L9: Application Security | Database Security| Email Security| Internet Security in hindi

Application security:

Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security is becoming an increasingly important concern during development as applications become more frequently accessible over networks.Actions taken to ensure application security are sometimes called countermeasures.

Database Security:

Database security is the protection of the database against intentional and unintentional threats that may be computer-based or non-computer-based. Database security is the business of the entire organization as all people use the data held in the organization's database and any loss or corruption to data would affect the day-to-day operation of the organization and the performance of the people. Therefore, database security encompasses hardware, software, infrastructure, people and data of the organization. 

  1. Threats to a Database:

A threat is any situation or event, either intentional or unintentional that may affect a system and organization. Whether the threat is intentional or unintentional, the impact may be the same. The threats may be caused by a situation or event that involves a person, action or circumstance that is likely to produce harm to someone or to an organization. The harm may be tangible like loss of hardware, software or data. The harm may also be intangible like loss of credibility or client confidence and trust. Threats to data security may be a direct and intentional threat to the database.

Those who gain unauthorized access to a database like computer hackers may steal or change the data in the database. And they would have to have special knowledge in order to do so.

2.     Data Tampering 

Privacy of communications is essential to ensure that data cannot be modified or viewed in transit. The chances of data tampering are high in case of distributed environments as data moves between sites. In a data modification attack, an unauthorized party on the network intercepts data in transit and changes that data before retransmitting it.

3.     Falsifying User Identities

In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information. Criminals attempt to steal users' credit card numbers, and then make purc~1ases against the accounts. Or they steal other personal data, such as bank account numbers and driver's license numbers etc.

4.     Password-Related Threats

In large systems, users must remember multiple passwords for the different applications and services that they use. Users typically respond to the problem of managing multiple passwords in several ways:

  • They may select easy-to-guess password
  • They may also choose to standardize passwords so that they are the same on all machines or websites.

Security Levels

To protect the database, we must take security measures at several levels:

  • Physical:The sites containing the computer systems must be secured against armed or surreptitious entry by intruders.
  • Human:Users must be authorized carefully to reduce the chance of any such user giving access to an intruder in exchange for a bribe or other favors .
  • Operating System: No matter how secure the database system is, weakness in operating system security may serve as a means of unauthorized access to the database.
  • Network:Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in networks private to an enterprise.

 

Data Security methods

Confidentiality

A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data they are supposed to see. Confidentiality has several aspects like privacy of communications, secure storage of sensitive data, authenticated users and authorization of users.

Privacy of Communications

The DBMS should be capable of controlling the spread of confidential personal information such as health, employment, and credit records. It should also keep the corporate data such as trade secrets, proprietary information about products and processes, competitive analyses, as well as marketing and sales plans secure and away from the unauthorized people.

Authentication

One of the most basic concepts in database security is authentication, which is quite simply the process by which it system verifies a user's identity, A user can respond to a request to authenticate by providing a proof of identity, or an authentication token

Eg: If you have ever been asked to show a photo ID (for example, when opening a bank account), you have been presented with a request for authentication. You proved your identity by showing your driver's license (or other photo ID). In this case, your driver's license served as your authentication token.

Authorization

An authenticated user goes through the second layer of security, authorization. Authorization is the process through which system obtains information about the authenticated user, including which database operations that user may perform and which data objects that user may access. Example: an authorization document.

E-mail Security:

Email security describes various techniques for keeping sensitive information in email communication and accounts secure against unauthorized access, loss, or compromise. Email is a popular medium for the spread of malware, spam, and phishing attacks, using sensitive information, open attachments or click on hyperlinks that install malware on the device.

Email security refers to the collective measures used to secure the access and content of an email account or service. It allows an individual or organization to protect the overall access to one or more email addresses/accounts.An email service provider implements email security to secure subscriber email accounts and data from hackers - at rest and in transit.

The Need for Email Security:

Email security is a broad term that encompasses multiple techniques used to secure an email service. From an individual/end user standpoint, proactive email security measures include:

  • Strong passwords
  • Password rotations
  • Spam filters
  • Desktop-based anti-virus/anti-spam applications

Similarly, a service provider ensures email security by using strong password and access control mechanisms on an email server; encrypting and digitally signing email messages when in the inbox or in transit to or from a subscriber email address. It also implements firewall and software-based spam filtering applications to restrict unsolicited, untrustworthy and malicious email messages from delivery to a user’s inbox.

It is very easy to spoof an e-mail message and alter the name in the form field. All attacker requires to modify information within the preference section of his/her mail & restart the application. This is the act of sending spoofed messages that pretend to originate from a source the user trusts and has a business relation with such as a bank.