How to Secure Your Data?
Welcome to the latest news from TalkIT. This issue looks at designing a database security plan. This follows on from the blog on how to work with data..
These are my thoughts based on working with databases over the last 15 years. Please add your comments below.
Contents
What Is Cyber Security?
How to Secure Databases?
How to Design a Security Plan?
Other Bits
What Is Cyber Security?
Before we consider databases, let’s start with cyber security. The term “cyber security” was first used in 1988. Then there were only 60 k slow computers connected to the internet. But attacks had started on private, government and corporate systems. The recent use of data centres in the cloud has increased risks.
Hackers include criminals who want to attack financial systems. But also lone individuals and groups with that seek political influence. These “hackivists”, like the group called “Anonymous” claim they want justice. Governments themselves can initiate attacks and coordinate defences.
The targets of attacks are wide ranging. Recent targets include Tesco’s bank, Sony, Yahoo, the CIA and the US Democratic Party.
Attacks make use of malware such as Worms (that reproduce themselves across computers) and Trojan Horses (that pretend to be ordinary software). “Denial of Service” attacks are popular. These flood a network with false service requests.
Cyber security is a major global problem. Protection requires international treaties and laws. The European Union has recently created a cyber security centre.
What can you do to protect yourself? Use long strong passwords. Install up-to-date antivirus software. Only use secure Wi-Fi connections.
As a developer how can you protect the software you create? Our online courses emphasise best practices. These help build secure systems. Take a look at our HTML5 online course.
How to Secure Databases?
Data held in databases is particularly vulnerable to attack. The threats include:
- Theft of data
- Data vandalism
- Data integrity
- Illegal storage
- Many more…
A security design philosophy involves:
- Secure by design
- Secure by default
- Secure in deployment
- Secure through communications
A security plan is best implemented from the start, not added at the end. After this regular security reviews can patch any holes that have appeared.
How to Design a Security Plan?
When implementing a database, create the security plan along with the table schema.
The securable objects are the server and the database itself. Then think of a hierarchy within the database: tables, procedures, views, functions, schemas … The security issues are as critical as the database’s performance.
Controlling access is a two step process:
1. Authentication
2. Authorisation
Authentication determines who wants access to the server. Microsoft SQL Server uses Logins to establish the identity of request. These can be based on a Windows account or an independent SQL Server user id & password. Authentication is like arriving at a hotel reception and being asked for your passport.
For more take a look at our SQL Server administration course.
Authorisation determines what user can do with a database. The login is associated with a user or role. Roles can be granted or denied permissions for a wide range of activities. Authorisation is like being told your room number then using the hotel’s facilities.
The users and their roles are the key database players. Who are they and what do they need to do? Do you need to create public roles like managers and operators? When a user becomes a member of a role they inherit the permissions for that role. It is more effective to first create roles, and then grant appropriate permissions. Users can then be added or removed from relevant roles.
Other Bits
TalkIT has been very active on social media recently. We have been posting on coding and IT humour. Why don’t you connect with us on Twitter or FaceBook? You can follow all the latest news and let us know what you think.
Time for a Career Opportunity? Gain Microsoft certifications MCSD/MCSA Developing MVC Web applications Exam 486
Do you want to move forward with your career in 2017 … how about getting a developer certification?
Time for a Career Opportunity? Gain Microsoft certifications MCSD/MCSA Programming in C# Exam 483.
Top 5 programming languages in 2017? Which languages provide career opportunities & salary?
SQL Server Database Development and Administration courses Bath U.K. Make your data work for you.
SQL Server Business Intelligence courses Bath U.K. Transform data to strategy. Make raw data presentable.
David Ringsell TalkIT 2017 ?