PRESENTED BY :KIRAN BALA
Authentication and Authorization
Authentication process
 In the authentication process, the identity of users is checked for
providing access to the system.
 While in the authorization process, a person’s or user’s authorities are
checked for accessing the resources.
 Authentication is done before the authorization process, whereas the
authorization process is done after the authentication process.
Access control
 Access control is done by creating user accounts and to control login
process by the DBMS. So, that database access of sensitive data is
possible only to those people (database users) who are allowed to
access such data and to restrict access to unauthorized persons.
The database system must also keep the track of all operations
performed by certain user throughout the entire login time.
Access Control
 Access control is the combination of policies and technologies that
•
•
•
•
decide which authenticated users may access which resources.
Security requirements, infrastructure, and other considerations lead
companies to choose among the four most common access control
models:
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Privileged Access Management (PAM)
Mandatory Access Control (MAC)
 The operating system in MAC will provide access to the user based
on their identities and data. For gaining access, the user has to
submit their personal information. It is very secure because the rules
and restrictions are imposed by the admin and will be strictly
followed. MAC settings and policy management will be established
in a secure network and are limited to system administrators.
MAC CONT
 MAC works by applying security labels to resources and individuals.
These security labels consist of two elements:
• Classification and clearance — MAC relies on a classification system
(restricted, secret, top-secret, etc.) that describes a resource’s
sensitivity. Users’ security clearances determine what kinds of
resources they may access.
• Compartment — A resource’s compartment describes the group of
people (department, project team, etc.) allowed access. A user’s
compartment defines the group or groups they participate in.
Examples::
 MAC originated in the military and intelligence community. Beyond the
national security world, MAC implementations protect some companies’
most sensitive resources. Banks and insurers, for example, may use MAC
to control access to customer account data.
Adv & Disadv.
 Advantages of MAC
• Enforceability — MAC administrators set organization-wide policies
•

•
•
that users cannot override, making enforcement easier.
Compartmentalization — Security labels limit the exposure of each
resource to a subset of the user base.
Disadvantages of MAC
Collaboration — MAC achieves security by constraining
communication. Highly collaborative organizations may need a less
restrictive approach.
Management burden — A dedicated organizational structure must
manage the creation and maintenance of security labels.
Discretionary Access Control (DAC)
 DAC mechanisms will be controlled by user identification such as username
and password. DAC is discretionary because the owners can transfer objects
or any authenticated information to other users. In simple words, the owner
can determine the access privileges.
 Attributes of DAC –
1. Users can transfer their object ownership to another user.
2. The access type of other users can be determined by the user.
3. Authorization failure can restrict the user access after several failed attempts.
4. Unauthorized users will be blind to object characteristics called file size,
directory path, and file name.
DAC CONT.
 Advantages of DAC
• Conceptual simplicity — ACLs pair a user with their access privileges. As long as
•

•
•
•
the user is in the table and has the appropriate privileges, they may access the
resource.
Responsiveness to business needs — Since policy change requests do not need
to go through a security administration, decision-making is more nimble and aligned
with business needs.
Disadvantages of DAC
Over/underprivileged users — A user can be a member of multiple, nested
workgroups. Conflicting permissions may over- or under privilege the user.
Limited control — Security administrators cannot easily see how resources are
shared within the organization. And although viewing a resource’s ACL is
straightforward, seeing one user’s privileges requires searching every ACL.
Compromised security — By giving users discretion over access policies, the
resulting inconsistencies and missing oversight could undermine the organization’s
security posture.
Role-Based Access Control (RBAC)
 Role-based access control grants access privileges based on the work
that individual users do. A popular way of implementing “least privilege‚
policies, RBAC limits access to just the resources users need to do
their jobs.
 Implementing RBAC requires defining the different roles within the
organization and determining whether and to what degree those roles
should have access to each resource.
Adv & Disadv
 Advantages of RBAC
• Flexibility — Administrators can optimize an RBAC system by assigning users to multiple roles,
creating hierarchies to account for levels of responsibility, constraining privileges to reflect business
rules, and defining relationships between roles.
• Ease of maintenance — With well-defined roles, the day-to-day management is the routine onboarding, off-boarding, and cross-boarding of users’ roles.
• Centralized, non-discretionary policies — Security professionals can set consistent RBAC policies
across the organization.
• Lower risk exposure — Under RBAC, users only have access to the resources their roles justify,
greatly limiting potential threat vectors.
 Disadvantages of RBAC
• Complex deployment — The web of responsibilities and relationships in larger enterprises makes
defining roles so challenging.
• Balancing security with simplicity — More roles and more granular roles provide greater security, but
administering a system where users have dozens of overlapping roles becomes more difficult.
• Layered roles and permissions — Assigning too many roles to users also increases the risk of overprivileging users.
SQL INJECTION
 SQL injection is a technique used to extract user data by injecting web
page inputs as statements through SQL commands. Basically, malicious
users can use these instructions to manipulate the application’s web
server.
1. SQL injection is a code injection technique that can compromise your
database.
2. SQL injection is one of the most common web hacking techniques.
3. SQL injection is the injection of malicious code into SQL statements via
web page input.
CONT.
 Web servers communicate with database servers anytime they need to
retrieve or store user data.
 SQL statements by the attacker are designed so that they can be
executed while the web server is fetching content from the application
server.
 It compromises the security of a web application.
Example of SQL Injection
 Suppose we have an application based on student records. Any student
can view only his or her own records by entering a unique and private
student ID.
Student id: The student enters the following in the input
field: 12222345 or 1=1.
Query:
SELECT * from STUDENT where STUDENT-ID == 12222345 or 1
= 1
Now the malicious can use the ‘=’ operator
in a clever manner to retrieve private and
secure user information.
Select * from User where (Username = “” or 1=1) AND
(Password=”” or 1=1).
Since 1=1 always holds true, user data is compromised.
Impact of SQL Injection
 The hacker can retrieve all the user data present in the database such as
user details, credit card information, and social security numbers, and
can also gain access to protected areas like the administrator portal. It is
also possible to delete user data from the tables.
 Nowadays, all online shopping applications and bank transactions use
back-end database servers. So in case the hacker is able to exploit SQL
injection, the entire server is compromised.

Preventing SQL Injection
• User Authentication: Validating input from the user by pre-defining
length, type of input, of the input field and authenticating the user.
• Restricting access privileges of users and defining how much amount of
data any outsider can access from the database. Basically, users should
not be granted permission to access everything in the database.
• Do not use system administrator accounts
INTRUSION DETECTION
 It is software that checks a network or system for malicious activities or
policy violations. Each illegal activity or violation is often recorded
 The intrusion detector learning task is to build a predictive model (i.e. a
classifier) capable of distinguishing between ‘bad connections’
(intrusion/attacks) and ‘good (normal) connections’.
How does an IDS work?
• An IDS (Intrusion Detection System) monitors the traffic on a computer
•
•
•
•
network to detect any suspicious activity.
It analyzes the data flowing through the network to look for patterns
and signs of abnormal behavior.
The IDS compares the network activity to a set of predefined rules and
patterns to identify any activity that might indicate an attack or
intrusion.
If the IDS detects something that matches one of these rules or
patterns, it sends an alert to the system administrator.
The system administrator can then investigate the alert and take action
to prevent any damage or further intrusion.
System
IDS are classified into 5 types:
• Network Intrusion Detection System (NIDS): Network intrusion
detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It performs
an observation of passing traffic on the entire subnet and matches the
traffic that is passed on the subnets to the collection of known attacks.
Once an attack is identified or abnormal behavior is observed, the alert
can be sent to the administrator. An example of a NIDS is installing it on
the subnet where firewalls are located in order to see if someone is
trying to crack the firewall.
CONT.
Host Intrusion Detection System (HIDS):
 Host intrusion detection systems (HIDS) run on independent hosts or
devices on the network. A HIDS monitors the incoming and outgoing
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If the
analytical system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen on
mission-critical machines, which are not expected to change their layout
CONT.
CONT..
• Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection
system (PIDS) comprises a system or agent that would consistently reside at the front end
of a server, controlling and interpreting the protocol between a user/device and the
server. It is trying to secure the web server by regularly monitoring the HTTPS protocol
stream and accepting the related HTTP protocol. As HTTPS is unencrypted and before
instantly entering its web presentation layer then this system would need to reside in this
interface, between to use the HTTPS.
• Application Protocol-based Intrusion Detection System (APIDS): An application
Protocol-based Intrusion Detection System (APIDS) is a system or agent that generally
resides within a group of servers. It identifies the intrusions by monitoring and
interpreting the communication on application-specific protocols. For example, this
would monitor the SQL protocol explicitly to the middleware as it transacts with the
database in the web server.
• Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the
combination of two or more approaches to the intrusion detection system. In the hybrid
intrusion detection system, the host agent or system data is combined with network
information to develop a complete view of the network system. The hybrid intrusion
detection system is more effective in comparison to the other intrusion detection system.
Prelude is an example of Hybrid IDS.
Benefits of IDS
• Detects malicious activity: IDS can detect any suspicious activities and
alert the system administrator before any significant damage is done.
• Improves network performance: IDS can identify any performance
issues on the network, which can be addressed to improve network
performance.
• Compliance requirements: IDS can help in meeting compliance
requirements by monitoring network activity and generating reports.
• Provides insights: IDS generates valuable insights into network traffic,
which can be used to identify any weaknesses and improve network
security.
Detection Method of IDS
1. Signature-based Method: Signature-based IDS detects the attacks on the
basis of the specific patterns such as the number of bytes or a number of
1s or the number of 0s in the network traffic. It also detects on the basis of
the already known malicious instruction sequence that is used by the
malware. The detected patterns in the IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern
(signature) already exists in the system but it is quite difficult to detect
new malware attacks as their pattern (signature) is not known.
2. Anomaly-based Method: Anomaly-based IDS was introduced to detect
unknown malware attacks as new malware is developed rapidly. In
anomaly-based IDS there is the use of machine learning to create a
trustful activity model and anything coming is compared with that model
and it is declared suspicious if it is not found in the model. The machine
learning-based method has a better-generalized property in comparison
to signature-based IDS as these models can be trained according to the
applications and hardware configurations.
Conclusion:
 Intrusion Detection System (IDS) is a powerful tool that can help
businesses in detecting and prevent unauthorized access to their
network. By analyzing network traffic patterns, IDS can identify any
suspicious activities and alert the system administrator. IDS can be a
valuable addition to any organization’s security infrastructure, providing
insights and improving network performance.