs in the platform, services related to database may lead to unauthorized access (Stonecypher, 2010). For example (Shulman, 2006) mentions about the Blaster Worm, which took advantage of a Windows 2000 vulnerability to create denial of service conditions. Due to such reasons, platform vulnerability issues, lead to database security issues.
  • 7. Assignment 2 6 3.5 Malware Above in the platform vulnerabilities an example was given about a malware which used platform vulnerabilities to create denial of service conditions. This is another serious issue that presents databases to cyber threats. Unlike other issues malware can be used to create automatic exploitation of the above mentioned points and few more. Attackers use these malicious software to steal information and or sabotage on damage the entire database system (Paganini, n.d.). In the writing, (Paganini, n.d.) mentions that, in November 2013, Symantec released a security alert about a malware that could damage corporate databases which wipes out the infected PCs hard disk. The malware was called W32.Narilam. 3.6 Weak Auditing As per (Shulman, 2006), recording of sensitive and unusual database transactions should be a part of database foundation before it is deployed. This is to ensure better auditing. The following are threats faced due to weak auditing as mentioned by (Shulman, 2006).  Weak database audits are against government regulatory policies. This applies to many countries while it might not apply to all.  No way of forensic evidence of intruders in order to track them.  Better audits lead to better detection and recovery. It helps to pinpoint the origin of the attack and to know which account was used to access the database. This can help take actions accordingly. Without a good audit, this will not be possible. 3.7 Deployment Failure (Lane, 2013) explains that deployment failure as the most common database vulnerability. He mentions that as all databases are tested for what they should do functionally. Many fail to certify that it is not doing something it should not. Databases should be tested for all kinds of criteria before they are deployed. Database platforms are insecure after fresh installations. It would have problems like having default accounts with default passwords which everyone who uses databases know very well. it will remain same until these are manually configured and changed. If it is left as it is, these can be exploited by attackers for unauthorized access to database.
  • 8. Assignment 2 7 4.0 How to solve the key issues This section will discuss the solutions for the problems mentioned in the previous section. This section will be divided to paragraph each relating to one of the issues mentioned above. Solutions are discussed in the order the issues are discussed in the previous section. First of all privilege abuse can be solved by implementing SecureSphere’s Dynamic Profiling technology. This application automatically creates a model of the context surrounding normal database interactions. It can tell time of day, IP address, volume of data retrieved, application client used to access the database. When users excess and retrieve too much information or they try unauthorized tasks, SecureSphere triggers an alert (Shulman, 2006). As (Osborne, 2013) says SQL injection can be prevented by protecting online databases with firewalls. However, (acunetix, 2015) says it is not enough just to use firewalls. In addition to firewall protection, while building web applications inputs should be cleaned off of SQL strings that can cause issues in the database. This is called sanitizing. In order to overcome weak authentication, strongest practical authentication should be used. Usage of Two-factor authentication are preferred where possible. Strong username/password can also be used to overcome this issue. Sometimes even these measures might not be enough. In such cases logging failed sign in attempts can help identify possible cyber-attacks (Shulman, 2006). Platform vulnerabilities can be solved by having the system updated regularly. This will help system have the latest patches for bug fixes and other security updates. Also having a secure password on the platform itself can help minimize the risk of platform vulnerabilities. Also encrypting the data stored in databases can help prevent further damage in case of platform breach. In case of malware, corporate companies and other database users’ needs to have a strong anti- virus program which will help to identify and eliminate the malware. The mentioned anti-virus programs need to be up-to-date at all times in-order to identify and eliminate latest threats. Having database backups in a safer offline environment can help restore the database in case of malware take over (Paganini, n.d.). The following are ways to overcome weak auditing ad suggested by (Shulman, 2006). Quality network-based audit applications addresses flaws associated with inbuilt audit tools in database. Network-based audit tools help improve auditing along with improved database
  • 9. Assignment 2 8 performance. These audit tools are separate from database hence it is invulnerable to privilege elevation attacks. Also they perform over different platforms. These help reduce server costs, load-balancing and administrative costs. While at the same time it delivers better security. By testing database software for different criteria can help overcome deployment failures. Existing default accounts should be removed or changed to have a different name and a strong password. Hiring experts for testing can help minimize the risks that come along with failure in database deployment.
  • 10. Assignment 2 9 5.0 Losses faced by database when it comes to security This section will discuss different losses faced by database due to unhandled security issues that exists within the database. Different issues can cause different types of database losses related to three constructs of databases, the CIA, confidentiality, integrity and availability. Each will be discussed separately in this section. Sometimes as mentioned in previous section Denial of Service attacks take place due to improper security measures. This kind of attacks restrict access to network applications or data for actual users (Shulman, 2006). This can mean database facing unexpected downtimes. From a corporate firms point of view, if it is a firm serving thousands of customers every day. This can be a huge loss as it can lead to loss of customers and profits for the company and lot of time being wasted on resolving the issue. Another loss that database can face is loss of data itself. As previously mentioned. There are malwares that target systems to wipe clean its hard disks (Paganini, n.d.). Hard disks are mainly used to store everything that on a computer system. This means databases as well. If anti-virus are not used or other proper measures like backups are not in place. Then databases can lose huge amounts of data and in the worst case scenario they can be destroyed fully. For huge businesses this might mean losing sensitive information about customers, projects, employees, etc. In turn losing the database’s availability or identification and recovery from hardware and software applications (Murray, 2010). Database data leaks is another issue faced due to weak security measures. Data can be stolen through online attacks or by stealing backups which can be gained access through different means like, from an employee system of a “work from home” company. Moreover, it can be done by an employee within a company as well (Stonecypher, 2010). This effects the confidentiality or protection of data from unauthorized disclosure (Murray, 2010). Last but not the least, another loss faced by the databases when it comes to security can be unauthorized manipulation of data within a database. This can be done through SQL injection, Denial of Service attacks which will give time for attackers to perform other types of operations on the database. Also privilege abuse can lead to data manipulation. This effects the integrity of information present in the database making it untrustworthy.
  • 11. Assignment 2 10 6.0 My opinion As the writer, in my opinion there are some issue of database security that can be solved easily. Like platform vulnerabilities can be solved by anyone by simply having the system on auto update. Also, almost everyone familiar with computers today are familiar with anti-virus programs. Hence issues like these can be resolved easily. However, some issues need specialists. For example SQL injections cannot be solved by people without programming knowledge and database configurations can be corrected by experts in the field. So in order to have the best security measures best expertise are also needed. Furthermore, it might not be always possible to prevent database from attacks in such cases having proper security measures will help bring database back on track in least amount of time. Other than the above mentioned, it is also worth mentioning that although the discussed are the issue of database security present today. Future might show new threats that arise with new technologies. When relational database model gets deprecated and object oriented databases takes over it is bound to bring security issues of its own along with it.
  • 12. Assignment 2 11 7.0 Conclusion This paper looked into most common security issues that are present today in database security. With the help of identified security issues the suggested solutions can be implemented by companies to safeguard their content store on databases. The explanations given by different authors about different securities were understandable and examples presented were related or cases that have happened or are likely to happen. This helps to understand possible breaches due to different kinds of vulnerabilities in the database. Database security issues discussed here can be used while setting up databases so that it is ready in terms of security before going forward. As mentioned early technology is evolving rapidly. It might be a good idea to think about possible future security issues that come along with the changes that come to database management system. Although it may solve some problems it might also bring another.
  • 13. Assignment 2 12 Bibliography Acunetix. (2015). SQL Injection: What is it? Retrieved from acunetix: https://www.acunetix.com/websitesecurity/sql-injection/ Goldman, J. (2014, August 6). CyberVor Breach Exposes 1.2 Billion User Names, Passwords. Retrieved from eSecurity Planet: http://www.esecurityplanet.com/hackers/cybervor-breach-exposes-1.2-billion-user- names-passwords.html Lane, A. (2013, June 23). 10 Most Common Security Vulnerabilities In Enterprise Databases. Retrieved from Dark Reading: http://www.darkreading.com/risk/10-most-common- security-vulnerabilities-in-enterprise-databases/d/d-id/1139979? Murray, M. C. (2010). Database Security: What Students Need to Know. (A. Scime, Ed.) Journal of Information Technology Education: Innovations in Practice, 9, 62-77. Osborne, C. (2013, June 26). The top ten most common database security vulnerabilities. Retrieved from ZDNET: http://www.zdnet.com/article/the-top-ten-most-common- database-security-vulnerabilities/ Paganini, P. (n.d.). Databases - Vulnerabilities, Costs of Data Breaches and Countermeasures. Retrieved from Infosec Institute: http://resources.infosecinstitute.com/databases-vulnerabilities-costs-of-data-breaches- and-countermeasures/ Shulman, A. (2006). Top Ten Database Security Threats. Retrieved from www.schell.com/Top_Ten_Database_Threats.pdf Stonecypher, L. (2010, January 14). Threats to Database Security. Retrieved from Bright Hub: http://www.brighthub.com/computing/smb-security/articles/61554.aspx