Information Security Essay - 1,044 words

Information Security Database is the main component of the major applications based on the web. It gives a possibility to present various dynamic contents. In so far as such database can contain sensitive important and secret information, it is worth-while to focus attention on database security. Every person who works with database needs first to connect to it, then send a request, process an answer and close the connection to get or save information. A Structured Query Language SQL is used very frequently. What hacker is able to do with SQL-request? It is known that PHP cannot protect the database.


There is a simple rule: the security should cover all possible breaches. The more places DB administrators protect, the less it is probable that hacker will use secret information, stored in database. All dangerous breaches can be protected if the structure of database and its application is well developed. Lets examine two articles related to database security. The first article, Database Security? Protecting Sensitive and Critical Information provides readers with definition and distinctions between network security and data security. Scott C.


Newins considers that database security does not supercede other security technologies, such as network layer firewalls, network monitoring, SSL-secured communications, operating system and application hardening. But data protection needs to be in place as the core element of a complete enterprise security infrastructure. (2003, para 2). He focuses attention on potential risk associated with sensitive information within databases (2003, para 3). However, Scott C. Newins underlines that it is very important to be sure that authorized persons are able to obtain information while DB administrators are planning their database security.


The bank stores all passwords and other secret information in special encrypted files, so it is important to organize access to database to obtain the information at the appropriate time. The author of the book recommends to focus attention on proper access control, selective encryption of stored data, separation of duties and centralized independent audit functions (2003, para 3) to protect the database. Scott C. Newins notices that although there can be network authorization, different access codes, roles, passwords, logins and some databases remain unprotected. In such cases, it is not enough to protect the perimeter: it is important to be able to use out-of-the-box application transparent encryption (2003, para 17) and other technologies. Newins considers that DB administrators should know all basic principles of databases and database security.


He specifies useful tips on DB and protection and gives specific examples regarding what can be done about interference. Lets analyze the database security and provide the user with definite recommendations according to Newins. The basic idea is this, "You can't access what you can't see". (Blake Wiedman, 2005, para. 14) First step in database security is, actually, creation/writing the database, except of cases when DB administrator uses a ready-made database. When writing a DB, a person determines the owner (admin).


Administrator can do any changes with objects inside the database and has to provide other users with access to his DB. He can create differen ...................................................................................................................................................................................................................................................................................................................................................................

...................You are reading a preview................... Visit our Blog and Unlock Full Access to this essay

Continue READING the FULL Essay by clicking HERE

Essay Tags: database, information security, administrator, para, application

This is an Essay sample / Research paper, you can use it for your research of: Information Security