Database Security (final paper)

8/7/2019 Database Security (final paper)

http://slidepdf.com/reader/full/database-security-final-paper 1/21

1

DATABASE SECURITY

General Database Security Concepts

As business processes are becoming more complex, the use of technology to manage theinformation that the business receives is deemed necessary. Managing this information is difficultespecially because they come in large amounts and every part of it is indispensable. This trend requiresbusinesses to have databases in order for them to store and manage all those information. Databasecontains numerous sensitive information that when leaked, can be detrimental to the organization.Database Security plays a vital role in protecting the database from external attacks and threats. ³Theprimary objectives of database security are to prevent unauthorized access to data, prevent unauthorizedtampering or modification of data,and to insure that data remains available when needed´ (Murray, 2010).

There are three basic concepts that are in the core of database security. It is represented by theCIA Model, which stands for Confidentiality, Integrity, and Availability. The CIA Model should be theguiding principle for every database security methods because it plays a fundamental role that couldguarantee a secured database for the business organization (Concepts of Database Security, 2010).

Confidentiality is the first core concept, and it can be applied through data encryption (Conceptsof Database Security, 2010). Encryption is a technique where the data is encoded in such a way that onlyauthorized users can read and access the data, thus preventing unsanctioned use. Furthermore, it wouldprevent data leaks to third parties due to the security functionality encryption provides.

Integrity could be achieved in database security by limiting the access to the databaseinformation of some users (Concepts of Database Security, 2010). By enforcing User Access Controls(UAC) not everyone in the organization could edit the information in the database. They may be able toview it but it prevents from altering anything on the records since they have limited access on it. Thisreduces the risk of fabricated database information, and thus maintains its integrity.

Availability is the last core concept of database security (Concepts of Database Security, 2010). Itmeans that the database should be accessible anytime. More than just accessibility, it also involves the

necessary back-up procedures of the entire database. This is to reduce the risk of large data loss whenapplication error occurs.

The CIA model does not only safeguard the database from external threats but as well as internalones. It takes into account that not all threats on the database originates from outside the businessorganization, but it is likewise possible that an internal attack could occur. By observing sufficient securityprocedures, the database is safe. However, it is important to keep in mind that as technology isadvancing; the risks in database security are likewise greater. Thus, it is vital to always ensure that thelevel of security is sufficient to protect the database.

Understanding Database Server Security layers

To protect the database from both external and internal threats, there are various databasesecurity solutions available for organizations to use for their systems. Understanding the different levels of database security can help in applying the necessary steps in protecting data from both internal andexternal threats.

Database security is a major component in database administration; however it is sometimesoverlooked by management in favor of convenience. User accounts (who are not administrator accounts)are sometimes given extra permissions to access the database in order to save time, and corrective



2

measures to fix some of the systems¶ errors are not applied on time. Best practices are not followed bygiving more users more privileges and delaying fixes to the system.

For external threats, there are various solutions available for organizations and personalcomputers in the internet. Programs such as firewalls, antivirus and antispyware and antimalware ingeneral are readily available for download to protect one¶s system from external threats. Someprecautionary measures are also useful besides installing protection software.

For internal threats, database auditing is a solution commonly employed by organizations tomonitor the actions of their own users and protect the database from internal threats. An example of adatabase security measure used by and large is SQL, which stands for Service Query Language. SQL isa type of computer language to manage data in relational database management systems. There areother computing languages being used by programmers besides SQL.

In database server management and in computing in general, there are a few levels of securitythat have to be considered and used.

y Server-level security: What can be done with the server to protect its database

y Network-level security: What can be done with and through the network to protect thedatabase

y Operating system-level security: What can be done with the operating system to protectthe database

How security should be handled in each level will be further discussed in the followingsection (Acunetix, 2010).

1. Server-level security

a. Remove unnecessary services The more services there are available on the computer, the more possible

exploits a hacker or a malicious user can take advantage of. Removing servicesunnecessary for a server will not only leave any exploiter less chances to take advantageof your system, it will also free up memory and allow the machine to perform better.

b. Remote accessRemote access, if needed, should be restricted only to specific user accounts

and if possible, to specific IP addresses. Servers should not be accessed from publiccomputers such as those in computer shops. If the aforementioned restriction is in place,this should not be a problem. This restricted access limits the opportunities for hackers toaccess the company¶s server.

c. S eparate development/ testing/ production environment Development, testing and the production environment for web services should be

on a separate machine from the server. Because development, testing and productionare not yet ready for publishing, keeping them away from public access keeps theunfinished product away from potential exploits.

d. W eb application content and server-side scripting Web applications and website files should be placed in a location away from the

system¶s operating files. If in the event that the website gets exploited and hacked, thehacker won¶t find his way into the operating system files right away.

e. P ermissions and privileges Non-administrators and other users besides the system administrator should be

allowed only minimum privileges (i.e. viewing only) to access the data.



3

f . Install all security patches on timeSecurity patches must be installed as soon as they are released. These patches

contain safeguards against the security problems encountered and thus provideprotection and prevention against security exploits.

g . Monitor and audit the server Logs should be kept in a segregated area and should be reviewed regularly to

see if there are abnormal activities happening to the server. If there are any suspicions,the issue must be addressed immediately.

h. User accountsThe original account created during the installation of the operating system

should be renamed and not be used. This allows any potential exploiter to have a harder time accessing an administrator account. Everyone who uses the server includingadministrators should have his own account. Having separate accounts makes it easier to track usage of the machine.

i. Remove all unused modules and application extensions If the programs run on the server do not need certain extensions and modules in

order to perform in the desired level, then these extensions and modules should be

removed. Removing these will give exploiters less chances to exploit the programs beingrun on the server.

j. Use security tools provided with web server sof tware A little prevention goes a long way. It won¶t hurt to add a little more protection for

the server to protect it against exploits.

k. S tay inf ormed In this day and age, information is what keeps one ahead of the competition.

Information also provides one with the knowledge about the latest and recurring securitythreats and how to protect one¶s server against them.

2. Network-level security

a. P rotection sof twareWhether in a local network or online in the internet, protection software such as

antivirus software, antispyware programs, firewalls (besides the one provided along withthe operating system), and antimalware programs in general provide good protection for network threats. These programs must be updated regularly to ensure top performance.

b. Router regulationPasswords help prevent unwanted users to access the network, thus giving more

privacy and security. Another form of router regulation is to utilize MAC addresses to limitthe network to certain computers.

3. Operating system-level security

a. Firewall Operating systems (such as Microsoft Windows) usually come with their own

firewalls nowadays. Firewalls screen and filter programs and processes that attempt tosend information in and out of the computer.

b. User account settingsUser account settings security consists mainly of the user account password and

other settings. Having a strong password and the proper settings in place can give one¶saccount added security.



4

c . Regular updatesThe manufacturer of the operating system releases updates (patches, upgrades,

etc.) to improve operating system functionality. Sometimes, these updates includesecurity patches to address current security exploits of the same operating system.

Understanding Database-level Security

Often times, organizing a lot of databases and applications is the main role of database servers.To be able to access the information from the database, users need to get permission from the databaseadministrator. The database administrator decides whether to grant the request of the user to access thedatabase or not. Also, the administrator decides which object in the database the user can access. Whenthe permission is granted, only the user can access the database. Password will be given to the user toensure that he is the only one who has the access to the database. This procedure is called authorization(Bragg, Ousley and Strassberg, 2004).

Database Administration Security Defining the administration policy of an information system is very important since it would definewho has the power to grant or deny the request of the users to access the database. An information

system can follow centralized administration, ownership-based administration or decentralizedadministration. If the information system follows centralized administration, only a few of users have thepower to grant or reject access rights. On the other hand, if it implements ownership-based administration,the creator of a certain object, such as a table, has the power to allow the user to access the object or not.There are times that the creator still has to ask the approval of the database administrator. Lastly,decentralized administration means that there are different people managing different databases or objects. Sometimes, decentralized administration also gives the owner of an object authorization rights.Through these authorization rights, owners can allow users to give or reject the access rights to the object.

Access rights can vary from one user to another. Some users can edit, update, delete, create, or insertdata to the whole database, while some users can only do these things to a certain row or column of atable (Stallings and Brown, 2008).

Role-Based Access ControlOnce the administration policy of the information system is established, the database

administration can now grant or revoke access rights to the users. One way to assess the request of theuser is through his roles. De CapitanidiVimercati, Foresti and Samarati interpret role as ³a set of privilegesthat any user playing that role is associated with´. Users should clearly define to the databaseadministrator what roles he wanted to be part in. The administrator will assess the user¶s request, anddecide which roles he can participate in. Once the permission is granted, the user can now utilize theprivileges he receives (2008). An example would be a sales staff requesting for access to the database.The sales staff wanted to view and insert data in a table. The database administrator will assess therequest, define which roles he can play, and grant the request. Once the request is granted, the salesstaff can now view or insert data in a certain table. However, he can only do these tasks. Other thanthese tasks, he is not allowed to make other actions within the database. Another example is that of a

Sales Manager who is requesting to have access in a given database. As a Sales Manager, he wanted tohave the capacity to delete or add some data within the database. Just like the previous example, thedatabase administrator will review the request, define which roles he can play, and grant the salesmanager to access the database. Since the sales manager has a higher position compared to the salesstaff, he was granted more privileges to access the database. Through these examples, it is evident thatthe database administrator can design a hierarchy of permissions based on the roles of the user. It is alsoevident that roles allow the database administrator to control the permissions being granted to the users(Bragg, Ousley and Strassberg, 2004).



5

Discretionary Access ControlDiscretionary policy is also one of the policies that an information system can have to control

access to the system¶s object. Under this policy, approval of access depends on the owner or creator of the object (Bidgoli, 2006). Also, authorization rules are important to be able to know the privileges that asubject has over a certain object. Access to the object is only approved to subjects to whomauthorization rules are present and are confirmed (Castano et. al., 1995).

The basis of this policy is the identity of the subject, who is requesting for access to the object.This policy may seem to be applicable only to decentralized administration or ownership-basedadministration. However, it is also applicable to centralized administration. In a centralized administrationsystem, it will be the system administrator who will grant or revoke the request of the subject. Complexauthorization policies are required in discretionary policies. These authorization policies intend to havethe proper control on the transferring of rights from the authorizer to the subject (Castano et. al., 1995).

Discretionary policies also have some downsides. One of the main weaknesses of discretionarypolicies is the presence of Trojan Horses. Trojan Horses can still copy information from the one object toanother. With this, the object is not secured properly. Another weakness of discretionary policies is thatinformation from a readable object can freely flow to other objects that can be edited by the subject. Thiswould allow other subjects to view data from other objects, which they are not authorized to view(Castano et. al., 1995).

Mandatory Access Control An information system can also follow mandatory policy. In this policy, the central authority

implements some rules and regulations where access control is based on system's subjects and objectscategories (De CapitanidiVimercati, Foresti and Samarati, 2008). It cannot be changed or modified byindividual users (Bidgoli, 2006). This model is applicable in situations wherein numerous information thatare highly secured can only be accessed if the system data can be categorized, and there are clear users(Castano et. al., 1995). One of the most usual examples of mandatory access control policy is themultilevel security policy, wherein the classification of the system¶s subjects and objects are itsfoundations (De CapitanidiVimercati, Foresti and Samarati, 2008). Under this policy, the database objectsare assigning to a security class. On the other hand, each subject, active entities such as users, isallotted to a security class. This mandatory access control policy defines which objects, from a securityclass, a subject, with a stated clearance, can read or write. To avoid the information to transfer fromsensitive objects to less sensitive objects is the main aim of this policy (Bidgoli, 2006).

The subjects and objects in the system are related to a specific access class. Security levels anda set of categories are the composition of an access class. Security levels give ranking to a set of information (Bidgoli, 2006). For example, 0 is associated with unclassified objects or subjects. 1 and 2 areidentified as confidential objects or subjects and secret objects or subjects respectively. Lastly, 3 is for topsecret objects or subjects (Castano et. al., 1995). On the other hand, a disorganized set of information iswhat a set of categories builds (De CapitanidiVimercati, Foresti and Samarati, 2008). An example of a setof categories would be the names of the subjects that stand for the department of an organization (Bidgoli,2006). With the security levels and a set of categories, access class is portrayed as a partial order relation (De CapitanidiVimercati, Foresti and Samarati, 2008).

There are two basic principles that arise from the access class ± No read-up and No write-down.

No read-up means that a subject can only read the object, given that the subject has a higher or the sameaccess class to the object. For example, a user which is classified as a confidential user can read theobjects which are classified as unclassified and confidential. However, the user cannot read secretobjects and top secret objects. No- write down, on the other hand, implies that a subject can only edit or add some data to the object considering that the subject belongs to a higher or the same access class tothe object. For example, a secret subject can write on the objects which are classified as unclassified,confidential and secret. The user is prohibited to write on the top secret objects (Bidgoli, 2006).



6

Using Application Security

³Today, application integration is the single biggest challenge facing IT organizations. Withbusiness imperatives driving an increasing need for cross-organization integration, this challenge isgetting ever more complex´ (XWSS Organization, 2007). On using web application security, a Web

container holds all the Web application elements that include components, servlets, JSPs, HTML pages,and others. The deployment descriptor of a certain Web application describes how it is deployed whichalso includes the level of security for the various elements of the application. For instance, your Webapplication may have an HTML page that is available to everyone checking the website; on the other hand, other HTML pages are restricted and can only be viewed by preferred or existing customers(XWSS Organization, 2007).

³The following diagram illustrates the difference between the old security model and the new securityreality:

Source: www.xwss.org.

Organizations are beginning to realize that this old worldview no longer works. While networkfirewalls will clearly continue to be central to network designs, they don't address all of today'srequirements and realities, which include the following:

y Most security breaches come from within the firewall.

y Business imperatives require cross-firewall access and integration.

y Ports intended to pass specific protocols are being used for a wide variety of purposes.

y XML Web Services SOAP messages were specifically designed to easily pass throughexisting firewalls by being carried over transport protocols (HTTP, SMTP, etc.) that arecommonly carried through open firewall ports.



7

y New code written with modern tools (.NET, current J2EE apps servers, etc.) will be theminority of nodes in an XML Web Services data network. Legacy applications andpackaged applications will be the majority of nodes. Legacy and packaged applicationshave dramatically varying levels of application security and it is often difficult to verify andmanage the security functions they do have. (XWSS Organization, 2007).

According to Sybase Inc., 2005, ³Web client security requires that Web content be deployed inWeb applications:

y There is no way to secure files deployed in EAServer¶s HTML root directory.

y Do not put sensitive information such as passwords in files that can be downloaded byWeb clients.

y Do not put files containing sensitive information in locations that allow download by Webclients.´

³Accessing the security properties of your Web application from EAServer Manager

1. Highlight the Web Applications or the Installed Web Applications folder.

2. Highlight the Web application for which you are establishing security.

3. Select File | Properties.

4. Select the Security tab from the Web Applications Property window.´

³You can now define the authentication method of your Web application and security constraintson the various elements within your Web application´ (Sybase, 2005).

³Defining Web application security from the Web application Security wizard As an alternative to setting Web application security from the Web Application Properties dialog,

you can use the Web Application Security wizard, which guides you through the security configurationprocess.

1. Highlight the Web Applications or the Installed Web Applications folder.

2. Highlight the Web application for which you are establishing security.

3. Select File | Security Configuration Wizard.

4. Follow the instructions in the wizard to define the authentication method of your Webapplication and security constraints on the various elements within your Web application.´

There are four types of authentication methods of Web application available. The first one doesnot require any form of authentication and is labelled ³None´. The second is the ³Basic´ authentication

which requires a username, password and realm name. These are the steps given by Sybase Inc. (2005)regarding the process of basic authentication:

³When an HTTP client sends the HTTP basic authentication header:

y The server authenticates the client using the server-defined authentication scheme andinvokes any defined customized authentication component.

y If the request is intended for PowerDynamo, the server still authenticates the client, and if the request is denied, HTTP status code 401 (Unauthorized) is sent back to the client.



8

y If the authentication fails, the request fails and an error message is sent back to the client.If the request is intended for a Web application, the Web application manages error handling.

y If the request is intended for a regular static page, the request is denied, and HTTPstatus code 401 (Unauthorized) is sent back to the client´ (Sybase, 2005).

The third method of authentication is called ³Form´. In this method, an HTML login page iscreated for clients who, in turn, have to provide a username and password. Whenever errors occur in theHTML page, clients are notified by an error page which is usually set up for that purpose. There aresimple HTML pages as well as pages that come complete with servlets and JSPs (Sybase, 2005).

Client-CertWhen using ³SSL tunneled with HTTP´ in accessing a server, a certificate of authentication is

necessary. This client-cert cannot be used together with ³Web application security mechanisms´ withoutlosing access to the Web application (Sybase, 2005).

Defining a Security Constraint from the Web Application Properties Security Tab

According to Sybase, defining a security constraint of a web application is being discussed in thefollowing: ³First, create a security constraint «Second, def ine a W eb resource collection ± Web resourcecollections contain a list of URL patterns and HTTP methods available for those URLs«Third, establishauthorized roles ± define the authorized roles that have access to the HTTP methods for the URLsdefined for this security constraint. Before establishing an authorized role, you must map EAServer rolesto J2EE roles«Fourth, transport guarantee ± establish a level of transport security for each securityconstraint appropriate for the Web resources you are protecting. If you use basic or form-basedauthentication, passwords and other sensitive information is not protected for confidentiality. If you havesensitive information that you want to protect, establish a security constraint that uses a greater level of protection´ (Sybase, 2005).

There are four types of transport guarantees: none, integral, and confidential. The ³none´transport guarantee ³uses insecure HTTP´. The ³integral transport guarantee ³uses an SSL-protectedsession that checks for data integrity.´ The ³confidential´ transport guarantee ³uses an SSL-protectedsession to ensure that all messages content, including the client authenticators, are protected for confidentiality as well as data integrity´ (Sybase, 2005).

Database Backup and Recovery

Having backup and recovery is an important part of database security strategy. Backups are veryimportant, especially because accidental human error, weak application logic, imperfect database server or operating system and malicious users may cause damage or lost of data. However, through backups,data can be recovered (Bragg, Ousley and Strassberg, 2004).

Determining Backup ConstraintsIn creating backups, a company needs to first analyze its needs and the demands of its

environment before determining the strategy it will use to backup its data. The company has to consider its limitations such as ³storage space, network bandwidth, processing time, and local disk I/O bandwidth´(Bragg, Ousley, and Strassberg, 2004, pg. 673). It is also a challenge to look for qualified personnel.Performance requirements and user load will also contribute to the constraints in the backup strategy(Bragg, Ousley and Strassberg, 2004).



9

Aside from systems requirements, a company also has to determine which data should havebackups. It helps to rank all corporate data in order of importance, and label them as critical, high,medium, etc. (Bragg, Ousley and Strassberg, 2004).

Determining Recovery Requirements As previously mentioned, the reason why backups are created is for the company to recover

needed information whenever its database is damaged. Therefore, the most important point of consideration in the process of making backups is the recovery requirements of the company, especiallysince the means of doing this is highly dependent of the kind of hardware used to make the backups.Factors such as the cost the company will incur in the time that it has no access to database information,the importance of the data, and the level of data loss that is allowable by the company. Most of all, thetime it takes for the company to recover all the data it needs is also a critical consideration.

Types of Database BackupThere are basically three types of database backup ± Full backup, Differential Backup and

Transaction log backup. Full backup is a type of backup wherein the whole database is copied. Thisprocess can be done if the database is being properly implemented. Before the database administrator executes the overall schedule, it is important that the backup database be tested. The foundation of other

types of backup is full backup. It is advisable that full backups be done on a regular basis, especially if thedisk space constraints permit it to be done (Bragg, Ousley and Strassberg, 2004).

The next type of database backup is differential backup. In this type of backup, only the changeddata after the last full backup was done is copied. The recovery process in this type of backup is that first,the current full backup will be restored, followed by the current differential backup. The recovery processof differential backup is longer and requires more time compared to full backup. However, throughdifferential backup, the space that will be used for backup and the time required to safeguard largedatabases decrease (Bragg, Ousley and Strassberg, 2004).

Lastly, transaction log backup is creating a copy of each transaction that is being added in thedatabase. Database administrators can do transaction log backup more often since it only includes datafrom the transactions that happened after the last backup. However, there is also a disadvantage when itcomes to transaction log backup. The major disadvantage is that the last full backup should be restoredbefore the transaction log backup can be retrieved. This process may require a lot of time in recoveringthe backup transaction. On the other hand, transaction log backup also have advantages. The major advantage of this type of backup is that it is a point-in-time backup. It implies that the databaseadministrator can go back to a particular point in time. An example of this situation would be if there wasan unauthorized database transaction that happened. The database administrator can go back to thatspecific time to be able to correct that certain transaction. In effect, only a minimal data loss will happen(Bragg, Ousley and Strassberg, 2004).

These types of backups are not separated from one another. They can be combined, dependingon the database administrator. One may choose to do weekly full backup, daily differential backup andhourly transaction log backup. This would provide a more versatile backup system, especially for largeand active database. Moreover, modern database systems can make backups for certain objects or partsin the database. These objects can also be restored separately. Backing up the objects individually may

take a lot of planning, but data would be more secured (Bragg, Ousley and Strassberg, 2004).

It is also important to know where to store the backup database. Database administrators havetwo options ± disk or tape. The two options are frequently used, and both have their own advantages anddisadvantages. Database administrator can decide to use both given that there is enough budget toimplement the both options, it passes the performance requirements being implemented, and it canhandle all the data. ³Hot backup´ configurations, by using clustering and other solutions, can also beimplemented, especially if reliability and uptime are very crucial (Bragg, Ousley and Strassberg, 2004).



10

Database Auditing and Monitoring

A database is basically a large organized collection of data for one or more uses (BusinessTechnology & Securities Group, 2010). It is for rapid search and retrieval of data in a computer by theusers. Database auditing is the ability to continuously monitor, record, analyze, and report on all users

involved with the database activity. It is used as a security measure to ensure that unauthorizedpersonnel or those without permission do not access the information or data within the database(Business Technology & Securities Group, 2010).

In this modern age wherein technology is heavily used, firms use databases to store thecompany¶s confidential information or data. Ensuring the security of the database is very critical to thecompany¶s reputation and profitability. Unauthorized or unpermitted access to these data would affect theoperations of the firm in a disastrous way (ruining of the company¶s reputation which will result in declinein profitability and decline in customer trust).

To ensure the safety of the database, here are some practical measures to ensure databasesecurity. These are server security, database connections, table access control, and database accessrestriction. Server security is the process of restricting the right of entry to the database server. This is

one of the most basic and most important components of database security. It is necessary that acorporation does not let their database server be visible or vulnerable to others. If an organization¶sdatabase server is supplying information to a web server, then it should be configured to allowconnections only from that web server. Also, every server should be configured to allow only trusted IPaddresses.

With database connections, system managers should not allow immediate unauthenticatedupdates to a database. If users are allowed to make updates to a database via a web page, the systemadministrator should validate all updates to makes sure that they are warranted and safe. This givesemployees complete access to all of the data stored on the database regardless of whether or not theyare authenticated to have such access.

Table access control is related to an access control list, which is a table that tells a computer operating system which access rights each user has to a particular system object. Table access control

has been referred to as one of the most overlooked forms of database security. This is primarily becauseit is so difficult to apply. In order to properly use table access control, the system administrator and thedatabase developer will need to collaborate.

Internet based databases have been the most recent targets of attacks, because of their openaccess or open ports. It is very easy for criminals to conduct a ³ports scan´ to look for ports that are openthat popular database systems are using by default. The ports that are used by default can be changed,thus throwing off a criminal looking for open ports set by default.

There are additional security measures that can be implemented to prevent open access from theInternet, such as trusted IP addresses, server account disabling, and special tools such as Real Securedby ISS. It is important to remember that database security should occur in combination with other securitytechnologies, but data protection should be the core element of a complete company securityinfrastructure.

The primary security concerns of the auditor when conducting a database audit includesauthentication and authorization issues. The general principles for developing an audit strategy includethe evaluation of the purpose of auditing (to prevent unnecessary auditing) and knowledge about auditing(to avoid unnecessary audit information from cluttering. The general principles for auditing suspiciousdatabase activities include the narrowing down audits from general to specific audits and the protection of the audit trail. The general principles for auditing normal database activity include the auditing onlypertinent actions, archiving audit records, and purging the audit trails.



11

There are several modes of auditing. One is by using an automated database audit solution. Inorder to ensure that unauthorized users are not accessing the database, the auditor will need to audituser activity. Auditing user activity provides the auditor with assurance that the policies, procedures, andsafeguards that management has enacted are working as intended. This also helps the auditor to identifyany violations that may have occurred.

Auditing user activity can be accomplished via continuous data auditing. Continuous data auditingis the process of monitoring, recording, analyzing, and reporting database activity on a periodic basis.This is a critical concept because unauthorized access to the database and the information containedwithin can occur at any time. If the auditor is using a testing schedule, violators can easily sidestep thatschedule. This is not the case, however, with continuous data auditing. The auditor and managementmust be able to identify which behavior is suspicious versus which behavior is routine. Any behavior thatis not identified as routine and valid access to the database must be examined and analyzed further.

The ideal approach to effectively capture and analyze database activity is through non-trigger audit agents associated with each database server. Non-trigger audit agents capture all relevant activity,regardless of the application used. In comparison, database triggers-an automatic procedure that occurswhen data has been altered in a table-are not recommended, as database administrators can easilydisable them. The non-trigger database audit agents gather information through three means: databasetransaction log, database¶s built-in native logging, and third-party tools that monitor network and/or

system activities.

Each database maintains a database transaction log through the normal course of its operation,which gathers data modifications and other activity. This approach is not practical however as these logsare used for forward recovery and their formats are largely undocumented. Additionally, SQL SELECTaccess to database objects is not logged.

Database's built-in native logging obtains additional information, such as permission changes anddata viewing activities. Each database management system has some type of audit trace capability suchas Oracle's Fine Grain Auditing (FGA) capability.

Some solutions use agents which enable both local access as well as network access to bemonitored; while others are restricted to just monitoring network traffic. These solutions are typicallycalled Database Activity Monitoring (DAM) solutions.

Auditors may also use audit software to achieve their audit objectives. There are a number of approaches including using a log management solution to collect, store and analyse the native auditrecords produced by the database management systems. Vendors such as SenSage provide logmanagement solutions and database collectors that do not require agents.

Specialized database auditing solutions include: IBM Guardium 7, DB Audit created by SoftTreeTechnologies, Audit DB by Lumigent Technologies Inc.,DbProtect by Application Security,ImpervaSecureSphere and Hedgehog Enterprise from Sentrigo. Some of these solutions rely on anetwork appliance to inspect and audit SQL traffic sent over the network. Appliance only approaches areunable to detect activity carried out solely on the server, such as the actions of DBAs. Other approachesutilize light-weight agents that can monitor all local database activities. Agents can be implemented toalso capture all network activity, making network appliances for monitoring unnecessary. However it

should be pointed out that many of these solutions provide network appliances to capture and store agentreports, even if they are not required for network monitoring. This off loads the storage/reporting task fromthe servers and provides the separation of duties (SOD) required by auditors.

Reviewing Auditing LogsThe term auditing refers to the process of recording events, such as file access,

creations, deletions, the addition of print jobs, and so on, and using that information to detect usageviolations or to confirm that network procedures are operating correctly. A network administrator, by usingthe audit logs, can track what files were accessed, when they were accessed (which includes both the



12

date and time of the database access), by whom, and even what activities and transactions wereperformed. Some logs even show you if the transaction was or was not successful with some type of message.

An audit log is a central log file that contains information (Oracle Corporation, 2010) about entriesfor day-to-day events and activities performed on the system (Microsoft Corporation, 2010). The mainimportance of reviewing audit logs or audit trails is to monitor the security of the system. Managers usesoftware¶s such as Identity Synchronization for Windows Console to maintain and control the entrants andother details. These details about the entries would be recorded and available in the log (InformationTechnician, 2010).

By examining the audit logs it is possible to trace, for example, what kinds of administrator actions have been performed and by whom. This data may prove to be important when trying to figure outpossible configuration errors or problems with regulatory compliance.

The audited events include actions concerning element configuration (such as creating, editing,deleting, importing, or exporting), actions performed on the firewall and IPS engines (policy upload,control commands, and so on), use of command line tools (for example, when backing up and restoring),actions related to certificates, and actions related to administrator login authentication (StonesoftCorporation, 2010).

Audit logs are important for four reasons: accountability, reconstruction, intrusion detection, andproblem detection (Spafford, 2006). Log data can identify what accounts are associated with certainevents. This information then can be used to highlight where training and/or disciplinary actions areneeded.

Log data can be reviewed chronologically to determine what was happening both before andduring an event. For this to happen, the accuracy and coordination of system clocks are critical. Toaccurately trace activity, clocks need to be regularly synchronized to a central source to ensure that thedate/time stamps are in synch (Spafford, 2006).

Unusual or unauthorized events can be detected through the review of log data, assuming thatthe correct data is being logged and reviewed. The definition of what constitutes unusual activity varies,but can include failed login attempts, login attempts outside of designated schedules, locked accounts,

port sweeps, network activity levels, memory utilization, key file/data access, and many more (Spafford,2006).

In the same way that log data can be used to identify security events, it can be used to identifyproblems that need to be addressed. For example, investigating causal factors of failed jobs, resourceutilization, trending and so on (Spafford, 2006).

Essentially, for each system monitored and likely event condition there must be enough datalogged for determinations to be made. At a minimum, you need to be able to answer the standard who,what and when questions.

The data logged must be retained long enough to answer questions, but not indefinitely. Storagespace costs money and at a certain point, depending on the data, the cost of storage is greater than theprobable value of the log data (Spafford, 2006).

The same can be said for costs associated with performance degradation that the log analysistools suffer if the data sets are simply allowed to grow indefinitely.

For the log data to be useful, it must be secured from unauthorized access and integrity problems.This means there should be proper segregation of duties between those who administer system/networkaccounts and those who can access the log data.

The idea is to not have someone who can do both or else the risk, real or perceived, is that an



13

account can be created for malicious purposes, activity performed, the account deleted and then the logsaltered to not show what happened. Bottom-line, access to the logs must be restricted to ensure their integrity. This necessitates access controls as well as the use of hardened systems.

Consideration must be given to the location of the logs as well ± moving logs to a central spot or at least off the sample platform can give added security in the event that a given platform fails or iscompromised. In other words, if system X has catastrophic failure and the log data is on X, then the mostrecent log data may be lost. However, if X¶s data is stored on Y, then if X fails, the log data isn¶t lost andcan be immediately available for analysis. This can apply to hosts within a data center as well as acrossdata centers when geographic redundancy is viewed as important.

Audit logs are beneficial to have for a number of reasons. To be effective, IT must understand logrequirements for each system, then document what will be logged for each system and getmanagement¶s approval. This will reduce ambiguity over the details of logging and facilitate proper management.

Database Server MonitoringDatabase server is a data storage and retrieval system (Apple, 2010). Database servers typically

run on an independently functioning computer dedicated and are accessed by client applications over a

local-area network that holds and manages the database (Answers, 2010).

Database monitoring is a vital activity for the maintenance of the performance and health of your database management system. To facilitate monitoring, DB2

(R)collects information from the database

manager, its databases, and any connected applications (IBM, 2010). With this information the firm cando the forecasting hardware requirements based on database usage patterns, analyzing the performanceof individual applications or SQL queries, tracking the usage of indexes and tables, pinpointing the causeof poor system performance, and assessing the impact of optimization activities (for instance, alteringdatabase manager configuration parameters, adding indexes, or modifying SQL queries).

There are two primary tools with which you can access system monitor information, each servinga different purpose: the snapshot monitor and event monitors. The snapshot monitor enables you tocapture a picture of the state of database activity at a particular point in time (the moment the snapshot istaken). Event monitors log data as specified database events occur.

The system monitor provides multiple means of presenting monitor data to you. For bothsnapshot and event monitors you have the option of storing monitor information in files or SQL tables,viewing it on screen (directing it to standard-out), or processing it with a client application.

There are threats to the database servers. An attacker or hacker can target and compromise adatabase server in a number or ways by exploiting a variety of configuration and application levelvulnerabilities. These include SQL injection, network eavesdropping, unauthorized server access, andpassword cracking.

With a SQL injection attack, the attacker exploits vulnerabilities in your application's inputvalidation and data access code to run arbitrary commands in the database using the security context of the Web application.

To counter SQL injection attacks, the application should constrain and sanitize input data beforeusing it in SQL queries. Through using type safe SQL parameters for data access, these can be usedwith stored procedures or dynamically constructed SQL command strings. Using SQL parametersensures that input data is subject to type and length checks and also that injected code is treated asliteral data, not as executable statements in the database. Use a SQL Server login that has restrictedpermissions in the database. Ideally, you should grant execute permissions only to selected storedprocedures in the database and provide no direct table access.

The deployment architecture of most applications includes a physical separation of the data



14

access code from the database server. As a result, sensitive data, such as application-specific data or database login credentials, must be protected from network eavesdroppers.

Vulnerabilities that increase the likelihood of network eavesdropping include insecurecommunication channels and assessing credentials in clear text to the database.

To counter network eavesdropping, the firm should use Windows authentication to connect to the

database server to avoid sending credentials over the network, install a server certificate on the databaseserver. This results in the automatic encryption of SQL credentials over the network, the SSL connectionbetween the Web server and database server to protect sensitive application data. This requires adatabase server certificate, and use an IPSec encrypted channel between Web and database server.

Direct access to your database server should be restricted to specific client computers to preventunauthorized server access. Vulnerabilities that make your database server susceptible to unauthorizedserver access include failure to block the SQL Server port at the perimeter firewall and lack of IPSec or TCP/IP filtering policies.

Direct connection attacks exist for both authenticated users and those without a user name andpassword. To counter these attacks, the firm should make sure that SQL Server ports are not visible fromoutside of the perimeter network. Within the perimeter, restrict direct access by unauthorized hosts, for

example, by using IPSec or TCP/IP filters.

A common first line of attack is to try to crack the passwords of well-known account names.Common vulnerabilities that lead to password cracking are weak or blank passwords and passwords thatcontain everyday words. Common password cracking attacks include dictionary attacks and manualpassword guessing. To counter these attacks, create passwords for SQL Server login accounts thatmeet complexity requirements and void passwords that contain common words found in the dictionary.

Problems and Issues on Database Security

"In my opinion, database security is riddled with holes and it's the biggest problem we

face in IT today" -- Litchf ield, David (Brener, 2006).

Database Security might have all its purpose and importance to an organization¶s operations andprocesses, but it has its own drawbacks. Database Security is an essential IT process in business, and itsrole could also affect the organizations¶ overall strategy. But despite its good benefits to that totalperformance of the company, Database Security also has its problems and issues for the organization. Ata certain point, it could incur additional cost to the company when it comes to updating and improving IT-based programs, servers, software and also equipments. Hacking instances in the Database systemwould also mean losses to the company. Issues of privacy and maintenance effort are just few of thepossible problems that an organization would experience out of obtaining a Database Security system.

This section of the paper aims to discuss problems and issues regarding Database Security. Thisportion of the study would help us know some of the cons of acquiring such systems for the company. Asin any business, problems arising within the operations are losses to the company. As much as possible,many companies would want to avoid disruptions in the operation or production²caused probably by lackof supply, problems within work cells or the assembly line, equipment performance, and also from datamiscommunication. In a different perspective, Database Security¶s role enters to the company by way of protecting the vital information essential to the different departments of the company, may it be in the TopManagement, Finance, Marketing or Operations departments. The challenge, however, is how theorganization would address these disadvantages or problems of Database Security amidst the increasingtrend of technology change, backed-up with some moral issues of security and privacy, and internalmanagement conflict. This paper attempts to give solutions to Database Security problems as well.



15

Vendor Vulnerability and Database DeploymentLitchfield said that database attacks offer the biggest potential for fraudulent activity and damage

to companies' reputations and customer confidence." It could be undeniable that this problem is growingfast in organizations that heavily rely upon databases to support mission critical business activity.Perpetuating cases of data breaches of the past year would be the basis of this (Teppit, 2006).

An example of a database security issue would be vendor vulnerabilities and databasedeployment errors. According to Litchfield, vulnerabilities in vendor solutions can be mitigated to someextent by timely patching. On the other hand, deployment errors are tougher and much difficult to solvefor an organization since they are made or caused by the poorly configured databases, inappropriateaccess permissions or badly engineered applications accessing the database. To solve the issue, one of the ways would be to implement a policy of least privilege²identifying who is asking the database to dowhat. Litchfield also emphasized that organizations have to be ahead of the game with a system in termsof maintaining the database. Also, organization must prevent utilizing their database to perform beyond itsmeans or capabilities (Teppit, 2006).

Litchfield also suggested more ways of solving issues in Database security such as newtechnology. A study by Oxford-based Secerno uses machine learning algorithms which would allow usersto a) build up a rich understanding of application-to-database behavior, and b) to insist on database

interactions conforming only to allowable behaviors.

It represents the world's first database application assurance platform. Secerno provides anumber of proactive capabilities that help prevent database attacks by determining true least privilegeaccess to the database. It could also create an efficient logging environment demonstrating auditcompliance and determines where engineering quality can be improved it has also the capability toautomatically identifies dormant software features (Brener, 2006).

According to SANS Top 20, two most prevalent technical areas of weakness in database areBuffer overflows and SQL injections. It is important to know these two issues because they have beenevident in the present for quite some time.

SQL Injections" An attack technique used to exploit web sites by altering backend SQL statements

through manipulating application input." - W eb ApplicationS ecurity Consortium Glossary

According to Mospaw (2005), SQL Injection is subset of an unverified/unsanitized user inputvulnerability and the idea is to convince the application to run SQL code that was not intended. Surpriseshappen and unfortunately, compromising results arise, if the application is creating SQL strings naively onthe fly and then running them.

Today, SQL injections are certainly a seriously growing problem. Cases of such problem aretroublesome to the company wherein attackers use invasive procedures which cannot be easily patchedor solved ± making it easy for some to perform such crime. With SQL injection, an attacker takesadvantage of incorrectly filtered SQL queries and other input information to pull any information he wantsfrom a database. Unknowingly, an attacker can simply write a line of code and let it piggyback on another,allowing opportunity to the hacker to make requests of returning vast amounts of data (Teppit, 2010).

The result of such hacking problem could be damaging to any organization or company¶simportant data and confidentiality. Information that could be affected in this problem ranges from SocialSecurity numbers, to credit card information, to information about customer buying patterns or companyproducts. But despite the reality in the case of SQL injections, there are few who report or admit suchphenomena happening in the company. For some reason, most companies whose computer networks fallto such hacking flaws would not want to admit that their code is flawed and vulnerable to suchattacks. Much more, since companies or organization would fail to admit their mistakes, Gartner analyst,



16

John Pescatore (Teppit, 2010) emphasizes that lack of information drive to disseminate information aboutthe possibility of SQL injection vulnerability. Sad to say, despite recognizing problems like this in thecompany¶s Database system, most seem not to believe because these are issues not familiar to mostpeople in the business world and the newspapers. They unfortunately continue to be tabooed.

What is at stake is not actually only the company database, but the entire corporation. Reputationis being endangered. Such cases of SQL injections could not only compromise most business like case of the CardSystems security breach, where hackers stole 263,000 customer credit card numbers andexposed 40 million more, but could also apply to other organizations and institution like the government.For instance, Russian hackers broke into a Rhode Island government Web site and stole 53,000 creditcard information from individuals who had done business online with state agencies (Teppit, 2010).

The good thing with the new Secerno's technology is that it is largely protocol-based and is notalso constrained by the pattern matching of traditional techniques. This would mean that the program isscanning alerts on all statements, even ones that have never been seen before and may be outside of theapproved/appropriate behavior of the application. In this way, SQL Injections attempt could be identifiedright away by the Database Security system, avoiding more cases of information theft from theorganization or company (Teppit, 2010).

Buffer OverflowOn the other hand, we also have buffer overflow undermining Database Security. SANS

advocates patching, but this solution to buffer overflow would mean shutting down a mission-criticaldatabase, disrupting 24/7 businesses and incurring real costs in both operational down-time anddatabase management labor. Using patching would leave a yawning gap in the window of vulnerability(Teppit, 2006).

According to McAfee System Protection Solutions, buffer overflow exploits are the tool of choiceof today¶s attacker since these exploits are the most common, have the most power, and arecharacterized by ease of use. Buffer overflows is said to be the largest single threat to enterprises today(2005).

It is common because 60% of Computer Emergency Readiness Team or CERT deal with thisproblem. There are hundreds of known unchecked buffers that can be overflowed by hackers, and with

more being discovered all the time. For hackers it is easy to use since anyone can download buffer overflow attack code and follow a simple ³recipe´ to execute it. There is actually no advanced technicalknowledge that is necessary to run pre-written buffer overflow exploit code. The danger about buffer overflow is that it is powerful in such a way that its malicious code (out from buffer overflow operation) willrun with administrator-level privileges, and therefore can do anything it wants to the server (McAfeeSystem Protection Solutions, April 2005).

Using Secerno on the Database system, as Litchfield emphasized in his report, the threat mayalready be terminated. Thus, this frees the company to apply the patches at a time that suits itsoperations rather than to a schedule that is under the attackers' control. The important factor with newtechnologies, like Secerno, is that this approach puts the company back on the front foot againstproblems of SQL injections and buffer overflow. This would mean that the Database Security measuresand precautions are proactive security steps rather than just-too-late reactivity (Teppit, 2006).

Inference Problems According to Jajodia and Meadows, the inference problem is the problem of detecting and

removing inference channel²a channel in a database by which one can infer data classified at a highlevel from data classified at a low level. Furthermore, they said that inference problems are of vital interestto the designers and users of secure databases (n.d.).

The roles of database management systems are intended to provide the means for efficient storageand retrieval of information for an organization or company¶s sensitive data. The core purpose of this



17

database security is to prevent illegal inferences. However, if poorly designed, this will cause muchtrouble to the organization or company. Inference problems are an important but still relatively unexploredaspect of database security in the present. A complete and general solution to the inference problem isimpossible. The challenge of solving Inference problems relies on constructing a database that is bothusable and reasonably secure against these types of problems (Jajodia and Meadows, n.d.).

Other Issues on Database SecurityFor an organization, a Database Security manager is the most important asset to maintaining and

securing sensitive data²company information on operations and confidential data that is relevant to theorganization¶s existence. Thus maintenance of Database Security is a very important process in securingthe system. It is very important that information and data are well protected, that is why a clear understanding of Database system problems and how to solve them is essential for any manager of acompany or organization. Spam Laws also has listed issues that are compromising to Database Securitybut could be easily avoided by having a responsible Database Security Manager (2009). These are:

Daily Maintenance: Daily maintenance may require rigorous and constant checks andupdates, but it pays for a corporation or an organization to do daily maintenance. This isthe purpose ofdatabase audit logs. With daily audit logs, daily review is performed tomake certain that there has been no data misuse. The key is to have data consistency

that is another way of updating Database Security. Audit logs require a) overseeingdatabase privileges; b) consistently updating user access accounts and; c) assesses newprograms that are performing with the database.

Varied Security Methods for Applications: Security measures are important to thedatabase system. However, too much variation or types on the methods of securityamong applications that are being utilized in the whole database system can causedifficulty with creating policies for accessing the applications. Proper access controlsmust be possessed by the database in order to regulate the varying methods of security,keeping sensitive data from risk.

Post-Upgrade Evaluation: Consistency is somehow the key in securing Database systems.Upgrades, specifically post-upgrade evaluations, are necessary for the administrator to

perform in order to ensure that security is consistent across all programs, thus avoidingattacks by thorough monitoring.

Split the Position: Clear job description must be defined among employees in the companyor organization to avoid conflicts and provide focus-driven responsibility to employees. Itapplies as well to the Database Security department when the management fails to splitthe duties between the IT administrator and the database security manager. In someinstances, like due to cost cutting, a company may decide to have the IT administrator doeverything. However, this decision can significantly compromise the security of the datadue to the responsibilities involved with both positions²Spam Laws (2009) suggest thatthe IT administrator should manage the database while the security manager performs allof the daily security processes.

Manage User Passwords:This might be a simple issue, but there would still be times when

the IT database security managers will forget to remove IDs and access privileges of former users which lead to password vulnerabilities in the database. In such case,password rules and maintenance needs to be strictly enforced by the company to avoidopening up the database to unauthorized users.

These problems are some of the common issues experienced by a company or an organizationwith a Database Security system. Yet the solution to these problems is easy. The best solution to avoidmost of these problems is to employ qualified personnel in the Database Security department, and also toseparate the security responsibilities from the daily database maintenance responsibilities (Spam Laws,2009).



18

Keeping Database Security CurrentUpdating the Database Security is an important action to avoid possible hacking problems. Any

database should undergo constant scrutiny and improvement. When updating the database system, eachnew version will often include both major and minor changes to enhance and repair security flaws,configuration mishaps, and other issues that will affect the overall security and stability of your system. Allof these are ways to avoid problems that could be cause by internal and external factors in theorganization or company. PHP Documentation Group emphasizes that, like other system-level scriptinglanguages and programs, the best approach to protecting the Database Security is to update often, andmaintain awareness of the latest versions and their changes on the system (According PHPDocumentation Group, 2005).



19

Conclusion

Databases are important assets of large and complex companies. Databases enable organizationto store important and confidential business data that facilitates other functions in the company and makethem more efficient. The information possessed by a company is also one of its competitive advantages

over other companies. Databases are difficult to build, imitate, and especially problematic to replace or repair when it is damaged or destroyed. Therefore, databases should be properly maintained andprotected from both internal and external threats. In general, external threats may be avoided by buildingprotective systems such as firewalls, antivirus, antispyware, antimalware programs, and the like. Internalthreats may be neutralized by conducting database auditing. A database may also be protected indifferent ways depending of the security layer (i.e. server level, network level, and operating system level).Protecting databases also include backup and recovery. While this does not directly protect a database,backup provides the means for restoring a database whenever it is damaged or destroyed.

An important concept to understand in the protection of a database is database-level security.This is the protection area that defines the subjects who are allowed to access information in a database,in what way, and to what extent. There are several types of administration policies for databases, namelycentralized administration, ownership-based administration or decentralized administration. At the same

time, there are also different kinds of ways in which to assess how subjects are granted access to adatabase. These access controls can be role-based, discretionary, or mandatory. In many instances,there are hundreds or thousands of users requesting for access to a common database. This thenbecomes a tedious task if database-level security is utilized because an authority-granting subject willhave to assess and judge the request of each person who wants database access. To solve this problem,a database may utilize application-level security.

In the end, it is safe to say that, while databases bring many advantages to a company, thesetechnologies also incur costs and create a lot of worries. In order to reduce corporate risks related to theinformation stored in the database, the management of the company should take adequate actions tokeep the database secure, up to date, and free from errors. However, in doing so, a company needs todivest a lot of money. In managing databases, a company will always have to weigh the costs and thebenefits.



20

Bibliography

Acunetix. (2010) W eb S erver S ecurity and Database S erver S ecurity . Retrieved fromhttp://www.acunetix.com/websitesecurity/webserver-security.htm

Answers. (n.d.). Database S erver: Def inition f rom Answers.com. Retrieved October 6, 2010, from Answers.com: http://www.answers.com/topic/database-server

Apple. (n.d.). W ebObj ects Overview ( Legacy): Glossary . Retrieved October 6, 2010, from Apple: Mac OSX Reference Library:http://developer.apple.com/legacy/mac/library/#documentation/WebObjects/WebObjects_Overview/Glossary/Glossary.html

Bidgoli, H. (2006). Database Security. In H and book of Inf ormation S ecurity (Vol. 3, pp. 380-393).California: John Wiley and Sons.

Bragg, R., Ousley, M., & Strassberg, K. (2004). Chapter 26: Database Security. In Network S ecurity: TheComplete Ref erence (pp. 657-680). India: McGraw-Hill.

Brenner, B. (2006). Litchfield: Database security is IT's biggest problem. Retrieved last October 4, 2010,from: http://searchsqlserver.techtarget.com/news/1211395/Litchfield-Database-security-is-ITs-biggest-problem.

Business Technology & Securities Group. (n.d.). Glossary D. Retrieved October 6, 2010, from InformationManagement: http://www.information-management.com/glossary/d.html

Castano, S., & et. al. (1995). Chapter 1: Information Security. In Database S ecurity (pp. 1-38).Wokingham, England: Addison-Wesley Publishing.

Concepts of Database S ecurity . (2010, January). Retrieved October 2, 2010, from Bright Hub:http://www.brighthub.com/computing/smb-security/articles/61402.aspx

De Capitani di Vimercati, S., Foresti, S., & Samarati, P. (2008). Chapter 1: Recent Advance in AccessControl. In H and book of Database S ecurity: Applications and Trends (pp. 1-26). New York:Springer Science+Business Media, LLC.

IBM. (n.d.). DB2 Universal Database. Retrieved October 6, 2010, from IBM:http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/c0001138.htm

Information Technician. (n.d.). Review Audit Logs. Retrieved October 6, 2010, from TPUB:http://www.tpub.com/content/istts/14224/css/14224_16.htm

Jajodia, S. and C. Meadows. (n.d). Inference Problems in Multilevel Secure Database ManagementSystems.

Kumar, A. (2010, April). A 101 of

DatabaseS

ecurity Concepts. Retrieved October 2, 2010, from BrightHub: http://www.brighthub.com/computing/smb-security/articles/40615.aspx

McAfee System Protection Solutions. (2005). Buffer Overflow, Exploits: The Why and How. White Paper.

Microsoft Corporation. (n.d.). 1.1 Glossary . Retrieved October 6, 2010, from Microsoft:http://msdn.microsoft.com/en-us/library/cc402667(PROT.10).aspx



Mospaw, C. (2005). SQL injection Attacks by Example. Retrieved last September 30, 2010, from

HYPERLINK "http://unixwiz.net/techtips/sql-injection.html"http://unixwiz.net/techtips/sql-

injection.html.

Murray, M. C. (2010). Database S ecurity: W hat S tudents Need to Know . Retrieved October 2, 2010, fromhttp://informingscience.org/jite/documents/Vol9/JITEv9IIPp061-077Murray804.pdf

Oracle Corporation. (n.d.). Glossary ( S un Java S ystem Identity S ynchronization f or W ondows 6 .0 Deployment P lanning Guide) - S un Microsystems. Retrieved October 6, 2010, from Oracle:http://docs.sun.com/app/docs/doc/820-0386/aaqev?a=view

PHP Documentation Group (see full contributors). (2005). PHP Manual, Chapter 33. Keeping Current.Retrieved last October 4, 2010, from http://www.nasatech.com/PHP-DOCS/security.current.html.

Spafford, G. (2006, January 20). The Importance of Audit Logs - Datamation.com. Retrieved October 6,2010, from Datamation: http://itmanagement.earthweb.com/columns/article.php/3578916/The-Importance-of-Audit-Logs.htm

Spam Laws. (2009). Database Security Issues: Database Security Problems and How to Avoid Them.Retrieved last September 30, 2010, from http://www.spamlaws.com/database-security-

issues.html.

Stallings, W., & Brown, L. (2008). Chapter 5: Database Security. In Computer S ecurity: P rinciples and P ractice (pp. 142-171). USA: Pearson Prentice Hall.

Stonesoft Corporation. (n.d.). Auditing: Logs, H istory and Conf iguration S napshots - S tonesof t . RetrievedOctober 6, 2010, from Stonesoft.com: http://www.stonesoft.com/en/products/smc/audit/

Stonesoft Corporation, 2010. HYPERLINK"http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=774791"Supporting next generation

Internet applications today. Retrieved October 6, 2010 fromHYPERLINK

"http://www.stonesoft.com"www.stonesoft.com.

Sybase Incorporation, 2005. Using Web Application Security. Sybase Incorporation Documents. Date

Retrieved: October 6, 2010

Teppit. (2010). Database Security is ITs Biggest Problem. Retrieved October 4, 2010, fromhttp://www.itsecurity.com/news/ngs-database-security-070806/.

XWSS Organization, 2007. Web Services Security Forum. XML Application Firewalls. Retrieved October 6, 2010 from www.xwss.org.