Internet requirements set the stage for new database security designs

Internet requirements set the stage for new database security designs

Security in the Internet age is a two-way street: Agencies need to respect confidentiality while resisting unauthorized access.

With regard to databases, this manifests itself in several ways.

One strategy, called defense in depth, moves vital data as far as possible from access points. A typical arrangement uses intermediate databases to stage data, particularly data from legacy systems. In such a system, users have access to the front-end database and, through that database, can make queries of back-end systems. But they cannot directly access or modify those back-end systems.

The approach kills two birds with one stone. Staging the data from an intermediate server is simpler than rewriting your mainframe application for Web access. And the separation of the accessible data server from the inaccessible data store adds security.

Wild data

Mobile workers present another security concern. While supporting field personnel with chunks of database data, don't forget that the data is now out in the wild. You must take appropriate encryption precautions to keep that data secure and confidential, but these procedures should not interfere unduly with replicating the data to and from the mobile user.

Of course, databases themselves have a variety of security features, including internal encryption and authentication of users. Government databases must often have a National Security Agency rating of C2 or above'C2 being the minimum rating required by most government agencies.

Most of the major databases do have a C2 rating, including versions of IBM DB2 and those from Informix Corp., Oracle Corp. and Sybase Corp. And some versions of Informix , Oracle and Sybase databases have earned the more stringent B1 rating.

The situation for Microsoft Corp. products is a little more complicated. Windows NT 4.0 has the C2 rating, but the company's SQL Server does not.

'Because of the tight relationship between NT and SQL Server, Microsoft had felt that it wasn't necessary to pursue the C2 rating,' said Karen Watterson, editor of SQL Server Professional. But Microsoft recently announced that it is submitting SQL Server 7.0 to Science Applications International Corp. for C2 evaluation.

'Edmund X. DeJesus


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected