Research Paper on "Database Security"

Research Paper 11 pages (4073 words) Sources: 5

[EXCERPT] . . . .

portable mobile devices (i.e. smart phones and tablets) is having on database security. This is accomplished by looking at the scope of the problem and offering solutions for addressing these challenges. Once this occurs, is when an organization can be able to effectively adapt to the various security threats they are facing.

Over the last several years, the issue of database security has been increasingly brought to the forefront. Part of the reason for this, is because larger amounts of data are being stored online and in mainframe computers. This has increased the number of attempts to breach an organization's security system in order to be able to have access to wide variety of information. A good example of this can be seen by looking no further than the total number of cyber-attacks that were conducted last year. As, they rose by 93%, thanks in part to shortened IP addresses and the ability of hackers to create viruses that can penetrate most traditional defenses. Commenting about this was Symantec (a leading security firm) which said, "Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection. Social networking sites are increasingly important platform for attackers, as their popularity among consumers is rising fast. Attacks on leading mobile platforms were increasing after a 42% rise in mobile vulnerabilities last year. This is because the major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers. They are really following the consumers to these websites." ("Targeted Cyber Attacks Rise," 2011) This is significant, because it is showing how the total number of security issues has been increasing dramatically. To fully understand the overall scope of the problem requires looking at: the current strategies that are used to deal with these issues, how hackers are overcoming them and what specific tools can be used to enhance a firm's ability to protect themselves. Once this occurs, is when we can offer specific insights that will help us to understand how this is becoming a major issue for all organizations and what steps can be taken to deal with them.

Body

The Current Security Strategies

The basic approach that most organizations are using is limiting the overall amounts of access that outside parties will have to their database. This is accomplished through focusing on specific techniques such as: firewalls, encryption and actively monitoring for unusual activities from different IP addresses. The basic idea behind using this approach is to be able to frustrate most attempts to possibly have access to sensitive information. The below diagram illustrates the current approach that are being used by most organizations. (Kark, 2011) ("Department of Defense Strategy for Operating in Cyber Space," 2011)

Diagram 1: The Current Security Strategies of Most Firms

Hacker

Firewall

Encryption

Monitoring

This is important, because it is showing how the overall focus of the majority of organizations is to limit the total amount of access that outside parties will have to sensitive information. Once this takes place, it means that any kind of security breaches will be limited in scope. The reason why, is due to the fact that there are personnel who are actively monitoring for unusual activity. This is when they can identify these threats early and limit the potential negative impact that they will have on an organization. (Kark, 2011) ("Department of Defense Strategy for Operating in Cyber Space," 2011)

How Hackers are Overcoming the various Security Block in Place

Despite the current procedures in place hackers are becoming better at penetrating various defenses. The reason why is because technology has changed the way that everyone is retrieving and accessing information. As a result there are two common problems associated with database security to include: preventing unauthorized users from accessing the database and controlling access to various statistics. What is happening, is the way a database is established is through a doing business account (DBA). This is when a firm will create protocols that will give someone access to the entire database of the firm including: creating user names / passwords, the granting / revocation of privileges and assigning different levels of security. When someone can have access to this account is the point that they can use this information to determine an organization's overall vulnerabilities. (Navathe, 2007, pp. 616 -- 627)

Preventing Unauthorized Users from Accessing the Database

One of the most common ways that someone is able to gain access to the database is through existing user accounts. This is because most systems will often have some kind user name and password associated with a specific individual. When they are inside the database is the point that administrators will be able to: see where someone went and the kinds of activities they were involved in. The problem is that many firms will often have lax control of the database. This is because they will allow employees to access the information off site or they are not effectively monitoring / updating passwords regularly. Once this occurs is when hackers can be able to pretend to be IT personnel and they will often trick employees into providing them with this information. (Navathe, 2007, pp. 616 -- 627)

For example suppose that someone was at a particular social networking site or they received an email that looked like it was from company officials. Hackers could use this as way to inadvertently fool them into providing these individuals with the information they need. What hackers are doing is using this as a tool to trick many employees and executives into believing that they are receiving information from the firm through bogus IP addresses (which appear to be similar to that of the organization). Once this takes place, is when many criminals will use this to obtain information about the individual and the company. This is the point that they can start working aggressively to quietly penetrate the database's defenses. (Kark, 2011) (Navathe, 2007, pp. 616 -- 627)

Evidence of this can be seen by looking no further than a study that was conducted by Trend Micro. They found that 88% of the small and medium sized businesses have employees who are accessing their files offline through mobile devices. Furthermore, 74% of these firms reported that the equipment that is being used by employees is their own personal property. This is troubling, because it can give hackers the ability to go around many of the traditional strategies that are often used by IT personnel to protect the database. The reason why, is because these portable devices do not have the same kind of security blocks in place and employees may be exposed to potential breaches (based upon mistakes that can happen). Once this occurs, is when the vulnerabilities facing an organization increase due to the fact that they have no control over how hackers are able to gain access to their database. It is at this point that they can use this approach as a backdoor entrance into an entire firm's database. This is when they will have access to sensitive information by essentially going around the current security blocks. (Tanzy, 2011)

Controlling Access to various Statistics

Controlling access to various statistics is when there is focus on limiting the kinds of information that an individual will have available to them. This can be accomplished on the account or relation level. As far as the account level is concerned the database will know what specific information each user will have access to. While the relation level is when you are restricting someone based upon their status in the company or department. These elements are important because they are designed to control the kinds of information that anyone will have inside the database and accessibility to the most sensitive files of the firm. (Navathe, 2007, pp. 616 -- 627)

However, the problem is that many portable device or laptops are often high jacked by hackers. This is when they can be able to control the device remotely and develop a backdoor into the system itself. Once this takes place, is when the individual may not be aware of what is happening until it is too late. If a particular organization was targeted, is when hackers could take over a number of devices from different levels inside the firm. At which point they could use the authorization of various individuals to gain access to the database and any kind of statistics that are available through slowly working their way up the chain of command inside the organization. (Navathe, 2007, pp. 616 -- 627)

Evidence of this can be seen with a study that was conducted by Defense Systems. They found that the majority of smart phones have weaker security procedures to the point that they could be high jacked without the owner knowing what is happening. At the same time, more people are spending longer amounts of time using a host of applications that… READ MORE

How to Reference "Database Security" Research Paper in a Bibliography

Related Research Papers:

Database Security Design of an Online Membership Term Paper

Database Security

Design of an online membership and payment management system for the web using a Microsoft SQL Server database and a front end built in Microsoft Visual Stuido C#.net… read more

Term Paper 11 pages (2976 words) Sources: 1+ Topic: Computers / IT / Internet

---

Database Security and SQL Injection Research Proposal

Database Security and SQL Injection

Technology has become an integral part of today's business environment. No business today can operate without an Internet connection or at the very least a… read more

Research Proposal 1 pages (364 words) Sources: 1+ Topic: Computers / IT / Internet

---

Database Security Annotated Bibliography

Security Issues and Features of Database Management Systems (Feeney, 1986) the author creates a taxonomy and framework to support his contention that while a distributed database architecture creates new security… read more

Annotated Bibliography 4 pages (975 words) Sources: 5 Topic: Computers / IT / Internet

---

Database Security Annotated Bibliography

Anonymous Hackers Target U.S. Security Think Tank. (2011). Newsday. Retrieved from: http://Www.newsday.com/business/technology/anonymous-hackers-target-us-security-think-tank-1.3411610

This article is discussing how databases are becoming increasingly vulnerable by highlighting how the firm Stratfor was hacked.… read more

Annotated Bibliography 2 pages (752 words) Sources: 1+ Topic: Computers / IT / Internet

---

Database Security Article Review

Database Security

Over the last several years the overall issue of database security has been increasingly brought to the forefront. Part of the reason for this is the increased amounts… read more

Article Review 2 pages (904 words) Sources: 2 Topic: Computers / IT / Internet

---

View 100+ more related papers  >>