Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Part of the documentation process in any disaster plan is supplemental notes and

ID: 3858621 • Letter: P

Question

Part of the documentation process in any disaster plan is supplemental notes and memos that outline any discussion and decisions made to secure your database system. Everything discussed should be included. If there are any decisions made against suggestions, those should be documented to cover yourself. For your expanding case file, add to it a memo outlined below.

Memo: You know the database is behind the company's firewall. You notice that it is still possible for SQL queries to pass to the database even though it is protected behind your firewall. How is this possible? What do you suggest to Mr. McAlister as the owner to make sure this doesn't happen and that the database is more secure? Are there cost associated with this plan? Detail them.

Explanation / Answer

Here in this case the implemented architecture must be three-tier architecture comprising physical layer(front end), application layer and database layer. Database layer is restricted through firewalls and restricts access only to intenal lanndscape.

Even if WAF (Web Application Firewall) did provide complete protection from web access, it still would be inadequate for database protection, because databases are accessed from many sources, not just from web-based applications.WAF inspects HTTP traffic for validity and only passes through valid HTTP commands. The basic idea behind SQL injection is that an attacker manipulates data passed into a web application to modify the query that is run in the back-end database. This might seem relatively innocuous at first sight, but it can be extremely damaging.

To protect the database from SQL innjections firewall alone is not sufficient and has to protect it from multiple ways. Make strong the firewall by implementing these techniques

1. Apply change control and version control.
2. Use a parameterized API and stored procedures wherever possible.
3. Write generic input validation routines and make sure they are used everywhere.
4. Perform a security code review; offer prizes for each security bug found.

It involve cost depending upon the protection thet provided. Database security used to be in reach only to large companies with large budgets. However, recent developments in opensource and low-cost solutions have made database security solutions within reach of any company with a database to protect.

Related Questions

Part generator at Hoover Dam can supply 388 MW of electrical power. Assume that
Question #2135768
Part i have filled out is correct value 0.00 points Paul Swanson has an opportun
Question #2583245
Part i have filled out is correct value 10.00 points Minden Company is a wholesa
Question #2583244
Part i, ex 1 is worth 1200 points, part1ex 2 is worth 800 points, part2 ex 1 is
Question #1995632
Part i, ex 1 is worth 1200 points, part1ex 2 is worth 800 points, part2 ex 1 is
Question #2320565
Part i. (10 points) when 50.0 m L of 0.400 M Ca(OH)2(aq) is added to 50.0 mL of
Question #1072817
Part iii only If we keep two protons at a distance of 1A\" from each other: (i)
Question #1864971
Part l A firm has the current liabilities and equity financing on its balance sh
Question #2456644
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Part of the communication infrastructure used by the university is an 802.11g wi
Next
Part of the first approach to assigning electrons in HF is shown in the diagram.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.