IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 2.40 Complexity of database access<br />

A database management system (DBMS) is used to access one or more<br />

databases. This access can take place directly or via an application. To ensure<br />

the integrity of a database, all access to it must be controlled from a central<br />

point of administration. <strong>The</strong> complexity of such access procedures can result<br />

in the following problems:<br />

Incorrectly designed user environment<br />

- If access rights for database users are too restrictive, this might prevent<br />

certain tasks from being accomplished.<br />

- If access rights for users are too loosely defined, this might lead to the<br />

unauthorised manipulation or browsing of data. This will also violate the<br />

integrity and confidentiality of the database.<br />

- If users are allowed to access a database directly (instead of via an<br />

application), this might damage the integrity of the database through data<br />

manipulations whose consequences cannot be foreseen by the users.<br />

- If database objects are not protected explicitly by the accessing<br />

applications through the use of an appropriate concept of authorisation and<br />

access, this could result in the manipulation of such database objects (e.g. a<br />

modification of table fields or indices). <strong>The</strong> database could be destroyed as<br />

a result.<br />

Remote access to databases<br />

- If a database is made accessible within a network, inadequate security<br />

safeguards for remote access procedures might allow the manipulation and<br />

unauthorised browsing of data. This will also violate the integrity and<br />

confidentiality of the database.<br />

Database queries<br />

- <strong>The</strong> total number of possible database queries must be restricted for each<br />

user and certain queries must be prohibited explicitly. Otherwise the<br />

confidentiality of sensitive data might be violated (particularly in the case<br />

of statistical databases).<br />

- If database queries from a certain application are not implemented in<br />

accordance with the SQL standard, the DBMS might not be able to execute<br />

and may therefore reject such queries (especially if database management<br />

systems from different vendors are in use).<br />

- Database queries which have not been specified precisely may supply<br />

incorrect or unexpected results if the database objects have been modified.<br />

Example: <strong>The</strong> query "SELECT * FROM table" returns all the<br />

attributes/fields of a tupel/data record. If a field is now added to, or deleted<br />

from this table, fatal consequences may arise for applications which make<br />

use of this query.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!