YS Tip Quarterly

Newsletter

issue 1

Rss Feed
 

Database Security in High Risk Environments

By Joaquin A. Trinanes

During all ages, pirates hunted for treasures. Violence was usually involved to acquire them. In today’s economy, corporation databases symbolize one of the most valuable assets that the modern bandits try to break in. Methods have also changed and physical presence is frequently not required. A simple computer attached to the Internet can be the only weapon needed to gain access to a "treasure". In this work, we will describe some of the methods in use to protect databases, desirable techniques to improve data confidentiality and integrity, and new viewpoints to consider in the beginning of the e-commerce era.

    

Data, to be or not to be (secured)?


It is evident that data security principles must be applied to sensitive information. Even more, databases, independently from their value, must share some basic security standards to protect information integrity. Government, research, corporations and other organizations keep large volumes of data which are not expected to be available to non-authorized users. And if someone can access them, data should be unreadable and absolutely incomprehensive. 

Data accessibility is a major goal (and concern) in database security. Many organizations can not work properly if databases are down, they are what we know as mission-critical systems. To put the data available implies to provide the security mechanisms to ensure authentication, authorization and auditing procedures. 

    

Authentication means that user identity must be truly verified, commonly through a password only known to the user. This is a critical phase, the foundation of the security strategy. After this first step has been completed, the system must determine the resources that the particular user id can access to. This is the authorization phase and all the tasks involved are often referred as user security administration. Finally, to detect possible intruders and ensure data integrity, auditing utilities must be activated.

While on routing from server to receiver, data passes through different devices where, if security policies have been not applied or are defective, a third-party can get access to the packets. This is potentially dangerous with some kind of information, such as, e.g., credit card numbers, payrolls, social security numbers, and medical records, to name a few ones.  Continue ...

 
Technology Product Corner SEO Hot Tip What I'm Tweeting

Google Rankings

By Stevefister
No company can guarantee #1 rankings on Google search. Before you waste a ton of money on a company which provides SEO (Search Engine Optimization) services, do a little research. Here is a good place to start: Google Webmaster Help Center.

Stokes Choice-Suggested Reading

© Copyright YS Auxiliary Service.  Designed by ysdata.com

Privacy Policy