Individual Project Key Assignment
27 April, 2015
Table of Contents
Week 1: Database Security Architecture 4
Differentiate between a Database Management System and a database 4
Network Infrastructure for the best security posture 4
Additional Security mechanisms to protect the Database Server 6
Week 2: User Account Security 7
Creating Schemas 7
Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists 7
Creating Views 10
Week 3: Database Vulnerabilities 11
Description of tools used to perform scans 11
Scan Information 11
False Positive Information 12
Discuss SQL injection attack 12
...view middle of the document...
Each database will be managed by the overall DMS but has no relation to the other databases being managed.
Network Infrastructure for the best security posture
To create the most secure infrastructure for a DMS server you need to first begin with the facility that will be housing your network. The server room should be located inside a building with a secure door that only authorized personnel can gain access through. The server room should have separate environmental controls from the rest of the facility and backup power from commercial power should be available to the server racks. Backup power does not mean you need your own generator but at minimum a Universal Power Supply that can sustain power to the server long enough for an auto generated clean shutdown of the system should a commercial power outage occur.
The point of presence where your company network meets the commercial Internet Service Provider hardware that connects your network to the internet should also be in a secure protected room that only authorized individuals may enter. At this location some type of network device will exist usually a router, then a firewall, which will segregate traffic keeping the outside world away from your internal company network.
The firewall will protect your network using access control lists and can be connected to multiple subnets of your overall corporate network. The DMZ is where you would have your web servers that the public can access, but the SQL server should be kept on a separate subnet that is connected to the firewall but also separated from the internal public network where employees access resources. Even though all of these servers are on separated subnets, they could still be kept in the same rack space and attached to the same network switch that is using VLANs to separate the traffic.
Additional Security mechanisms to protect the Database Server
Additional security mechanisms do not always need to be a hardware device like a proxy server or a software program such as malware protection. The network should utilize some type of scanning tool which checks for operating system and DMS open vulnerabilities that can be mitigated. Employing hardening checklists such as Secure Technical Implementation Guides produced by the Defense Information Systems Agency will provide recommended secure settings that may be implemented on the operating system and application software. Anti-Virus software would need to be installed on all servers in the corporate network including the SQL server. For a Microsoft Active Directory network a Windows Server Update Service server should be in place that can be configured to deploy security patches and service pack updates to all windows operating systems and applications on the network.
Week 2: User Account Security
Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists
References for SQL code: (Kriegel, 2011), (Wilton, 2005)