Two questions and answers are below. In your opinion please answer as to how question was answer. 6th edition APA sytle no sources needed
Enterprise Database Security
There are many problems with securing enterprise databases, far more than the IT industry would care to acknowledge. Research and discusss one particular database security issue. How can this problem be addressed?
One major issue with database security is the application of structured query language (SQL) injection into the entry form applications of a database. This type of attack allows the attacker to insert an executable line of code into the SQL server. According to Michael Gertz, he stated that “construct queries on the fly can be fooled into constructing improper requests” (Gertz, 2009, pg. 172). The code has to be introduced into the system upon variable execution. After all the variables are entered, the malicious code will be activated upon condition when all the lines of code have been entered in the server. In addition, Jonathan James states that “SQL statements must be reviewed for vulnerabilities that are concatenated with SQL commands” (James, 2011). Hardening techniques include the removal of string variables that ignore the drop variables and that drop variables are not allowed to be inserted into the actual query. Programmers must ensure that all statements are valid and that there are no string variables that allow the insertion of commands that are not valid to execute.
Source:
Gertz, M. (2006). Database Security. In Bidgoli, H. (Ed.) Custom Textbook for CSEC630 – Handbook of Information Security – Threats, Vulnerabilities, Prevention, Detection, and Management. Hoboken, NJ: John Wiley & Sons, Inc.
James, J. (2011, February 15). SQL Injection. Microsoft.com. Retrieved from http://msdn.microsoft.com/en-us/library/ms161953(v=sql.105).aspx
Securing Databases
How can you make your database more hacker-proof? How do you ensure the security of an organizations’ distributed databases?
While emphasis is on hardening of computer systems there must be processes that protect the data and datafiles themselves. The database should not be allowed on the perimeter router that would allow direct access to the database. The database should reside behind the firewall with access control based on either role-based access control or object-based access control. Permissions allow the database to be manipulated by the owner of the object or role within the application would be used. The database should utilize encryption techniques that require the data to be encrypted upon completion or transmission and have database user passwords to access the datafile. In the text John McGowan, Jeffrey Bardin and John McDonald advise “separating network traffic to the database can be done by VLAN” (McGowan, Bardin, & McDonald, 2009, pg. 575). Placing the database on a segregated VLAN will minimize the network interfaces that would have access to the database and limit the database of exposure to outside intruders. These are all techniques that can be utilized to secure databases.
Source:
McGowan, J.; Bardin, J.; & McDonald J. (2009). Chapter 33 – SAN Security. In Vacca, J.R. (Ed.) Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann Publishers