IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 2.38 Lack of, or inadequate implementation of
database security mechanisms
Database software normally includes a number of security mechanisms that
allow data to be protected against unauthorised access and similar intrusions.
However, most of these mechanisms do not activate automatically and need
to be activated manually from the database administrator. If none of these
mechanisms is used, neither the confidentiality nor the integrity of the data
can be guaranteed. In such cases, it is usually not possible to identify and log
security violations. The consequences of this can range from the manipulation
and loss of data to the destruction of the database.
Example:
In the case of the MS Access database, activation of the password is optional.
Due to this it is quite possible to gain unauthorised access to the database and
to therefore also have unauthorised access to all kinds of data stored inside
the database. In this case, any auditing of database access is not possible.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000