This chapter presents an overview of data security requirements, and examines the full spectrum of data security risks that must be countered. It then provides a matrix relating security risks to the kinds of technology now available to protect your data. This chapter contains the following sections: Show
Top Security MythsThe field of data security is rife with mistaken beliefs which cause people to design ineffective security solutions. Here are some of the most prevalent security myths:
To design a security solution that truly protects your data, you must understand the security requirements relevant to your site, and the scope of current threats to your data. Understanding the Many Dimensions of System SecurityIn an Internet environment, the risks to valuable and sensitive data are greater than ever before. Figure 1-1 presents an overview of the complex computing environment which your data security plan must encompass. Figure 1-1 Scope of Data Security NeedsText description of the illustration net81104.gif You must protect databases and the servers on which they reside; you must administer and protect the rights of internal database users; and you must guarantee the confidentiality of ecommerce customers as they access your database. With the Internet continually growing, the threat to data traveling over the network increases exponentially. To protect all the elements of complex computing systems, you must address security issues in many dimensions, as outlined in Table 1-1: Table 1-1 Dimensions of Data Security
Think carefully about the specific security risks to your data, and make sure the solutions you adopt actually fit the problems. In some instances, a technical solution may be inappropriate. For example, employees must occasionally leave their desks. A technical solution cannot solve this physical problem: the work environment must be secure. Fundamental Data Security RequirementsThe following sections describe the basic security standards which technology must ensure:
ConfidentialityA secure system ensures the confidentiality of data. This means that it allows individuals to see only the data which they are supposed to see. Confidentiality has several different aspects, discussed in these sections:
Privacy of CommunicationsHow can you ensure the privacy of data communications? Privacy is a very broad concept. For the individual, it involves the ability to control the spread of confidential information such as health, employment, and credit records. In the business world, privacy may involve trade secrets, proprietary information about products and processes, competitive analyses, as well as marketing and sales plans. For governments, privacy involves such issues as the ability to collect and analyze demographic information, while protecting the confidentiality of millions of individual citizens. It also involves the ability to keep secrets that affect the country's interests. Secure Storage of Sensitive DataHow can you ensure that data remains private, once it has been collected? Once confidential data has been entered, its integrity and privacy must be protected on the databases and servers where it resides. Authenticated UsersHow can you designate the persons and organizations who have the right to see data? Authentication is a way of implementing decisions about whom to trust. Authentication methods seek to guarantee the identity of system users: that a person is who he says he is, and not an impostor. Granular Access ControlHow much data should a particular user see? Access control is the ability to cordon off portions of the database, so that access to the data does not become an all-or-nothing proposition. A clerk in
the Human Relations department might need some access to the Note the distinction between authentication, authorization, and access control. Authentication is the process by which a user's identity is checked. When a user is authenticated,
he is verified as an authorized user of an application. Authorization is the process by which the user's privileges are ascertained. Access control is the process by which the user's access to physical data in the application is limited, based on his privileges. These are critical issues in distributed systems. For example, if IntegrityA secure system ensures that the data it contains is valid. Data integrity means that data is protected from deletion and corruption, both while it resides within the database, and while it is being transmitted over the network. Integrity has several aspects:
AvailabilityA secure system makes data available to authorized users, without delay. Denial-of-service attacks are attempts to block authorized users' ability to access and use the system when needed. System availability has a number of aspects: Table 1-2 System Availability Aspects
Security Requirements in the Internet EnvironmentThe Internet environment expands the realm of data security in several ways, as discussed in these sections:
Promises and Problems of the InternetInformation is the cornerstone of e-business. The Internet allows businesses to use information more effectively, by allowing customers, suppliers, employees, and partners to get access to the business information they need, when they need it. Customers can use the Web to place orders which can be fulfilled more quickly and with less error, suppliers and fulfillment houses can be engaged as orders are placed, reducing or eliminating the need for inventory, and employees can obtain timely information about business operations. The Internet also makes possible new, innovative pricing mechanisms, such as online competitive bidding for suppliers, and online auctions for customers. These Internet-enabled services all translate to reduced cost: there is less overhead, greater economies of scale, and increased efficiency. The greatest promise of e-business is more timely, more valuable information accessible to more people, at reduced cost of information access. The promise of e-business is offset by the security challenges associated with the disintermediation of data access. Cutting out the middleman--removing the distributors, wholesalers and retailers from the trading chain--too often cuts out the information security the middleman provides. Likewise, the user community expands from a small group of known, reliable users accessing data from the intranet, to thousands of users accessing data from the Internet. Application hosting providers and exchanges offer especially stringent--and sometimes contradictory--requirements of security by user and by customer, while allowing secure data sharing among communities of interest. While putting business systems on the Internet offers potentially unlimited opportunities for increasing efficiency and reducing cost, it also offers potentially unlimited risk. The Internet provides much greater access to data, and to more valuable data, not only to legitimate users, but also to hackers, disgruntled employees, criminals, and corporate spies. Increased Data AccessOne of the chief e-business benefits of the Internet is disintermediation. The intermediate information processing steps which employees typically perform in traditional businesses, such as typing in an order received over the phone or by mail, are removed from the e-business process. Users who are not employees and are thus outside the traditional corporate boundary (including customers, suppliers, and partners) can have direct and immediate online access to business information which pertains to them. In a traditional office environment, any access to sensitive business information is through employees. Although employees are not always reliable, at least they are known, their access to sensitive data is limited by their job function, and access is enforced by physical and procedural controls. Employees who pass sensitive information outside the company contrary to policy may be subject to disciplinary action. The threat of punishment thus helps prevent unauthorized access. Making business information accessible by means of the Internet vastly increases the number of users who may be able to access that information. When business is moved to the Internet, the environment is drastically changed. Companies may know little or nothing about the users (including, in many cases, employees) who are accessing their systems. Even if they know who their users are, it may be very difficult for companies to deter users from accessing information contrary to company policy. It is therefore important that companies manage access to sensitive information, and prevent unauthorized access to that information before it occurs. Much More Valuable DataE-business relies not only on making business information accessible outside the traditional company, it also depends on making the best, most up-to-date information available to users when they need it. For example, companies can streamline their operations and reduce overhead by allowing suppliers to have direct access to consolidated order information. This allows companies to reduce inventory by obtaining exactly what they need from suppliers when they need it. Companies can also take advantage of new pricing technology, such as online competitive bidding by means of exchanges, to obtain the best price from suppliers, or offer the best price to consumers. Streamlining information flow through the business system allows users to obtain better information from the system. In the past, data from external partners, suppliers, or customers was often entered into the system through inefficient mechanisms that were prone to error and delay. For example, many companies accepted the bulk of their orders by phone, letter, or fax, and this information was typed in by clerks or sales people. Even when electronic data interchange mechanisms existed, they were typically proprietary and difficult to integrate with companies' internal data infrastructure. Now, businesses that allow other businesses and consumers to submit and receive business information directly through the Internet can expect to get more timely, accurate, and valuable information, at less expense than if traditional data channels were used. Formerly, when information was entered into a business system, it was often compartmentalized. Information maintained by each internal department, such as sales, manufacturing, distribution, and finance, was kept separate, and was often processed by physically separate and incompatible databases and applications--so-called "islands of information". This prevented businesses from taking full advantage of the information they already had, since it was difficult for different departments to exchange information when it was needed, or for executives to determine the latest and most accurate status of the business. Companies have found that linking islands of information and consolidating them where possible, allows users to obtain better information, and to get more benefit from that information. This makes the information more valuable. Improving the value of data available to legitimate users generally improves its value to intruders as well. This increases the potential rewards to be gained from unauthorized access to that data, and the potential damage that can be done to the business if the data were corrupted. In other words, the more effective an e-business system is, the greater the need to protect it against unauthorized access. Larger User CommunitiesThe sheer size of the user communities which can access business systems by way of the Internet not only increases the risk to those systems, but also constrains the solutions which can be deployed to address that risk. The Internet creates challenges in terms of scalability of security mechanisms, management of those mechanisms, and the need to make them standard and interoperable. ScalabilitySecurity mechanisms for Internet-enabled systems must support much larger communities of users than systems which are not Internet-enabled. Whereas the largest traditional enterprise systems typically supported thousands of users, many Internet-enabled systems have millions of users. ManageabilityTraditional mechanisms for identifying users and managing their access, such as granting each user an account and password on each system she accesses, may not be practical in an Internet environment. It rapidly becomes too difficult and expensive for system administrators to manage separate accounts for each user on every system. InteroperabilityUnlike traditional enterprise systems, where a company owns and controls all components of the system, Internet-enabled e-business systems must exchange data with systems owned and controlled by others: by customers, suppliers, partners, and so on. Security mechanisms deployed in e-business systems must therefore be standards-based, flexible, and interoperable, to ensure that they work with others' systems. They must support thin clients, and work in multitier architectures. Hosted Systems and ExchangesThe principal security challenge of hosting is keeping data from different hosted user communities separate. The simplest way of doing this is to create physically separate systems for each hosted community. The disadvantage of this approach is that it requires a separate computer, with separately installed, managed, and configured software, for each hosted user community. This provides little in the way of economies of scale to a hosting company. Several factors can greatly reduce costs to hosting service providers. These factors include mechanisms which allow multiple user communities to share a single hardware and software instance; mechanisms which separate data for different user communities; and ways to provide a single administrative interface for the hosting provider. Exchanges have requirements for both data separation and data sharing. For example, an exchange may ensure that a supplier's bid remains unviewable by other suppliers, yet allow all bids to be evaluated by the entity requesting the bid. Furthermore, exchanges may also support communities of interest in which groups of organizations can share data selectively, or work together to provide such things as joint bids. A World of Data Security RisksThe integrity and privacy of data are at risk from unauthorized users, external sources listening in on the network, and internal users giving away the store. This section explains the risky situations and potential attacks that could compromise your data.
Data TamperingPrivacy of communications is essential to ensure that data cannot be modified or viewed in transit. Distributed environments bring with them the possibility that a malicious third party can perpetrate a computer crime by tampering with data as it moves between sites. In a data modification attack, an unauthorized party on the network intercepts data in transit and changes parts of that data before retransmitting it. An example of this is changing the dollar amount of a banking transaction from $100 to $10,000. In a replay attack, an entire set of valid data is repeatedly interjected onto the network. An example would be to repeat, one thousand times, a valid $100 bank account transfer transaction. Eavesdropping and Data TheftData must be stored and transmitted securely, so that information such as credit card numbers cannot be stolen. Over the Internet and in Wide Area Network (WAN) environments, both public carriers and private network owners often route portions of their network through insecure land lines, extremely vulnerable microwave and satellite links, or a number of servers. This situation leaves valuable data open to view by any interested party. In Local Area Network (LAN) environments within a building or campus, insiders with access to the physical wiring can potentially view data not intended for them. Network sniffers can easily be installed to eavesdrop on network traffic. Packet sniffers can be designed to find and steal user names and passwords. Falsifying User IdentitiesYou need to know your users. In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information. How can you be sure that user Pat connecting to Server A from Client B really is user Pat? In addition, malefactors can hijack connections. How can you be sure that Client B and Server A are what they claim to be? A transaction that should go from the Personnel system on Server A to the Payroll system on Server B could be intercepted in transit and routed instead to a terminal masquerading as Server B. Identity theft is becoming one of the greatest threats to individuals in the Internet environment. Criminals attempt to steal users' credit card numbers, and then make purchases against the accounts. Or they steal other personal data, such as checking account numbers and driver's license numbers, and set up bogus credit accounts in someone else's name. Nonrepudiation is another identity concern: how can a person's digital signature be protected? If hackers steal someone's digital signature, that person may be held responsible for any actions performed using their private signing key. Password-Related ThreatsIn large systems, users must remember multiple passwords for the different applications and services that they use. For example, a developer can have access to a development application on a workstation, a PC for sending e-mail, and several computers or intranet sites for testing, reporting bugs, and managing configurations. Users typically respond to the problem of managing multiple passwords in several ways:
All of these strategies compromise password secrecy and service availability. Moreover, administration of multiple user accounts and passwords is complex, time-consuming, and expensive. Unauthorized Access to Tables and ColumnsThe database may contain confidential tables, or confidential columns in a table, which should not be available indiscriminately to all users authorized to access the database. It should be possible to protect data on a column level. Unauthorized Access to Data RowsCertain data rows may contain confidential information which should not be available indiscriminately to users authorized to access the table. You need granular access control--a way to enforce confidentiality on the data itself. For example, in a shared environment businesses should only have access to their own data; customers should only be able to see their own orders. If the necessary compartmentalization is enforced upon the data, rather than added by the application, then it cannot be bypassed by users. Systems must therefore be flexible: able to support different security policies depending on whether you are dealing with customers or employees. For example, you may require stronger authentication for employees (who can see more data) than you do for customers. Or, you may allow employees to see all customer records, while customers can only see their own records. Lack of AccountabilityIf the system administrator is unable to track users' activities, then users cannot be held responsible for their actions. There must be some reliable way to monitor who is performing what operations on the data. Complex User Management RequirementsSystems must often support thousands of users, or hundreds of thousands of users: thus they must be scalable. In such large-scale environments, the burden of managing user accounts and passwords makes your system vulnerable to error and attack. You need to know who the user really is--across all tiers of the application--to have reliable security. Multitier SystemsThis problem becomes particularly complex in multitier systems. Here, and in most packaged applications, the typical security model is that of One Big Application User. The user connects to the application, and the application (or application server) logs on and provides complete access for everyone, with no auditing and unlimited privileges. This model places your data at risk--especially in the Internet, where your Web server or application server depends upon a firewall. Firewalls are commonly vulnerable to break-ins. Scaling the Security Administration of Multiple SystemsAdministration of hundreds of thousands of users is difficult enough on a single system. This burden is compounded when security must be administered on multiple systems. To meet the challenges of scale in security administration, you should be able to centrally manage users and privileges across multiple applications and databases by using a directory based on industry standards. This can reduce system management costs and increase business efficiency. Further, creating and building separate databases for multiple application subscribers is not a cost-efficient model for an application service provider. While technically possible, the separate database model would quickly become unmanageable. To be successful, a single application installation should be able to host multiple companies--and be administered centrally. A Matrix of Security Risks and SolutionsTable 1-3 relates security risks to the technologies which address them, and to the corresponding Oracle products. Table 1-3 Matrix of Security Risks and Solutions
The System Security TeamComplex data security systems require a team of people to ensure security at a particular site. Table 1-4 introduces the types of administrators who may be involved. Table 1-4 The System Security Team
Which one of the following are security challenges that threaten organizations network servers?Specific security challenges that threaten clients in a client/server environment include: unauthorized access; errors; spyware. Specific security challenges that threaten corporate servers in a client/server environment include: hacking; vandalism; denial of service attacks.
Which of the following is the single greatest cause of network security breaches?According to a study by IBM, human error is the main cause of 95% of cyber security breaches.
Which of the following is not an example of a computer used as a target of crime?Chapter 8. Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime quizlet?spear phishing. Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime? The intentional defacement or destruction of a website is called: cybervandalism.
|