Last night we spent a decent amount of time discussing the database level of a database server as well as the operating system level of a database server. Why do you think we spent so much time discussing this? What are two main levels of security that affect a database server (hint: there are tables within the db itself, but these tables all boil down to files in a folder in windows) How do we ensure both levels are secured?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Jason Poli says
An organization’s most valuable asset in the world of IT is its databases. They hold all the information that enables a business to operate effectively and achieve its mission. Databases are also the main target by cybercriminals. It make sense to spend significant time covering databases because almost everything we learn regarding protecting informational systems and assets applies to what’s stored on databases, and how databases are used by both clients and servers. Two security levels that affect a database server could be the client level and server level. Both provides access points to cybercriminals and need to be analyzed for vulnerabilities. The client level can be secured through strong password policies and authorization controls to make sure customer accounts only access the server in the ways intended. The server level can be protected by good physical security (assuming it’s not a cloud) to the mainframe computers running the database, as well as encryption so that if access is gained by an unauthorized user, the information is not readily available or easy to interpret. IT Auditors and security professionals should also continuously monitor database activity to identify compromised user accounts, and perhaps if an employee/administrator activity seems suspicious.
Xinyi Mao says
Database is very important for information technology because all of company’s data are stored in several databases and databases become the final target for cybercriminal. So securing database is important for IT auditor. In this chapter, we learned that MySQL interact with other application software, and that authorize privilege to end users and administrators can protect database from being unauthorized access. The two levels maybe administrators level and clients level. For administrators, they should perform regularly data backup, monitoring, and maintaining user accounts. For users, they should keep their password and username securing.
Zhibin Wang says
The operating system should be protected because it manages the computer’s memory, processes, and all the software and hardware running on the computer. for the security in database, security can be provided by encrypting PII and sensitive information in the table to column.for the security at server, physical servers and operating systems should be strengthened to protect the database. Network access should be restricted and precautions taken
Zhibin Wang says
the two level should be administrator level and user level. As an IT auditor, you need to check security from a user and administrator perspective. As a user, it is important to properly restrict users’ access to different levels of databases
Natalie Dorely says
The reason why we spent so much time discussing this is is because it is important to know the process of the database and operating system level of a database server. The two main levels of security that affect a database server is the administration and clients. Administration has the authority to modify the database server to fit needs, while the clients may make changes tailored to their business. We can ensure both levels are secured through auditing the servers as IT Auditors and using appropriate testing to provide reasonable assurance.
Junjie Han says
The database contains all the data information, which is equivalent to a bank vault.Protecting the database is very important, and the ultimate goal of the hacker is the important part of the customer information in the database, for example, PII, and credit card information.The two security levels of the database are client level and server level.Among them, server level needs a strong firewall to filter the external network to ensure that the information is properly authorized through SQL access.In addition, strong encryption of passwords can protect the database.
Lingyi Xu says
By storing the data in different tables, you can reduce the probability of editing the data. At the same time, for different parts of the data collection, the split table also gives different people different permissions, which is what IT auditors should pay attention to. In order for ERD to work with SQL, we need to create queries for SQL. We can create and insert our data into SQL and edit mySQL delete commands. To design an ERD, you need an outline of the business structure.
Louis Gusbar says
The reason we spent so much time talking about this is because DBs hold all the vital information that hackers want to get. They contain all the private and sensitive information that we are trying to secure. the two main levels of security are at the client and server. At the client level it is important that there is a password policy the ensures strong passwords, regular password updates, secure password reset processes, and other security measures like two-factor authentication and CAPTCHA. Also, that administrators are regularly updating and managing the servers with patches and audits. At the server level it is important to physically secure the servers. This includes restricting physical access, backing up data to multiple locations, having power back ups and more.
Peiran Liu says
The reason why we discuss it so much is that it is very important as databases are one of the most valuable asset for the company. The two levels are client level and server level. For client level, we need good password policy and more authentication method. For server level, we need administrators to install updates and patches to make it secure.