Order Now

Expert answer:data base security

Uncategorized

Solved by verified expert:question is below
ass_chp_10.docx

Unformatted Attachment Preview

Answer questions:
1, 2,3,6,7,10,11,12 questions in last page.Document required in times new roman.
Security Testing Classification
As mentioned earlier, you must understand the behavior and mind-set of a potential attacker to
effectively test the security of a network. Therefore, successful security testing in a database
environment is conducted from the attacker’s perspective and is categorized in terms of the viewpoint
from which it is conducted. We most often think of an attacker as an external force whose primary goal
is to break into a network or a database envi- ronment, but, as mentioned earlier in the book, intruders
can exist internally as well. Internal users are just as dangerous, if not more dangerous, than those
unauthorized external ones. Therefore, to be successful, testing that is conducted from the attacker’s
perspective must include both internal and external vantage points. The following list identifies the
different perspectives from which security testing within a database environ- ment can be conducted:

Internal testing—Internal testing is conducted within the organization’s security bor- der. This
type of testing will display vulnerabilities that exist among internal users such as employees and
contractors. Testing will identify attacks and the damage that can be caused within the database
environment itself. A task conducted during an internal security assessment might include an evaluator
who logs in to a user’s com- puter in an attempt to extend his or her privileges on a particular database
system.

External testing—External testing is conducted outside the organization’s network security
border. This type of testing will display attacks and liabilities that can be exploited externally from
competitors, remote users, and hackers. Initial tasks most commonly completed during external testing
outside a database environment primarily involve information gathering—because an intruder must
gain information about an infrastructure to break into it. A security consultant who attempts to use SQL
injec- tions to gather information about an environment using external Web forms and Web applications
is an example of someone conducting external security tests within a database environment.

Black box testing—Black box testing is conducted with no prior knowledge of the system or
infrastructure that is being tested. This testing is most often conducted externally because external
intruders do not typically have prior knowledge of the existing infrastructure. Black box testing can also
be seen as a type of exploratory testing. There is not one specific focus and not all systems will be
tested. A black box test often weighs heavily on gathering information because the ability to gather
information is what provides external intruders a way into the system. Because of this, the test identifies
the most fundamental weaknesses of an infrastructure. Overall, this test will determine just how far
external users can get into the system without
prior knowledge. SQL injections, more specifically, blind loop statements used in SQL
injections, are most often used to obtain information through black box testing.

White box testing—White box testing (target testing) is conducted by an intruder who already
has existing information about the system or the infrastructure. It is also known as targeted testing
because prior knowledge exists and known weaknesses within the infrastructure allow intruders to
focus on specific areas of the infrastruc- ture. The goal is to assess the damage that can be done by
those users who understand the infrastructure they are attempting to intrude; the results will provide a
more comprehensive, thorough picture of specific system weakness than that found in black box testing.
White box testing is most often associated with internal testing. The assumption is that internal users
will most likely have some knowledge of the infra- structure, yet white box testing can be conducted
internally or externally. Consider the external intruder who obtains information by using blind SQL
injections. This intruder has obtained information about the system and can now target an individual
database, or table within a database, based on the information he or she has obtained. Another
example of someone who might have information about a database system and might attempt to
intrude is a disgruntled former employee. These individuals have information about the environment
from their work history and can use this information to aid their efforts to access a system.
One last note to consider about the different categories of testing is the skill sets required to conduct
each type of test. External and black box testing require assessors who hold a more broad and diverse
range of skills. The tester must have a great amount of knowledge of the different network and security
technologies to defeat them and gain access. The tester also needs to be flexible and creative in his or
her attempts because the possibilities and potential for different types and combinations of security
measures are endless. Although a tester should be experienced and flexible, internal or white box
testing can be conducted by some- one with less expertise because these testers have more knowledge
and awareness of the envi- ronment that they are trying to intrude.
The Goal of Security Testing
The general goal of a security assessment within any environment is to test the strength of secu- rity
measures put into place. A security assessment can be conducted to test database security measures
both broad and narrow. It can be used to test an intruder’s potential for breaking into the environment
or to test the appropriateness of the privilege assignment within a particu- lar database. Therefore, the
goals of a security test vary and depend on both the type of test conducted (e.g., black box, external,
white box, internal) as well as the scale for which the test- ing takes place. For example, external black
box tests are often not focused on one particular area of the network because little is known about the
environment, so the goal of these tests is typically to determine how deeply an intruder can obtain
access. In contrast, internal or white box testing involves a specific target within the database
environment, so the goals are likely to be further defined. A security tester may assess the security
measure’s ability to block intruders from obtaining administrative rights to a mission-critical database.
Other common testing goals within a database environment include the ability to block access to the
physical location of the database; retrieve stored, confidential information; use SQL injection to exploit;
escalate privileges within the database; deny users access to their tables and records; destroy
applications or files; and evade an intrusion-detection system.
Testing Methodology
The security testing process, even in its narrowest form, can be a painstakingly time- and resourceintensive process. An unstructured approach to security testing is very ineffective and can result in
wasted resources. Knowing this, even attackers do not conduct their attacks in a haphazard fashion.
Having a clearly defined, well-thought-out standardized testing meth- odology allows an assessor to do
the following:
●●●●
Address resource constraints through prioritization. Decrease the time required for an assessment by
avoiding redundancy. Create an improved picture of security strength using enforced consistent testing.
Communicate recommendations more efficiently by utilizing standardized reports.
Therefore, a structured and methodical approach is greatly beneficial to any organization. This section
identifies a methodical strategy to security assessment and penetration testing using a phased
approach.
Planning and Preparation Phase
In this phase of the security assessment methodology, the assessor defines a scope, gathers information
about potential weak areas of the network, identifies potential attacks, classifies and prioritizes assets,
specifies objectives and goals, and lists resources required.
Defining the Scope The security scope defines the perimeter of the overall security assessment, the
physical and logical area included within the assessment. Areas for security testing can be defined as a
group of systems or applications (e.g., database servers), a department within the organization (e.g.,
Finance), an attack strategy (e.g., injections), and, in some cases such as those scenarios that include
white box testing, the level of access achieved (e.g., privileges escalated). This section identifies the
process for developing a scope, a scope perimeter, and white box and black box scenarios.
As mentioned in the previous sections, due to the resource-intensive nature of security testing, the
scope of a security assessment is often narrow in size. Therefore, in scenarios that include white-boxtype assessments, defining the perimeter of the scope is a pretty straightforward pro- cess. The goal of a
particular security test is the primary factor used for defining the area and tasks included within the
assessment. The white-box-type assessments provide the assessor with information about the
infrastructure prior to testing, so the infrastructure can be used to determine those things that should
be included within the scope. For example, if the goal is to ensure that privileges cannot be escalated by
unauthorized users on the database servers, then the infrastructure can be analyzed and all hardware,
software, and related tasks that the asses- sor needs to utilize in testing would be included within the
scope. All other hardware, software, and unrelated tasks would be considered out of scope.
Defining the scope in a black-box-type assessment scenario is much more difficult. Because little to no
information is given to the assessor prior to the test, the perimeter cannot be defined in terms of the
locations of the systems within the infrastructure unless the target system is completely isolated from
the rest of the network. In these situations, scopes are often defined by analyzing the level of access
achieved by the attacker necessary to achieve the goal of the assessment. Potential intrusions are
analyzed prior to testing and a determination is made as to how much information would need to be
obtained to access differ- ent levels of the infrastructure and subsequently achieve the assessment goal.
The scope bound- ary is then defined in terms of the assessor’s ability to reach this specific depth within
the envi- ronment. For example, consider a scenario in which an exploratory black box test is planned
within an environment where the goal is to ensure that database privileges cannot be obtained by
unauthorized external users. Prior to the test, no information is given, so the scope perimeter is much
broader and is defined as the point at which the assessor either cannot access any more information or
has obtained the escalated privileges. Having information about the infrastruc- ture prior to testing
poses a great advantage to defining the scope perimeter.
Other tasks involved in developing a scope for a security assessment include defining a contract or
service-level agreement, conducting a threat assessment, scheduling an assess- ment, and listing the
resources needed to complete the assessment.
Gathering Information There are two types of information gathering: that which is done prior to the
assessment as a way to prioritize and identify goals and that which is done during the assessment as a
way to identify information leaks within the infrastructure. Infor- mation gathering that occurs during
assessment is also known as information reconnaissance and will be discussed in later sections. This
section explores the information that is often acquired prior to testing. Information that should be
obtained prior to the database security assessment includes the following:

Infrastructure information found in network diagrams and database schematics ●
prioritized set of data storage server and information assets ●
A
Weak areas of the database
infrastructure, those areas lacking sufficient defense ● Areas that have the highest potential for an
attack (sensitive data)

Areas that can offer entry points for intruders ● Potential attack strategies based on
infrastructure or recent and past trends of
intruders
This information can have a big impact on the assessment. Depending on what information is obtained,
this gathering process can change the original course of direction for the assess- ment, help to prioritize
assessments, and dictate the goals of the security assessment. The list just provided is not exhaustive
and the more information that you can obtain about the net- work and security trends, the better the
results of the security assessment. Also, keep in mind that this information is only provided in a white
box scenario; black box scenarios do not offer any information prior to testing.
Much of the preassessment information gathering can be done with the help of network tools available
throughout the industry. For example, port and vulnerability scanning tools can be utilized to identify
open areas of the network, patch configuration levels, and patch known bugs for system versions.
Surveillance cameras can also be used to identify weak- nesses in the physical security of the network.
Execution Phase
In this phase, the actual database security assessment is conducted. The tasks completed here are
dependent on a great number of factors, including the area tested. the type of test being conducted, the
scope of the test, and the priority of a particular test. For instance, an external test that is conducted on
the mission-critical database is going to be quite different from an internal test that is conducted on the
privileges of users. This section covers the techniques of a black box security assessment execution,
from the perspective of an intruder. This is to ensure that the most comprehensive approach is covered.
Keep in mind that not all actions listed within this section are necessary for white-box-type assessments.
Information Reconnaissance The complex nature of today’s network structures works as an advantage
toward the efforts of keeping our environments secure. Intrusion would require much less time and
energy were the environments less varied and multifac- eted. The first step in obtaining access from any
infrastructure is information gathering. Unfortunately for administrators, finding information is much
easier than hiding it. With remote access becoming more necessary, and intrusion aid tools increasing by
the minute, no system infrastructures are completely hidden from the outside world. Given enough time
and resources, some information can be discovered either directly or indirectly from any existing system
or infrastructure. The greatest security defense is time. Security measures that are built strongly enough
to keep intruders busy for long periods of time are more likely to thwart those who are looking for a
quick avenue, and the longer an intruder attempts to access the system, the better chance there is that
security logs will capture their presence. This section discusses information reconnaissance and explores
techniques that intruders use in an attempt to gather information from a system infrastructure.
Information reconnaissance is the process of gathering information either directly (e.g., actively) or
indirectly (e.g., passively) from a system or the system’s environment. There are two types of
information reconnaissance, passive and active.

Passive reconnaissance—Passive reconnaissance involves the use of passive investiga- tion
methods to gather information about a system or an infrastructure indirectly. An example of a passive
reconnaissance attack is a user who utilizes tools such as a network sniffer to obtain information about a
system or network infrastructure.
A network sniffer is a utility that monitors and captures network activity, enabling the owner of the
utility to gain an understanding of the amount, frequency, and type of communication occurring on a
network. A network sniffer combined with a bit of expertise provides a great tool for gathering
information about a network environ- ment, including things like the type of applications that are
running and a general idea of the number of users within a network. Database and SQL sniffers exist that
are intended to help database administrators and developers monitor their own database systems.
These tools can provide unauthorized individuals the means by which to obtain information from the
database without ever having to directly communicate with it. Information gathered through passive
reconnaissance is not necessarily directly applicable, but it provides information that will eventually lead
toward more active information-gathering methodology.

Active reconnaissance—Active reconnaissance involves the use of active investigation methods
to gather information about a system or an infrastructure directly. An exam- ple of an active
reconnaissance attack is a user who sends SQL injections to a system in hopes of generating some type
of error or system response to use to make inferences about the system or environment. Automated
tools are also available that will send pings and packets to systems to initiate a response. Many of these
tools will also make determinations based on system responses they receive, providing data to the user,
such as the current operating system, the services running, the firewall, the applica-
tions, or the topology of an infrastructure.
Active and passive reconnaissance are two very useful methods for gathering information. Pas- sive
reconnaissance requires much more time than active reconnaissance, but it is very difficult to detect.
For both active and passive reconnaissance, several freely downloadable tools are available to aid in the
information-gathering process. Although it offers more information, active reconnaissance can lead to
detection of an intruder on a system. Because it involves active communication with the system, logs
and activity reports can potentially show the identity of an attacker; therefore, the less time spent
actively gathering information, the better.
It is important to point out that information reconnaissance does not always involve technology. Social
engineering can be used as a form of active reconnaissance. A person sitting outside a company warehouse taking notes of incoming and outgoing packages is an exam- ple of a nontechnical application of
passive reconnaissance.
To better understand the concept of passive and active reconnaissance, consider this scenario. A man
decides that he is going to rob the local convenience store. He begins by using passive reconnaissance
methods to gather information about the store security. He sits in his car across the street day after day
taking notes of shift changes, looking for security guards and outdoor cameras. He watches the counter
clerks as they interact with customers, gaining a basic understanding of their personalities, enabling him
to form assumptions as to which clerks are most likely to fight rather than flee. He pays attention to
their routines, finding out when they stock shelves, change the register drawers, and open the safe.
After obtaining enough information about the store security and management from the outside, active
recon- naissance can commence. At this point, he begins to actively shop at the store, taking note of the
position of the internal cameras and talking to the clerks to obtain a better understanding of their
psyche. He takes a closer look at the positioning of the safe, and looks for phones, alert buttons, or any
way that the clerk could call for help. With all of the information gath- ered, the robber can plan his

Purchase answer to see full
attachment

How it works

  1. Paste your instructions in the instructions box. You can also attach an instructions file
  2. Select the writer category, deadline, education level and review the instructions 
  3. Make a payment for the order to be assignment to a writer
  4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades

Continue to order Get a quote
Place your order
(550 words)

Approximate price: $22

Recent Comments

No comments to show.

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 20% with the discount code ESSAYHELP

Get a plagiarism free paper now