Write 400–600 words that respond to the following questions with your thoughts,

Question

Write 400–600 words that respond to the following questions with your thoughts, ideas, and comments. This will be the foundation for future discussions by your classmates. Be substantive and clear, and use examples to reinforce your ideas:

The management team is concerned about having the data for the music application in a single spot, and how having this setup could make this server more of a target or put it at higher risk than others. They would like to better understand what are the actual risks with having a database running inside the information systems infrastructure. Prepare a report for the management team that describes the following:

The security concerns or vulnerabilities associated with the DBMS.

The security concerns or vulnerabilities associated with the database.

What safeguards could be implemented to reduce the risk for each.

Explanation / Answer

Increase in usage of databases, the frequency of attacks against databases has also increased.

Reason is the increase in access to data stored in databases. When the data is been accessed by many people, the chances of data theft increases.

it is often the staff of an enterprise — database developers, administrators and the like — who create the environment necessary for attacks to gain access to data.

Databases are a key target for cybercriminals due to the often-valuable nature of sensitive information in the database. Whether the data is financial or holds intellectual property and corporate secrets, hackers worldwide can profit from breaching a businesses' servers and plundering databases.

Vulnerabilities often found in database-driven systems are:

1. Deployment Failures

The most common cause of database vulnerabilities is a lack of testing when they are deployed. Although any given database is tested for functionality and to make sure it is doing what the databases is designed to do, very few checks are made to check the database is not doing things it should not be doing.

Solution: Through testing to check if database is failing in some cases like putting excess load, making an artificial power failure or passing high voltage currents etc.

2. Data leaks

Databases may be considered a "back end" part of the office and secure from Internet-based threats (and so data doesn't have to be encrypted), but this is not the case. Databases also contain a networking interface, and so hackers are able to capture this type of traffic to exploit it.

Solution: administrators should use SSL- or TLS-encrypted communication platforms.

3. Stolen database backups

insiders are also likely to steal archives, database backups for money, profit or revenge. This is a common problem for the modern enterprise,

solution: Businesses should consider encrypting archives and backups to mitigate the insider-risk.

4. A lack of segregation

An administrator can have full privilege to view all data’s in the database. Hackers can somehow gain access via administrator credentials and steal data.

Solution: The separation of administrator and user powers, as well as the segregation of duties, can make it more difficult for fraud or theft undertaken by internal staff. In addition, limiting the power of user accounts may give a hacker a harder time in taking complete control of a database.

5. Hopscotch

Hackers find a weakness within the infrastructure that can be used as leverage for more serious attacks until they reach the back-end database system. For example, a hacker may worm their way through your accounts department before hitting the credit card processing arena.

Solution: Unless every department has the same standard of control, creating separate administrator accounts and segregating systems can help mitigate the risk.

6. SQL injections

SQL injections remain a critical problem in the protection of enterprise databases. Applications are attacked by injections, via the url from where the database can be accessed.

Example:

Hacker can pass this sql command via the url so that the condition always evaluate to be true and will then return the information.

SELECT * FROM Users WHERE UserId = 105 OR 1=1;

Solution: protect web-facing databases with firewalls and to test input variables for SQL injection during development.

7. Front end OS vulnerabilities: Vulnerabilities in underlying operating systems like Windows, UNIX, Linux, sql express etc., and the services that are related to the databases could lead to unauthorized access. This may lead to a Denial of Service (DoS) attack.

Solution: This could be prevented by updating the operating system related security patches as and when they become available.

Hope you like the answer. Please like the answer if your question has been resolved. Thank you.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.