IS unit 3 notes

What is Database Security?

•Database Security means protecting the database and the data inside it from:

Unauthorized access (people who shouldn't see it)

Data loss or corruption (due to errors or attacks)
Hacking or theft (like stealing passwords or records)

It ensures that only the right people can access or change the data, and it stays safe and private.

Why is Database Security Important?

Databases store sensitive information like:

Names, passwords, phone numbers
Bank details
Business records If someone steals or deletes this data, it can cause huge problems like:

Identity theft
Business losses
Legal issues

So, database security helps in keeping data safe, correct, and available.

Main Security Threats to Databases

1. Unauthorized Access – Hackers or even insiders trying to view or change data without
permission.

2. SQL Injection Attack – A trick where hackers put harmful code into input fields (like login forms)
to access data.

3. Malware – Viruses that damage or steal data.

4. Insider Misuse – A staff member misuses their access.

5. Loss or Theft of Backup – If backups are not secure, anyone can copy the database.

6. DoS Attacks (Denial of Service) – Attackers crash the database server by overloading it.

Methods to Secure a Database

 Access Control :-Gives permission to only certain users
Authentication :-Checks identity (like login password or OTP)
Encryption:- Changes data into secret code (AES, RSA, etc.)
SQL Injection Prevention :-Filters harmful input in search or login forms
Backups :-Keeps extra safe copies of the database
Audit Logs :-Tracks who did what and when
Role-Based Access:- Users only get the access they need for their job.

Example:

In a school database:

•A student can only see their own result.

•A teacher can upload marks of their students.

•An admin can view or change everything.

Database security makes sure that:

Students cannot see or edit others' marks.

Hackers cannot break in and steal data.

What is Network Security?

•Network Security means protecting computer networks (like internet or Wi-Fi connections) from:

Unauthorized access
Misuse
Hacking
Data theft
Attacks (like viruses or DoS)

•It ensures that the devices, data, and communications in a network stay safe and secure.

Why is Network Security Important?

Because we use networks to:

Share files
Access the internet
Send emails
Store and transfer personal or business data

If the network is not secure, hackers can:

Steal or change data

 Install malware
Crash the system

Common Threats to Network Security

1. Hackers – People trying to break into the network.

2. Viruses and Worms – Harmful programs that spread through networks.

3. Phishing – Fake emails or links to steal passwords.

4. Denial of Service (DoS) – Attacks that shut down the network.

5. Man-in-the-Middle Attacks – Attackers secretly read or change data during communication.

6. Sniffing – Stealing data being transferred through the network.

Network Security Techniques

Firewall :-Blocks unauthorized access to the network

Antivirus Software :-Detects and removes viruses
Encryption :-Secures data during transmission
Intrusion Detection System (IDS) :-Detects unusual activity or attacks
Virtual Private Network (VPN) :-Creates a private, secure internet connection.
Strong Passwords :-Prevents easy access by hackers
Access Control :-Only trusted users are allowed in.

Example:

In a college network:

Only students and teachers can access the college Wi-Fi.

Passwords and firewalls protect the system.

Antivirus software runs on all systems. This is network security in action.

Goal of Network Security

To ensure:

Confidentiality – Data is not seen by the wrong people.

Integrity – Data is not changed without permission.
Availability – Network is up and working for authorized users.

What is Database Integration?

•Database Integration means combining data from different databases or sources into a single,
unified system.
•The goal is to make data management easier, ensure data consistency, and allow smooth data
sharing between departments or systems.

Why is Database Integration Needed?

To avoid duplicate data

To ensure all departments have access to the same updated data
To make reporting and analysis easier
To allow centralized control and security

Example:

In a college system, different departments have their own databases:

•Library system (book issues/returns)

•Hostel system (room details)

•Student records (marks, attendance)

With integration, all of this data is combined so the admin can see everything about a student in
one place.

Types of Database Integration:

1. Manual Integration – Data is collected manually from different sources.

2. Application-based Integration – A software tool fetches and joins data.

3. Middleware Integration – Special programs (middleware) connect and exchange data between
systems.

4. Uniform Database – All data is moved into a single, new database structure.

Benefits of Database Integration:

Better decision-making
Data accuracy
Faster data access
Saves time and effort
Improved coordination between departments

What is Database Secrecy?

•Database Secrecy means protecting the data stored in a database from unauthorized access.

•It ensures that only authorized users can view, update, or delete the data.

•In simple words, keeping the data private and safe from hackers or people who shouldn't see it.

Why is Database Secrecy Important?

Because databases often store sensitive information like:

Personal details (name, address, contact)

Financial data (bank account, credit card)
Health records
Business secrets

If this data is leaked or stolen, it can cause serious problems like:

Identity theft
Loss of trust
Legal actions

Techniques to Maintain Database Secrecy:

Access Control :-Gives permission only to selected user

User Authentication:- Checks identity through passwords, OTP, etc
Data Encryption :-Converts data into secret code using algorithms (AES, RSA)
Role-Based Access :-Allows access based on user's job (e.g., admin, teacher
Data Masking :-Hides real data from test users or outsider
Audit Logs:- Tracks who accessed or changed the data

Example:

In a hospital database:

Only doctors can see patient records.

Receptionist can see only appointment details.

Hackers or outsiders cannot access anything.

This is how secrecy is maintained in real systems.

Goals of Database Secrecy:

1. Confidentiality – Data is not seen by unauthorized users

2. Integrity – Data is accurate and not changed wrongly

3. Availability – Data is available to the right users when needed

What are Inferential Controls?

•Inferential controls are security techniques used in databases to prevent users from guessing
(inferring) sensitive data by analyzing available non-sensitive data.

•Even if some data is not directly shown (like someone's salary), a user might try to infer it by
combining or comparing different allowed queries.

•So, inferential controls stop users from making such indirect guesses.

Example:

Let’s say a college database hides students' individual marks but allows queries like:

"What is the average mark of students in Class A?"

Now if a class has only one student, the average = student’s mark, and secrecy is broken.

Why Are Inferential Controls Important?

To protect sensitive data even when only general data is shown

To avoid indirect leakage through smart guessing
To enhance database security and user privacy

Techniques of Inferential Control:

Query Restriction :-Blocks queries that return results from very few records (like 1 or 2
people
Noise Addition :-Adds random small errors to data (e.g., +/- 2 marks) to hide exact value
Data Suppression:- Hides or removes some query answers to prevent inferenc
Rounding :-Rounds off numerical answers (e.g., salary = 50,000 becomes ~50K
Audit Logs:- Tracks unusual query patterns that may lead to inference

What is Sensitive Data?

•Sensitive data refers to important personal or confidential information that must be protected
from unauthorized access because it can cause harm or loss if leaked or misused.
Types of Sensitive Data:

Personal Data :-Name, address, phone number, Aadhaar numbe

Financial Data :-Bank details, credit card numbers, incom
Health Data:- Medical records, health reports, prescription
Login Credentials:- Usernames, passwords, security question
Business Data:- Trade secrets, employee records, client lists

Why is Sensitive Data Important to Protect?

To prevent identity theft

To avoid financial fraud
To maintain privacy
To comply with laws (like GDPR, HIPAA)
To protect an organization’s reputation

How to Protect Sensitive Data:

Encryption :-Converts data into secret cod

Access Control :-Only specific people can access the data
Data Masking :-Hides part of the data (e.g., ****1234)
Secure Login :-Uses passwords, OTPs, biometrics
Regular Audits:- Tracks who accessed or modified the data

Example:

In a college system:

A student's marksheet, ID number, and address are sensitive. Only the student and the admin
should have access—not everyone.
 IS unit 3 notes

What is Inference in Database Security?

•Inference means figuring out secret or sensitive information by using non-sensitive or allowed
data.

•Even if a user is not allowed to see private data, they may still try to guess (infer) it using smart
queries or combining publiMultilevel Database – Explained Simply

Simple Example:

A college allows this query:

> "What is the average marks of students in Class A?"

If Class A has only 1 student, then the average = that student’s marks, which is private.

So, even though the student’s marks are not directly shown, they can be inferred.

Why Is Inference a Problem?

It breaks privacy rules

It can lead to leakage of sensitive data
It is hard to detect because the user is using allowed queries

Types of Inference Attacks:

•Direct Inference :-Getting secret info by directly combining visible data

•Indirect Inference :-Using statistics or repeated queries to guess the info

How to Prevent Inference:

•Query Restrictions :-Blocks queries with too few records (e.g., 1 person)
•Noise Addition :-Adds small errors to hide exact results
•Data Suppression:- Hides results that might leak private data
•Audit Logs:- Monitors suspicious query activity

What is a Multilevel Database?

•A Multilevel Database is a type of secure database system where different users have different
access levels based on their security clearance.

•It stores data at multiple classification levels (like confidential, secret, public), and only allows
users to see what they are authorized to see.

Example:

In a government database:

Public user can see general information

Officer can see confidential data
Minister can access top secret data

Each user sees only the data they are allowed, even though all data is stored in one system.

Main Components:

Subjects (users):- The people or systems who access the databas

Objects (data items) :-The information stored in the database
Security Levels :-Classification like Public, Confidential, Secret
Access Rules:- Control who can see or modify what

Security Models Used:

Bell-LaPadula Model (for confidentiality)

Biba Model (for integrity)

Benefits:

Protects sensitive data from unauthorized access

Allows data sharing while maintaining security
Supports military, government, and secure businesses

Challenges:

Complex design and maintenance

Slower performance due to strict controls
Requires strong access policies

Proposals for Multilevel Security (MLS)

•Multilevel Security (MLS) systems aim to protect information of different sensitivity levels and
control access based on a user’s security clearance.

•Several proposals and models have been developed to implement and improve MLS, especially in
databases and operating systems.

1. Bell-LaPadula Model (Confidentiality-Focused)

Main Idea: Prevent users from accessing or leaking confidential information.

Rules:

•No Read Up (NRU) – A user can’t read data above their clearance.

•No Write Down (NWD) – A user can’t write data to a lower level.

Use: Widely used in military and government systems.

2. Biba Model (Integrity-Focused)

Main Idea: Protect data from being modified by unauthorized users.

Rules:

•No Read Down (NRD) – A user can’t read data from a lower level.

•No Write Up (NWU) – A user can’t write data to a higher level.

Use: Useful in financial and medical systems where data accuracy matters.

3. Clark-Wilson Model (Commercial Use)

Focuses on data integrity and separation of duties.

Uses well-formed transactions and certified procedures to access data.
Good for business and banking systems.

4. Role-Based Access Control (RBAC)

Access is based on a user's role in the organization.

Roles are assigned specific permissions.
Easy to manage in large organizations.

5. Lattice-Based Access Control (LBAC)

Defines a lattice structure of security levels.

Access decisions are based on a dominance relationship.
Supports flexible and fine-grained access control.
6. Polyinstantiation

Stores multiple versions of the same data at different levels.

Prevents users from knowing restricted data exists.
Example: Two users see different versions of the same record based on clearance.

7. Secure Operating Systems & Database Models

Proposals to embed MLS controls into OS or DBMS.

Examples:
Trusted Database Management Systems (TDBMS)
Security-Enhanced Linux (SELinux)

What is Network Security?

Network security means protecting a computer network and the data flowing through it from
unauthorized access, misuse, hacking, data theft, or damage.

It ensures that:

Only authorized users can access the network

Data stays private and correct
The system works smoothly without being attacked

Main Goals of Network Security:

Confidentiality :-Keep data private (e.g., encryption)

Integrity:- Ensure data is not changed by unauthorized users
Availability :-Keep the network and services running properly
Authentication:- Verify who is accessing the system.
Access Control:- Allow only permitted users or devices.

Common Network Threats:

Hacking:- Gaining unauthorized access

Phishing :-Tricking users to steal passwords or data
Viruses/Worms:- Malicious software spreading through networks
Man-in-the-middle :-Attacker intercepts data between two parties
Denial of Service (DoS):- Overloading a network to stop it from working

Security Techniques & Tools:

Firewalls :-Blocks unauthorized traffic

Antivirus/Antimalware :-Detects and removes harmful software
 Encryption :-Hides data from attackers (e.g., HTTPS, VPNs)
User Authentication:- Passwords, biometrics, or OTP to confirm identity
Intrusion Detection System (IDS):- Monitors for suspicious activities
Virtual Private Network (VPN) :-Secures connections over the internet

Best Practices for Network Security:

Use strong passwords

Keep software and systems updated
Don’t click unknown links or downloads
Enable firewalls and antivirus
Use VPNs on public Wi-Fi
Regularly back up important data

What are Network Threats?

Network threats are any actions or events that can harm, steal, disrupt, or damage a computer
network or the data being sent across it.

Types of Network Threats:

1. Unauthorized Access

Someone enters a network or system without permission

Example: Hackers breaking into Wi-Fi

2. Phishing Attacks

Fake emails or websites trick users into giving passwords or personal info
Example: “Your bank account is locked” emails

3. Viruses and Worms

Malicious software that spreads across the network

Can damage files, slow systems, or steal data

4. Man-in-the-Middle (MitM) Attack

An attacker secretly intercepts communication between two users

Example: Reading your login details during a public Wi-Fi session

5. Denial of Service (DoS) Attack

The attacker overloads a server or network so it can’t respond to users

Makes the website or app unavailable

6. Sniffing (Eavesdropping)
 Monitoring or capturing data packets flowing over a network
Often done on unsecured (open) Wi-Fi

7. Spoofing

Pretending to be another device or user to gain access

Example: Fake IP address or website

8. Ransomware

Malware that locks your files and asks for money to unlock them

9. SQL Injection

Attacker puts harmful code into a website’s form to steal or delete data

10. Zero-Day Attack

An attacker uses newly discovered vulnerabilities before the software developer can fix them

What is Network Security Control?

Network security control means all the steps and tools used to protect a network from hackers,
viruses, and unauthorized access. These controls help to keep:

Your data safe and private

The network running smoothly
Only the right people can access certain information

Types of Network Security Controls (with Explanation):

1. Physical Controls

These are protections for the hardware (computers, servers, cables).

Example: Locking a server room so that no outsider can touch the networking equipment.
Other examples: CCTV cameras, ID cards, biometric systems (fingerprint, face scan)

2. Technical Controls

These are software or hardware-based tools that protect your network.

Firewall: Like a security guard – blocks harmful data from entering your network.
Antivirus: Detects and removes viruses and malware.
 Encryption: Changes data into a secret code so that even if someone steals it, they can’t
read it.
VPN: Makes your internet connection private and secure, even on public Wi-Fi.
IDS (Intrusion Detection System): Monitors the network and gives alerts if it finds anything
suspicious.

3. Administrative Controls

These are rules and policies made by organizations to ensure network safety.
Example: A rule that all users must change their passwords every month.
Other examples:
Training employees not to click on unknown links
Giving limited access to new employees
Regular audits to check for risks

Other Important Controls:

Authentication: Confirms a user’s identity (like password, OTP, fingerprint).

Access Control: Only the right person can access specific files or data.
Audit Logs: Keeps a record of who did what and when on the network.
Backup and Recovery: If data is lost due to an attack, a backup helps to restore it.
Patch Updates: Fixing software bugs and updating security regularly.

Why Are These Controls Important?

Because they:

Protect important data

Keep the network working
Help detect and stop cyber-attacks
 IS unit 3 notes

What is a Firewall?

•A firewall is like a security guard between your computer/network and the outside world (like the
internet).
•It monitors, filters, and blocks unwanted or dangerous traffic based on rules.

Purpose of a Firewall:

Blocks hackers and viruses

Prevents unauthorized access
Controls what goes in and out of your network
Protects sensitive data

Types of Firewalls:

Packet-Filtering Firewall:- Checks each packet of data and allows or blocks it

Stateful Firewall :-Remembers active connections and checks data more deeply
Proxy Firewall :-Acts as a middleman between your computer and the internet
Next-Gen Firewall (NGFW):- Advanced firewall with extra features like antivirus, intrusion
detection

How It Works (Simple Steps):

1. You try to access a website

2. Firewall checks if the site is safe or not

3. If safe → lets it in

4. If unsafe → blocks it

Firewall Examples:

Windows Defender Firewall (built-in in Windows)

 Hardware firewalls in routers
Firewalls in antivirus software
Enterprise firewalls in offices or data centers (e.g., Cisco ASA, FortiGate)

Why Firewalls are Important:

Prevent cyber attacks

Stop unauthorized users
Maintain network privacy and control
Filter dangerous or unwanted websites

What is an Intrusion Detection System (IDS)?

•An Intrusion Detection System (IDS) is like a watchman or security alarm for a network or
computer system.
•It keeps an eye on all the activity and gives a warning if it sees anything suspicious or
unauthorized.

Main Purpose of IDS:

To detect attacks or strange behavior in a network.

To alert the system administrator (but not block).
To help analyze and respond to security threats.

How IDS Works (Simple Steps):

1. Monitors network traffic or system activity continuously.

2. Compares data with a list of known attacks or rules.

3. If it finds something suspicious, it sends an alert.

4. Admins then take action (block, investigate, etc.).

Detection Methods:

1. Signature-Based Detection:

Detects attacks by matching with known patterns (signatures).

Fast but can’t detect new attacks.

2. Anomaly-Based Detection:
 Detects unusual behavior (e.g., a user logging in at midnight).
Can catch new attacks but may give false alarms.

Example:

Someone tries to log in many times with the wrong password.

IDS sees this as strange (possible hacking).
It sends an alert to the admin.

Why IDS is Important:

Early warning system for threats

Helps detect malware, hacking, and unauthorized access
Useful in large networks where manual checking is impossible

Types of Intrusion Detection Systems (IDS):

1. Network-Based IDS (NIDS)

Monitors: Entire network traffic.

Location: Placed at key points like routers or switches.
Purpose: Detects suspicious activity across multiple devices.
Example: Detecting if a hacker is scanning ports on different computers.

2. Host-Based IDS (HIDS)

Monitors: One specific computer or device.

Checks: System files, logs, processes, and configurations.
Purpose: Detects attacks or unauthorized changes on that machine.
Example: Noticing if someone modifies important system files on a server.

3. Signature-Based IDS

Works like an antivirus: It checks traffic against known patterns of attacks (signatures).
Good for: Detecting known attacks quickly.
Limitation: Can’t detect new or unknown threats.
Example: Detecting a virus that’s already in the database.

4. Anomaly-Based IDS
 Learns normal behavior of the system or user.
Detects anything unusual (e.g., logging in at odd hours).
Good for: Catching new or unknown attacks.
Limitation: Can give false alarms.
Example: Alerting if a user uploads a huge file at midnight.

5. Hybrid IDS

Combines both: Signature and Anomaly-Based methods.

Advantage: More accurate and powerful detection.
Used in: Modern and enterprise-level security systems.

What is Secure Email?

•Secure email is a way of sending and receiving emails in a safe and private manner, so that:

Only the intended person can read the message

The email content is not changed
You can trust who sent the email

Why Secure Email is Important:

To protect personal or sensitive information

To prevent hackers or attackers from reading your emails
To avoid email spoofing (fake senders)
To ensure privacy in communication (like banking, health, work emails)

Main Features of Secure Email:

1. Encryption:

Converts your email into secret code

Only the receiver with the correct key can read it

2. Digital Signature:

Confirms that the email really came from the sender

Ensures the content was not changed

3. Authentication:

Verifies the identity of sender and receiver

Methods to Make Email Secure:

PGP (Pretty Good Privacy):- Encrypts email using public/private keys

S/MIME (Secure/Multipurpose Internet Mail Extensions):- Encrypts and signs emails
TLS (Transport Layer Security):- Protects email in transit (between servers)
Email Filters & Spam:- Checkers Blocks phishing and junk mail

Examples of Secure Email Providers:

ProtonMail
Tutanota
Zoho Mail (with encryption options)
Gmail (uses TLS, but not end-to-end by default)