Escolar Documentos
Profissional Documentos
Cultura Documentos
Objectives
The distinction between data administration and
database administration. The purpose and tasks associated with data administration and database administration. The scope of database security. Why database security is a serious concern for an organization. The type of threats that can affect a database system. How to protect a computer system using computerbased controls.
Pearson Education 2009 2
Administrator (DBA) are responsible for managing and controlling activities associated with corporate data and corporate database, respectively. DA is more concerned with early stages of lifecycle and DBA is more concerned with later stages.
Data administration
Management and control of corporate data, including: database planning; development and maintenance of standards, policies, and procedures; conceptual and logical database design.
Database administration
Management and control of physical realization of
Database security
Mechanisms that protect the database against
intentional or accidental threats. Not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database. Includes hardware, software, people, and data. Growing importance of security is the increasing amounts of crucial corporate data being stored on computer.
Pearson Education 2009 9
10
11
Database security
Threat is any situation or event, whether
intentional or unintentional, that may adversely affect a system and consequently the organization. Outcomes to avoid:
theft and fraud, loss of confidentiality (secrecy),
loss of privacy,
loss of integrity, loss of availability.
Pearson Education 2009 12
13
Database security
Computer-based countermeasures include: authorization, views, backup and recovery, integrity, encryption, redundant array of independent disks (RAID).
14
15
16
17
Encryption
Encoding the data by a special algorithm that renders
18
Striping: Spreading data blocks across multiple disks Parity: Additional data used to re-create missing data
tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.
RAID Levels Level 0: Striping only. No redundancy Level 1: Mirroring. Multiple copies of data Level 3: Single disk parity Level 5: Distributed Parity
Pearson Education 2009 19
20
intruders. Firewall is a server or router with two or more network interfaces and special software that filters or selectively blocks messages traveling between networks. De-Militarized Zone (DMZ) is a special, restricted network that is established between two firewalls.
21