Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,400 --> 00:00:03,980 In this lesson, we're going to be discussing database 2 00:00:03,980 --> 00:00:07,550 security, specifically, talking about the principles 3 00:00:07,550 --> 00:00:12,110 of security in general, how those can apply to the database 4 00:00:12,110 --> 00:00:13,730 world as well. 5 00:00:13,730 --> 00:00:17,990 So security is and will be one of the top concerns 6 00:00:17,990 --> 00:00:22,010 in the computing world for the foreseeable future. 7 00:00:22,010 --> 00:00:24,110 It is a big hot topic. 8 00:00:24,110 --> 00:00:28,490 There are companies springing up that focus only on security, 9 00:00:28,490 --> 00:00:32,000 that do things like penetration testing and scanning 10 00:00:32,000 --> 00:00:33,900 and those types of things. 11 00:00:33,900 --> 00:00:36,590 So security is a major concern. 12 00:00:36,590 --> 00:00:40,070 Of course, there's recent examples of department stores 13 00:00:40,070 --> 00:00:45,080 and various companies where the security has been compromised 14 00:00:45,080 --> 00:00:47,030 and the information has leaked out 15 00:00:47,030 --> 00:00:49,160 and it's been made available to people 16 00:00:49,160 --> 00:00:51,230 that it doesn't belong to. 17 00:00:51,230 --> 00:00:53,030 And part of this is because the amount 18 00:00:53,030 --> 00:00:55,940 of information that we're storing 19 00:00:55,940 --> 00:00:57,980 is increasing and increasing. 20 00:00:57,980 --> 00:01:01,880 If you think of all the social networking sites, all of that 21 00:01:01,880 --> 00:01:06,320 is what we call PII, or Personally Identifiable 22 00:01:06,320 --> 00:01:08,810 Information, information that can 23 00:01:08,810 --> 00:01:11,630 be used to identify a particular person. 24 00:01:11,630 --> 00:01:15,170 This type of information is important to companies 25 00:01:15,170 --> 00:01:17,600 like credit card and loan companies 26 00:01:17,600 --> 00:01:20,810 and such to be able to identify a person, as well 27 00:01:20,810 --> 00:01:23,750 as just purchasing things on the internet. 28 00:01:23,750 --> 00:01:26,780 If that information gets out, then other people 29 00:01:26,780 --> 00:01:30,260 can steal identities and impersonate that person. 30 00:01:30,260 --> 00:01:32,240 So all of these things are pointing 31 00:01:32,240 --> 00:01:35,120 to the idea of security coming to a head 32 00:01:35,120 --> 00:01:38,300 really, where there will be even more 33 00:01:38,300 --> 00:01:42,440 incidents in the news that have a big impact on day 34 00:01:42,440 --> 00:01:44,030 to day life. 35 00:01:44,030 --> 00:01:46,640 And the interesting thing for a database administrator 36 00:01:46,640 --> 00:01:49,250 to consider is that most of this information 37 00:01:49,250 --> 00:01:52,010 is stored in a database of some type. 38 00:01:52,010 --> 00:01:55,910 By and large, the information is stored in relational databases, 39 00:01:55,910 --> 00:01:58,730 although there are other types of databases that store 40 00:01:58,730 --> 00:02:02,010 some types of information. 41 00:02:02,010 --> 00:02:06,330 And it's also true that security is often overlooked in the day 42 00:02:06,330 --> 00:02:09,540 to day operations of a database administrator. 43 00:02:09,540 --> 00:02:12,930 Since so much of a database administrators day 44 00:02:12,930 --> 00:02:16,950 is spent fighting fires, performance tuning, 45 00:02:16,950 --> 00:02:20,040 creating objects, backup and recovery, 46 00:02:20,040 --> 00:02:22,830 all those types of things, it is safe to say 47 00:02:22,830 --> 00:02:25,500 that there are a lot of database administrators 48 00:02:25,500 --> 00:02:28,890 that really just don't consider security in the day 49 00:02:28,890 --> 00:02:30,870 to day operations. 50 00:02:30,870 --> 00:02:32,700 And this is just because they're overwhelmed 51 00:02:32,700 --> 00:02:34,590 with other types of things. 52 00:02:34,590 --> 00:02:36,780 And, to be honest, security is one 53 00:02:36,780 --> 00:02:39,360 of those areas where a database administrator is not 54 00:02:39,360 --> 00:02:42,480 going to get a lot of support from other parts 55 00:02:42,480 --> 00:02:45,370 of the organization by and large. 56 00:02:45,370 --> 00:02:48,750 If you're dealing with developers and users, 57 00:02:48,750 --> 00:02:51,510 and you try to implement tight security, 58 00:02:51,510 --> 00:02:53,370 that makes it more difficult for them 59 00:02:53,370 --> 00:02:55,530 to do their jobs, quite simply. 60 00:02:55,530 --> 00:02:57,990 And they don't want those roadblocks. 61 00:02:57,990 --> 00:02:59,760 But it has to be considered. 62 00:02:59,760 --> 00:03:04,290 DBA has to be the one that stands up and at least says, 63 00:03:04,290 --> 00:03:09,330 this is a risk, and we need to mitigate that risk in some way. 64 00:03:09,330 --> 00:03:12,180 Hopefully, the DBA gets support from their management, 65 00:03:12,180 --> 00:03:14,680 although that's not always the case as well. 66 00:03:14,680 --> 00:03:18,540 So, for a DBA, you have to consider the security 67 00:03:18,540 --> 00:03:20,970 and you have to at least make known 68 00:03:20,970 --> 00:03:25,140 your risks and your findings, security problems that 69 00:03:25,140 --> 00:03:26,550 exist in the organization. 70 00:03:26,550 --> 00:03:28,680 You have to at least be able to bring those 71 00:03:28,680 --> 00:03:32,650 to someone's attention, even for your own sake. 72 00:03:32,650 --> 00:03:34,500 One of the principles of security 73 00:03:34,500 --> 00:03:37,800 is the principle of least privilege, 74 00:03:37,800 --> 00:03:42,470 the idea that less is best as far as privileges go. 75 00:03:42,470 --> 00:03:44,810 There's a myth about the typical hacker. 76 00:03:44,810 --> 00:03:47,900 And hackers make the news when they 77 00:03:47,900 --> 00:03:51,410 are some kid in the Ukraine that attacked a bank 78 00:03:51,410 --> 00:03:53,330 or something of that nature. 79 00:03:53,330 --> 00:03:55,340 But that is a myth as far as that 80 00:03:55,340 --> 00:03:58,400 being the main type of attack that 81 00:03:58,400 --> 00:04:00,930 involves computer security. 82 00:04:00,930 --> 00:04:05,250 The majority of attacks against computer security are internal. 83 00:04:05,250 --> 00:04:07,770 And this has been true almost since the beginning 84 00:04:07,770 --> 00:04:09,090 of computers. 85 00:04:09,090 --> 00:04:11,640 It isn't the external attacks, it's 86 00:04:11,640 --> 00:04:14,730 the internal attacks that are more prevalent. 87 00:04:14,730 --> 00:04:17,760 And that's why database security is so important. 88 00:04:17,760 --> 00:04:21,090 Because, if a hacker, or an attacker, or someone who 89 00:04:21,090 --> 00:04:24,990 wants to compromise information, is internal to a company, 90 00:04:24,990 --> 00:04:27,870 then they may have access to the database, 91 00:04:27,870 --> 00:04:30,030 and the data that they're looking for 92 00:04:30,030 --> 00:04:31,920 may be stored in the database. 93 00:04:31,920 --> 00:04:35,730 And so that's why it's not enough in today's world just 94 00:04:35,730 --> 00:04:39,000 to have strong firewalls outside of your company. 95 00:04:39,000 --> 00:04:41,080 Firewall security is important. 96 00:04:41,080 --> 00:04:44,250 And it's not the only security that you have to have. 97 00:04:44,250 --> 00:04:46,920 You have to have security in layers, 98 00:04:46,920 --> 00:04:48,960 sort of walls inside of walls. 99 00:04:48,960 --> 00:04:52,480 And that's where database security comes in. 100 00:04:52,480 --> 00:04:54,250 So the principle of least privilege 101 00:04:54,250 --> 00:04:57,850 states that a user should only be granted the privileges that 102 00:04:57,850 --> 00:05:01,270 are absolutely necessary for that user to accomplish 103 00:05:01,270 --> 00:05:03,040 their given tasks. 104 00:05:03,040 --> 00:05:05,860 So this is the walls within walls. 105 00:05:05,860 --> 00:05:08,410 So, if we say that an attacker could 106 00:05:08,410 --> 00:05:11,230 be internal to the organization, then it's 107 00:05:11,230 --> 00:05:15,280 important that that user internal to the organization 108 00:05:15,280 --> 00:05:18,960 only have the privileges that they absolutely need. 109 00:05:18,960 --> 00:05:22,620 It is easier to confine a potential attacker 110 00:05:22,620 --> 00:05:25,680 and still give the person the kinds of privileges they 111 00:05:25,680 --> 00:05:28,470 need in order to do their job. 112 00:05:28,470 --> 00:05:30,040 But we don't give them more. 113 00:05:30,040 --> 00:05:33,270 And a good example of this is sometimes managers. 114 00:05:33,270 --> 00:05:37,470 If a manager is managing a database administration team 115 00:05:37,470 --> 00:05:40,440 and yet does not log into the database, 116 00:05:40,440 --> 00:05:43,200 oftentimes the manager will say, well, 117 00:05:43,200 --> 00:05:45,270 since I am the manager of the DBAs, 118 00:05:45,270 --> 00:05:47,250 I need to have a database account 119 00:05:47,250 --> 00:05:49,240 with administrative level access. 120 00:05:49,240 --> 00:05:52,350 And that's just not the case, because that just 121 00:05:52,350 --> 00:05:54,930 is one more tunnel into the database that 122 00:05:54,930 --> 00:05:57,540 can be compromised. 123 00:05:57,540 --> 00:05:59,560 Our next principle is auditing. 124 00:05:59,560 --> 00:06:02,830 And the principle of auditing goes back to the statement 125 00:06:02,830 --> 00:06:06,250 that every action should be traceable to one and only one 126 00:06:06,250 --> 00:06:07,120 user. 127 00:06:07,120 --> 00:06:10,870 So, if a user goes in and does an operation, 128 00:06:10,870 --> 00:06:14,630 we should be able to trace that operation back to the user. 129 00:06:14,630 --> 00:06:16,870 So some violations of this kind of 130 00:06:16,870 --> 00:06:20,350 include things like shared passwords, where users 131 00:06:20,350 --> 00:06:21,760 will share their passwords. 132 00:06:21,760 --> 00:06:26,500 Or shared accounts are created that many users use. 133 00:06:26,500 --> 00:06:30,640 So, if we have a single account for all of our developers 134 00:06:30,640 --> 00:06:33,010 to log in and use the database, then, 135 00:06:33,010 --> 00:06:35,320 if something wrong happens, there's 136 00:06:35,320 --> 00:06:38,450 no way to trace that back to an individual user. 137 00:06:38,450 --> 00:06:40,960 So that's what auditing is all about. 138 00:06:40,960 --> 00:06:42,670 A security policy. 139 00:06:42,670 --> 00:06:45,730 Every organization should have a written security policy. 140 00:06:45,730 --> 00:06:48,280 And this goes back to the idea that we 141 00:06:48,280 --> 00:06:51,160 said in the beginning, where security is not 142 00:06:51,160 --> 00:06:54,730 always supported in an organization at the management 143 00:06:54,730 --> 00:06:57,320 level or at the user level. 144 00:06:57,320 --> 00:07:01,360 It is important that a company have a security policy. 145 00:07:01,360 --> 00:07:03,070 These are the things that we allow. 146 00:07:03,070 --> 00:07:06,190 This is the organization of our security, how 147 00:07:06,190 --> 00:07:09,790 it is with roles and privileges, who has what privileges, so 148 00:07:09,790 --> 00:07:10,610 on and so forth. 149 00:07:10,610 --> 00:07:14,320 This is true of a lot of different computer assets, 150 00:07:14,320 --> 00:07:18,200 but especially as it terms with database security. 151 00:07:18,200 --> 00:07:20,350 And, finally, role based security. 152 00:07:20,350 --> 00:07:23,260 Security should be based on job roles rather than 153 00:07:23,260 --> 00:07:25,190 direct permissions. 154 00:07:25,190 --> 00:07:28,870 If you have 100 users, and all of them 155 00:07:28,870 --> 00:07:33,010 are given direct permissions to 1,000 objects, 156 00:07:33,010 --> 00:07:36,490 that's not even very large in an organization or a database. 157 00:07:36,490 --> 00:07:40,030 But the management of keeping all of those permissions 158 00:07:40,030 --> 00:07:42,250 correct is going to be a nightmare. 159 00:07:42,250 --> 00:07:44,770 And problems are going to happen security. 160 00:07:44,770 --> 00:07:47,260 Holes are going to develop from that. 161 00:07:47,260 --> 00:07:50,110 And so that's why security should be role-based. 162 00:07:50,110 --> 00:07:54,190 So a job role, and that role is given to a number of people, 163 00:07:54,190 --> 00:07:56,840 and certain permissions are given to that role. 164 00:07:56,840 --> 00:08:00,010 So role-based security actually makes an organization 165 00:08:00,010 --> 00:08:04,150 more secure because it limits the amount of possibility 166 00:08:04,150 --> 00:08:08,260 there are for breaches with direct permissions. 13634