Oracle DBMS - Keep Your Database Safe From Intrusions At All Network Levels
You've probably often heard that security is a multi-layered or multi-level concept, and that protection at all layers is essential for keeping your database secure. But beyond the database itself, you may wonder what the specific layers are that you and the other IT staff you work with should be concerned about.
Moving from the most abstract to the most specific, we define the major levels of network security as:
- Policy level. This is all about planning, strategy, and decision-making. At this level, organizations define their security needs and make rules designed to meet those needs.
- Physical level. This pertains to the physical security of your network-s components. It includes the obvious—physically controlling access to workstations, servers, and network devices such as firewalls, routers, and switches. It also includes preventing unauthorized persons from obtaining physical possession of or access to the network cable (or, in the case of wireless networking, airwaves). Finally, it involves protecting network information that's in hard copy form, such as written password lists and network diagrams, as well as smart cards, tokens, keys to removable hard disks, backup tapes, CDs, and anything else that pertains to your network.
- Perimeter level. This involves stopping unauthorized persons or data from entering your local network from across the internet, through the phone lines, or other outside locations. The most obvious manifestation of perimeter security is the firewall, but it also includes network access controls in the form of logon authentication, intrusion detection systems, network-based anti-virus systems, network-based spam filtering, remote access quarantine controls and similar methods of keeping undesirable packets out of the network.
- Host level. This includes security mechanisms designed to protect individual systems, such as host-based firewalls, host-based IDS and anti-virus programs, operating system hardening and security patches, and securing individual applications.
- Data level. This pertains to security of the data stored in your database, the computer's file system, or data sent across the network, and includes encryption technologies, third-party disk/partition encryption, and IPSec encryption to protect data in transit. It also includes folder and file level access controls.
By implementing security at multiple levels (preferably at all of the levels listed), you avoid the dangers of a single point of failure when it comes to protecting your data.