Database Security Implementation
In Taxation System
Database security plays a critical role in any institution, and it is contribution to protect data against attackers has become of significance. This is based on database security features. Therefore, this research aims at understanding the practices and true implementation of database security to curb security vulnerabilities.
For applying security features in term of database security (e.g., achieving security through, role base access control, monitoring, password policy, authentication, encryption).
In this respect, the main object of this work is to identify links between database security holes and analysis of security features provided by information technology vendors to mitigate the security weaknesses.
In this context, a triangle approach will be used in which quantitative and qualitative data will be applied through a questionnaire and semi structured interviews to address different level of investigation, and to test the validity of this hypothesis.
Key words: database security, access, password, monitoring, vulnerabilities.
The implementation, of database security plays a critical role in various computer activities, because database is considered as a powerful tool that holds and classifies data according to user needs.
Within the spread of network it is very hazardous environment specially in a situation that the database lacks security, according to Evan data (market research firm in 2002) reported that 10% of database had experience security violation, moreover 40% of banks and financial companies reporting incidents of unauthorized database access and data corruption. He added that medical/health care firms have reported similar types of irregularities.
On the other hand, the revolution of information technology and communication system have changed the way people dealing with database (computer ethics) violations.
In recent years, especially many business firms have been using database in Sudan.
The vision of implementing database security can tackle the maximum security problems all over world. This because the wide use of internet has created a fast growing community and challenges that need database security. This is due to it’s unique detecting characteristics.
Thus, the database unique system depends on researchers who seeks to add a body of knowledge by investigating and understanding the practices and implementation of security activities to reduce security vulnerabilities by conducting research about implementing database security in the above titled project.
1.1.1 Database Security
It is a system, process and procedures that protect a database from unusual activities that can be categorized as authentication misuses, malicious attacks or processes. Database security is also dealing with practices and broader computer security.
Traditional databases have been protected by fire walls and routers on the network with the database tool existing on the internal network which are assigned to be located within additional network security that detect and alarm if there is any security hazard from intruders.
Database provides many layers and type of information security including the following:
- Access control
- Integrity controls
Vulnerability assessment and compliance are also very important procedures when evaluating database security performed vulnerability assessments for database.
Usually, administrator run the vulnerability scanner on database this means to in order to discover miss configuration of controls within the layers mentioned above a long with known holes within database software.
This scanning minimizes holes to prohibit intruders break into database. In spite of database object including tables , table links and all these objects need the database administrator for granting permission for all roles.
A familiar risk study is a better way to be applied in order to determine who has committed crimes and reveals unauthorized access to database.
Anyhow, the risk analysis facilitates a better guideline to which did you home concerning and concentrating on database object.
Figure 1.1 shows the database crime incidents that had been noticed in Sudan
Figure 1.1: Database crimes
The research work has proven that no poor monitoring database system is still in use in Sudan. This is due to the rare reporting and this limitation is well demonstrated in the Figure 1.2 below
Figure 1.2: Database attacker had been arrested in Sudan
2. The previous studies:-
The literature of review, that relates to this area of investigation covers a wide range of work (in its wider broad sense which include: Journals, Academic Books, theses and dissertations, short articles, E-databases, conference papers,…etc.). The research studies investigated and covered a wide rang of Database concept areas, such as: Database security/Oracle certificate association/Relational Database/ Role base access control / Auditing. The range areas illustrated in Figure2.
Figure 2: database Security tools
The main objectives of this research are to: develop a model in order to understand and interpret the use of database security features by any business firms in Sudan, in turn, this model will lead to the exploration and analysis of the implementation of database security. Also , by developing this model, the irregularities and miss use of database will curbed.
The result of implemented database security tools in taxation chamber demonstrated in Table 1 as shown below
Table 1: Database Security Tools
4. Research Process:-
The research process will be conducted through five basic stages (as illustrated in Figure3) these stages are: Identification of the research problem and objectives, the development of the research framework, Research methodology, Quantitative and qualitative data analysis, result of the discussion.
Figure 3: The research process
To conclude that with such literature sited and methodology plan that will applied a comprehensive study in security database will successfully be worked..
7.1 Research Methodology:-
Nonetheless, regarding the research methods it was found that the majority of research depended on Questionnaires with a percentage of 60.4 % as illustrated in Figure 5: 29.6 % applied Interviews, 6 % applied observation and 4 % applied Focus Groups.
Based on the practical approach, this can be reaches through examination of different methodologies and approaches employed in previous studies and the researchers should take into consideration the root cause and aim at applying methodologies in a contemporary database security.
Generally, there is no optimal research methodology or a comprehensive approach addresses the database security problem. This because these previous methodologies or approaches have inconsistencies and drawbacks. But a researcher must come up with the most appropriate research methodology and techniques to his work in light of his research goals. These techniques are shown in Figure 4,5.
Figure 4: Research Methodology Used in Database Security
Figure 5: Research Methodology Used in Database Security
Implementation of database security will provide different characteristics for the whole processes; i,e., it will enhance the system of database application and limit manipulative practices, therefore, it is considered as very powerful tools that tackle security problems.
Furthermore, by monitoring suspicious activities and hardening through eliminating database holes and applying security rules to database will afford strong well built database.
Database security should be a contemporary reliable system and hence any institution in Sudan would be advised to apply the database security in order to protect their information.
(1) Introduction To Database System
Author Chris J. Date
Publish date 2000
(2) Database Programming
Author Scott Urman
Publish date 2000
Publisher Brandon A.nordin
(3) Oracle University
Author Mark Sullivan
Publish date (may 1999).
Publisher Kelly Lee, Sherry Polm.
(4) Implementing database security
Author Roben Ben Natan
Publish date 2005
Publisher Elsevier Digital Press