Secure Your Data

How to Secure Your Data?

Welcome to the latest news from TalkIT. This issue looks at designing a database security plan. When you want more support try our course in data security.

These are my thoughts based on working with databases over the last 15 years. Please add your comments below.

Contents

What Is Cyber Security?

How to Secure Databases?

How to Design a Security Plan?

Other Bits

What Is Cyber Security?Data Security

Before we consider databases, let’s start with cyber security. The term was first used in 1988. Then there were only 60 k slow computers connected to the internet. But attacks had started on private, government and corporate systems. The recent use of data centres in the cloud has increased risks.

Hackers include criminals who want to attack financial systems.  But also lone individuals and groups with that seek political influence. These “hackivists”, like the group called “Anonymous” claim they want justice. Governments themselves can initiate attacks and coordinate defences.

The targets of attacks are wide ranging. Recent targets include Tesco’s bank, Sony, Yahoo, the CIA and the US Democratic Party.

Attacks make use of malware such as Worms (that reproduce themselves across computers) and Trojan Horses (that pretend to be ordinary software). “Denial of Service” attacks are popular. These flood a network with false service requests.

Cyber security is a major global problem.  Protection requires international treaties and laws. The Network and Information Security (NIS) Directive was proposed as part of the European Union’s cyber security strategy,

What can you do to protect yourself? Use long strong passwords. Install up-to-date antivirus software. Only use secure Wi-Fi connections.

As a developer how can you protect the software you create? Our online courses emphasise best practices. These help build secure systems. Take a look at our HTML5 online course.

How to Secure Databases?

Data held in databases is particularly vulnerable to attack. The threats include:

  • Theft of data
  • Data vandalism
  • Data integrity
  • Illegal storage
  • Many more…

A security design philosophy involves:

  • Secure by design
  • Secure by default
  • Secure in deployment
  • Secure through communications

A security plan is best implemented from the start, not added at the end. After this regular security reviews can patch any holes that have appeared.

How to Design a Security Plan?Security Plan

When implementing a database, create the security plan along with the table schema.

The securable objects are the server and the database itself. Then think of a hierarchy within the database: tables, procedures, views, functions, schemas … The security issues are as critical as the database’s performance.

Controlling access is a two step process:

  1. Authentication
  2. Authorisation

Authentication determines who wants access to the server. Microsoft SQL Server uses Logins to establish the identity of a request. These can be based on a Windows account or an independent SQL Server user id & password. Authentication is like arriving at a hotel reception and being asked for your passport.

For more take a look at our SQL Server administration course.

Authorisation determines what user can do with a database. The login is associated with a user or role. Roles can be granted or denied permissions for a wide range of activities. Authorisation is like being told your room number then using the hotel’s facilities.

The users and their roles are the key database players. Who are they and what do they need to do? Do you need to create public roles like managers and operators? When a user becomes a member of a role they inherit the permissions for that role. It is more effective to first create roles, and then grant appropriate permissions. Users can then be added or removed from relevant roles.

Other Bitsbits

TalkIT has been very active on social media recently. We have been posting on coding and IT humour. Why don’t you connect with us on Twitter or FaceBook? You can follow all the latest news and let us know what you think.

Time for a Career Opportunity? Gain Microsoft certifications

MCSD/MCSA Developing MVC Web applications Exam 486

Do you want to move forward with your career in 2017 … how about getting a developer certification?

Time for a Career Opportunity? Gain Microsoft certifications MCSD/MCSA Programming in C# Exam 483.

Top 5 programming languages in 2017? Which languages provide career opportunities & salary?

SQL Server Database Development and Administration courses Bath U.K. Make your data work for you.

SQL Server Business Intelligence courses Bath U.K. Transform data to strategy. Make raw data presentable.

twitter_circle_color-64 facebook_circle_color-64

 Thanks to http://www.freedigitalphotos.net

David Ringsell TalkIT 2017 ©

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top