Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,400 --> 00:00:03,980 In this lesson, we're going to be discussing database 2 00:00:03,980 --> 00:00:07,550 security, specifically, talking about the principles 3 00:00:07,550 --> 00:00:12,110 of security in general, how those can apply to the database 4 00:00:12,110 --> 00:00:13,730 world as well. 5 00:00:13,730 --> 00:00:17,990 So security is and will be one of the top concerns 6 00:00:17,990 --> 00:00:22,010 in the computing world for the foreseeable future. 7 00:00:22,010 --> 00:00:24,110 It is a big hot topic. 8 00:00:24,110 --> 00:00:28,490 There are companies springing up that focus only on security, 9 00:00:28,490 --> 00:00:32,000 that do things like penetration testing and scanning 10 00:00:32,000 --> 00:00:33,900 and those types of things. 11 00:00:33,900 --> 00:00:36,590 So security is a major concern. 12 00:00:36,590 --> 00:00:40,070 Of course, there's recent examples of department stores 13 00:00:40,070 --> 00:00:45,080 and various companies where the security has been compromised 14 00:00:45,080 --> 00:00:47,030 and the information has leaked out 15 00:00:47,030 --> 00:00:49,160 and it's been made available to people 16 00:00:49,160 --> 00:00:51,230 that it doesn't belong to. 17 00:00:51,230 --> 00:00:53,030 And part of this is because the amount 18 00:00:53,030 --> 00:00:55,940 of information that we're storing 19 00:00:55,940 --> 00:00:57,980 is increasing and increasing. 20 00:00:57,980 --> 00:01:01,880 If you think of all the social networking sites, all of that 21 00:01:01,880 --> 00:01:06,320 is what we call PII, or Personally Identifiable 22 00:01:06,320 --> 00:01:08,810 Information, information that can 23 00:01:08,810 --> 00:01:11,630 be used to identify a particular person. 24 00:01:11,630 --> 00:01:15,170 This type of information is important to companies 25 00:01:15,170 --> 00:01:17,600 like credit card and loan companies 26 00:01:17,600 --> 00:01:20,810 and such to be able to identify a person, as well 27 00:01:20,810 --> 00:01:23,750 as just purchasing things on the internet. 28 00:01:23,750 --> 00:01:26,780 If that information gets out, then other people 29 00:01:26,780 --> 00:01:30,260 can steal identities and impersonate that person. 30 00:01:30,260 --> 00:01:32,240 So all of these things are pointing 31 00:01:32,240 --> 00:01:35,120 to the idea of security coming to a head 32 00:01:35,120 --> 00:01:38,300 really, where there will be even more 33 00:01:38,300 --> 00:01:42,440 incidents in the news that have a big impact on day 34 00:01:42,440 --> 00:01:44,030 to day life. 35 00:01:44,030 --> 00:01:46,640 And the interesting thing for a database administrator 36 00:01:46,640 --> 00:01:49,250 to consider is that most of this information 37 00:01:49,250 --> 00:01:52,010 is stored in a database of some type. 38 00:01:52,010 --> 00:01:55,910 By and large, the information is stored in relational databases, 39 00:01:55,910 --> 00:01:58,730 although there are other types of databases that store 40 00:01:58,730 --> 00:02:02,010 some types of information. 41 00:02:02,010 --> 00:02:06,330 And it's also true that security is often overlooked in the day 42 00:02:06,330 --> 00:02:09,540 to day operations of a database administrator. 43 00:02:09,540 --> 00:02:12,930 Since so much of a database administrators day 44 00:02:12,930 --> 00:02:16,950 is spent fighting fires, performance tuning, 45 00:02:16,950 --> 00:02:20,040 creating objects, backup and recovery, 46 00:02:20,040 --> 00:02:22,830 all those types of things, it is safe to say 47 00:02:22,830 --> 00:02:25,500 that there are a lot of database administrators 48 00:02:25,500 --> 00:02:28,890 that really just don't consider security in the day 49 00:02:28,890 --> 00:02:30,870 to day operations. 50 00:02:30,870 --> 00:02:32,700 And this is just because they're overwhelmed 51 00:02:32,700 --> 00:02:34,590 with other types of things. 52 00:02:34,590 --> 00:02:36,780 And, to be honest, security is one 53 00:02:36,780 --> 00:02:39,360 of those areas where a database administrator is not 54 00:02:39,360 --> 00:02:42,480 going to get a lot of support from other parts 55 00:02:42,480 --> 00:02:45,370 of the organization by and large. 56 00:02:45,370 --> 00:02:48,750 If you're dealing with developers and users, 57 00:02:48,750 --> 00:02:51,510 and you try to implement tight security, 58 00:02:51,510 --> 00:02:53,370 that makes it more difficult for them 59 00:02:53,370 --> 00:02:55,530 to do their jobs, quite simply. 60 00:02:55,530 --> 00:02:57,990 And they don't want those roadblocks. 61 00:02:57,990 --> 00:02:59,760 But it has to be considered. 62 00:02:59,760 --> 00:03:04,290 DBA has to be the one that stands up and at least says, 63 00:03:04,290 --> 00:03:09,330 this is a risk, and we need to mitigate that risk in some way. 64 00:03:09,330 --> 00:03:12,180 Hopefully, the DBA gets support from their management, 65 00:03:12,180 --> 00:03:14,680 although that's not always the case as well. 66 00:03:14,680 --> 00:03:18,540 So, for a DBA, you have to consider the security 67 00:03:18,540 --> 00:03:20,970 and you have to at least make known 68 00:03:20,970 --> 00:03:25,140 your risks and your findings, security problems that 69 00:03:25,140 --> 00:03:26,550 exist in the organization. 70 00:03:26,550 --> 00:03:28,680 You have to at least be able to bring those 71 00:03:28,680 --> 00:03:32,650 to someone's attention, even for your own sake. 72 00:03:32,650 --> 00:03:34,500 One of the principles of security 73 00:03:34,500 --> 00:03:37,800 is the principle of least privilege, 74 00:03:37,800 --> 00:03:42,470 the idea that less is best as far as privileges go. 75 00:03:42,470 --> 00:03:44,810 There's a myth about the typical hacker. 76 00:03:44,810 --> 00:03:47,900 And hackers make the news when they 77 00:03:47,900 --> 00:03:51,410 are some kid in the Ukraine that attacked a bank 78 00:03:51,410 --> 00:03:53,330 or something of that nature. 79 00:03:53,330 --> 00:03:55,340 But that is a myth as far as that 80 00:03:55,340 --> 00:03:58,400 being the main type of attack that 81 00:03:58,400 --> 00:04:00,930 involves computer security. 82 00:04:00,930 --> 00:04:05,250 The majority of attacks against computer security are internal. 83 00:04:05,250 --> 00:04:07,770 And this has been true almost since the beginning 84 00:04:07,770 --> 00:04:09,090 of computers. 85 00:04:09,090 --> 00:04:11,640 It isn't the external attacks, it's 86 00:04:11,640 --> 00:04:14,730 the internal attacks that are more prevalent. 87 00:04:14,730 --> 00:04:17,760 And that's why database security is so important. 88 00:04:17,760 --> 00:04:21,090 Because, if a hacker, or an attacker, or someone who 89 00:04:21,090 --> 00:04:24,990 wants to compromise information, is internal to a company, 90 00:04:24,990 --> 00:04:27,870 then they may have access to the database, 91 00:04:27,870 --> 00:04:30,030 and the data that they're looking for 92 00:04:30,030 --> 00:04:31,920 may be stored in the database. 93 00:04:31,920 --> 00:04:35,730 And so that's why it's not enough in today's world just 94 00:04:35,730 --> 00:04:39,000 to have strong firewalls outside of your company. 95 00:04:39,000 --> 00:04:41,080 Firewall security is important. 96 00:04:41,080 --> 00:04:44,250 And it's not the only security that you have to have. 97 00:04:44,250 --> 00:04:46,920 You have to have security in layers, 98 00:04:46,920 --> 00:04:48,960 sort of walls inside of walls. 99 00:04:48,960 --> 00:04:52,480 And that's where database security comes in. 100 00:04:52,480 --> 00:04:54,250 So the principle of least privilege 101 00:04:54,250 --> 00:04:57,850 states that a user should only be granted the privileges that 102 00:04:57,850 --> 00:05:01,270 are absolutely necessary for that user to accomplish 8343