Latest Trends in Database Security

<p >hello everyone my name is Zhihuitoday my partner Saumil and I will talk about the <em>latest</em> trends in databasesecurity and this is our review of our presentation first is an introduction todatabase security second is background about database security third whysecuring data storing database important and a different force database whenability and miss configuration so then we talk about some major databaseattacks and ways to secure in database at the last we&#39;ll talk about the futuretrends of database security and some application than we had try in databasesecurity the database market is a huge and growing industry so overall databasemarket was 40 billion in 2015 and it should reach 50 billion by 2017 Januarya database system it&#39;s designed to be used by many users in Metheny ously forthe specific collections of data it also gave opportunities to hikers and alawbreaker to make profits due to the popularity of webbased Abba socialmedia and the ecommerce did have become more and more important and unstructuredin order it was solve different database problems of your different needswe use different platform and databases to store manage and acquire data thesome of the techniques that other guru have already talked about in previouspresentation like cloud database no Seco big data we have more tools to solvedatabase problem and hackers have had more targets and the measurer to breakdatabase ism one major change into the base area is the popularity of no psychodatabase which was designed to enhance the debates performance and fulfilldifferent is from customer the left table shows the database rankings withother 30 and the righty boys database right today we have one another more andmore single database are being used and in the <em>latest</em> trends in developersproducts are those who don&#39;t purely embrace a single database structure butinstead bridge cycle and the nosy call giving user the best capability overpathos the other big difference moving to the cloud in order to reduceoperational costs and increased scalability and flexibility somecompanies choose to migrate their data from local machine to cloud platformshowever the shared and down Amanda nature of cloud computer introduces thepossibility of the new security breaches that can erase any gains made by theswitch to cut her knowledge in this slide we&#39;ll talk about by securing datastored in databases is important and different so databases store massiveamounts of sensitive data we already know this all the companies underorganizations that collect our data get hit on their databases the company suchas Equifax and anthem when they caught breach their databases were hit and thatis why all of our sensitive information such as social security number of creditcard details bank account details addresses etc volete now data usually isstructured and which influences how it is accessedthey can be accessed via queries or programs written in languages like SQLyou already know that if you even have basic amount of SQL you can transact youcan read data you can retrieve data which leads us to our fourth point theright data or database views this is used this is like a virtual database ofwhich when you write a command such as select start from a particular tableyou&#39;ll find that that opens another database which is usually a virtualdatabase and that influences how we view that database in this slide we&#39;ll talkabout database vulnerabilities and misconfigurationsso the first is unauthorized access to database in this a person who might nothave the perfect the proper authority to access our database gets the access toit it can be an inside job or an outside job second is keeping track of all theauthorized users of the system in this the people who have the authority to usea particular access should be kept more should be monitoredwhat stuff they&#39;re doing on the database how many hours they are logging in andstuff like that third is managing large amounts of datawhich belong to relatively large organizations when ever largeorganization gives another organization or contract to manage the database thatcontains a lot of sensitive information and should be kept properly again itsure it contains all the access control problems and people who are logging inand using the database and maintaining the database data leaks data leaks alsoare another problem and these can again be inside job like Edward Snowden didfor the NSA or can be an outside job like various hackers occurauthorizations hacking companies and stuff like thatstolen database backups we all know how important backups are and all theorganizations today backup their data on a minute lis basis because of the sheeramount of data that they are getting so somebody can even to steal theirdatabase backups and this can be another problem deployment failures whenever anapplication goes online or is being deployed on cloud or another serverthere can be many failures now there can be multiple phases when deployment takesplace these can be pre probation and phase provisioning phase pre executionphase execution phase and post execution phase to read more about this you can goon and and obviously search for physical security physical security is when theplace where the database on the servers are being kept it should be monitoredproperly this means that access control cards thebiometric system and the hallways should be monitored with CCTV cameras andpeople who can who can god stuff network security is again about access controland people not getting access to the network through which they can go aheadand hack the database in this light we&#39;ll talk about the major databaseattacks that occur first as the sequel injection an SQL injection is a codeinjection technique that might destroy your database it is the most common webtechnique and the most welldocumented hacking technique it is basically theplacement of malicious code in sequel statements via Web input the singlequotation mark is the signature of SQL injectionnext we&#39;ll talk about denial of service it is a cyber attack where the hackerwill make the system unavailable to intended users this can either betemporary or indefinitely disrupting the services day to day the next is thevirus of Bones virus is a small program written to alter the way a computeroperates without permission or knowledge of userit&#39;s basically composed of two principles first is that it executesitself without the knowledge of the user and second is that it would replicateitself based on the original host file bones are programs that replicatethemselves from system to system without the host padnow this is in contrast to the virus which requires the original host file tospread last is the malware it&#39;s short for malicious software used to describevarious hostile or intrusive software&#39;s such as viruses bombs Trojan horseransomware spyware adware and other such stuff it can take various forms ofexecutable codes scripts active contain active content and other such malicioussoftware in this slide we&#39;ll talk about this of securing the database so thefirst access control mechanisms in this three further mechanisms are used firstas the discretionary access control it&#39;s basically granting or revokingprivilege to avoid the revealing of confidential information second ismandatory access control multilevel security by classifying data and usersinto different security levels with each level having different access controlsis the definition of mandatory access control first third is the rule basedaccess control it provides security according to the role of the user who isaccessing the database now second is cryptography cryptography is thepractice and study of techniques for securing communication in the presenceof third parties called adversaries oneway hash function with symmetricwith symmetric encryption is basically used to secure the database third isbackup and recovery backup and recovery is the mostimportant and the most fundamental part of securing a database it&#39;s basicallyrecovering data from backups so that your software or app can stay online incase any attack or threat is upcoming also mistakes can be rolled back usingbackup and it&#39;s very essential and all theorganizations are practicing this method forth as the message digests algorithmsunder total signatures message digest is a fixed size numeric representation ofthe contents of a message a message digest is computed by hash functionssaying we can generate a message digest then encrypt the digest using privatekey of a symmetric key pair forming a digital signature then the signature isdecrypted by the receiver and that&#39;s how you can secure a database in this slidewe&#39;ll talk about future trends in database security first is theintroduction of IOT IOT or Internet of Things is the upcoming phenomenon whereall our devices will be connected to each other and will act intelligentlythis is essentially a security nightmare because not only will we have to securethe devices individually also we have to secure the links between them becausethose can be misused as well second is the big data the amount of data theorganization&#39;s are collecting right now and their sensitivity it&#39;s very risky ifthey get hacked millions of people will have theiraccount information leaked as well as the social security numbers their creditcard details and bank account details third as hackers are always one stepahead now securing a data base or securing data is very difficult thanhacking one because securing you have to cover all your bases but hacking youhave to find only one vulnerability which will be enough to cause disasterthe third is fourth is government and state intervention now nowadaysgovernment and states are beginning to intervene in even the small matters andthey want backdoor entries which is not very good for the organization&#39;smaintaining the databases and their security so we have to find new ways tosecure the database and complete waste so that the important stuff does not getleaked and FD every important information is secure you may alreadyuse machine learning and behavior analysis India based security take willbe used more widely in the future few who can use machine learningbehavior analysis for the detection of seho injection attacks and anomalydetection for defending against insiders rights these techniques can free updatabase administrator.</p>

Source: Youtube