Académique Documents
Professionnel Documents
Culture Documents
OBJECTIVES
List functions and roles of data/database administration Describe problems and techniques for data security Understand role of databases in Sarbanes-Oxley compliance Describe problems and facilities for data recovery Describe database tuning issues and list areas where changes can be done to tune the database Describe importance and measures of data availability Securing development and test data
2
Analyzing and designing databases Selecting DBMS and software tools Installing/upgrading DBMS Troubleshooting Tuning database performance Improving query processing performance Managing data security, privacy, and integrity Data backup and recovery
4
policies, procedures, standards Planning Data conflict (ownership) resolution Managing the information repository Internal marketing of DA concepts
Raise
Multiple dissimilar data definitions, causing data integration problems / poor data value Inappropriate data sources and timing, causing lowered reliability Inadequate familiarity, causing ineffective use of data for planning and strategy Accidental deletion or destruction
Poor response time and excessive downtime Unauthorized access, leading to embarrassment to organization
6
Support
decision support applications Manage data warehouse growth Establish service level agreements regarding data warehouses and data marts
7
Theft and fraud Loss of data integrity Loss of availability (e.g., through sabotage) For each, what preventative measures can be taken?
Loss of privacy (personal data) Loss of confidentiality (corporate data) Principal of least privilege Encrypting data in transit (over the wire) Encrypting data at rest (sitting on disk) Protect PII (personally Identifiable Information SSN, Name/Address, Credit Card numbers, etc.) Can be done programmatically Number of vendors that provide elaborate methods mapping real data to fictitious data
10
Production environments
Views or subschemas Integrity controls Authorization rules User-defined procedures Encryption Authentication schemes Backup, journalizing, and checkpointing
11
Views
Subset of the database that is presented to one or more users User given access privilege to view without allowing access privilege to underlying tables Protect data from unauthorized use Domainsset allowable values Assertionsenforce database conditions Triggers prevent inappropriate actions, invoke special handling procedures, write to log files
12
Integrity Controls
AUTHORIZATION RULES
Controls incorporated in the data management system Restrict:
access
Actions
Constraints
Figure 11-4 Authorization matrix
13
AUTHENTICATION SCHEMES
obtain a positive identification of the user Passwords: First line of defense
Goal
Should
be at least 8 characters long Should combine alphabetic and numeric data Should not be complete words or personal information Should be changed frequently
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
14
Authentication
can be flawed:
Passwords
Users
share them with each other They get written down, could be copied Automatic logon scripts remove need to explicitly type them in Unencrypted passwords travel the Internet
Possible
Two
solutions:
factore.g., key FOB, plus PIN Three factore.g., smart card, biometric, PIN
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
15
The process by which changes to operational systems and databases are authorized For database, changes to: schema, database configuration, updates to DBMS software Segregation of processes: development, test, production
16
controls
Physical
access controls
Swipe cards, equipment locking, check-out procedures, screen placement, laptop protection
17
DATABASE RECOVERY
Mechanism for restoring a database quickly and accurately after loss or damage Recovery facilities:
JOURNALIZING FACILITIES
Audit trail of transactions and database updates Transaction logrecord of essential data for each transaction processed against the database Database change logimages of updated data Before-imagecopy before modification After-imagecopy after modification
20
21
cannot be subdivided
Consistent
Constraints
dont change from before transaction to after transaction changes not revealed to users until after transaction has completed changes are permanent
22
Isolated
Database
Durable
Database
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
23
24
a multi-user environment, simultaneous access to data can result in interference and data loss (lost update problem) SolutionConcurrency Control
process of managing simultaneous operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multiuser environment Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
The
25
Simultaneous access causes updates to cancel each other. A similar problem is the inconsistent read problem.
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
26
Serializability
Locking Mechanisms
The
most common way of achieving serialization Data that is retrieved for the purpose of updating is locked for the updater No other user can perform update until unlocked
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
27
LOCKING MECHANISMS
Locking level:
Databaseused during database updates Tableused for bulk updates Block or pagevery commonly used Recordonly requested row; fairly commonly used Fieldrequires significant overhead; impractical Shared lockRead but no update permitted. Used when just reading to prevent another user from placing an exclusive lock on the record Exclusive lockNo access permitted. Used when preparing to update
29
Types of locks:
DBMS Installation
Setting installation parameters Set cache levels Choose background processes Data archiving
Use striping Distribution of heavily accessed files CPU Usage Monitor CPU load / competing processes
Application tuning
Modification of SQL code in applications Use of heartbeat queries (aka health tests)
30
COST OF DOWNTIME
DATA AVAILABILITY
tolerance Loss of datadatabase mirroring Human errorstandard operating procedures, training, documentation Maintenance downtimeautomated and nondisruptive maintenance utilities Network problemscareful traffic monitoring, firewalls, and routers (intrusion detection systems)
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
32
33