HMINE321TUTORIAL QUESTIONS

QUESTION 1
OUTLINE THE CHARACTERISTICS OF THE FOLLOWING DATABASE MODELLING:
i) Stress field modelling
To create a model for the lithospheric stress a functional geodatabase is required which contains spatial
and geodynamic parameters.
Geodatabase is a digital structural geological map and usually contains enough attributes to create a
stress field model.
More accurate applications are used which can produce 3D stress vectors from a kml file to be used for
engineering purposes.
The application logic is implemented on top of a spatially aware relational database management
system. This in turn allow for rapid and geographically accurate analysis of the imported geological
features, taking advantage of standardised spatial algorithms and indexing.

ii) Rock mass modelling

For a realistic Rock Mass Model the numerical model should be able to capture the main characteristics
of the rock mass and meanwhile control the computational cost within a reasonable range.
a) Data Collection
b) The mathematical treatment or the processing of the measured data is the most important part of
the generation of the discontinuity model.
c) Generation of Rock mass Models, 3D geometrical model can be generated which represents the
rock mass model as an entity
d) Refinement of the simulated realizations by comparison with measured data
iii) Ore body modelling
The aim of orebody modelling is to replicate the reality of orebody as closely as possible using available
information. It aims to replicate geological surfaces, orebody shapes and physical distributions of
geochemical parameters.
A computer aided orebody modelling project starts with a critical review of existing drill hole and
surface or underground sample data as well as maps and plans with current geological interpretation.
Drill hole and/or sample databases are set-up to suit all the quantitative and qualitative information
necessary to build a resource model
QUESTION 2
EXPLAIN THE FOLLOWING FUNCTIONALITY OF THE DATA MINING AND GIVE THE
EXAMPLES OF FUNCTIONALITY, USING REAL LIFE DATABASE THAT YOU ARE
FAMILIAR WITH.

Characterization
Data characterization is a summarization of general features of objects in a target class and produces
what is called characteristic rules. Note that with a data cube containing summarization of data, simple
OLAP operations fit the purpose of data characterization
For example, one may want to characterize the OurVideoStore customers who regularly rent more than
30 movies a year. With concept hierarchies on the attributes describing the target class, the attribute-
oriented induction method can be used, for example, to carry out data summarization.
ii) Discrimination

Data discrimination produces what are called discriminant rules and is basically the comparison of the
general features of objects between two classes referred to as the target class and the contrasting class.
For example, one may want to compare the general characteristics of the customers who rented more
than 30 movies in the last year with those whose rental account is lower than 5.
iii) Association

iv) Classification

Classification analysis is the organization of data in given classes. Also known as supervised
classification, the classification uses given class labels to order the objects in the data collection.
Classification approaches normally use a training set where all objects are already associated with
known class labels. The classification algorithm learns from the training set and builds a model. The
model is used to classify new objects.
For example, after starting a credit policy, the “OurVideoStore” managers could analyze the customers’
behaviors vis-à-vis their credit, and label accordingly the customers who received credits with three
possible labels “safe”, “risky” and “very risky”.
The classification analysis would generate a model that could be used to either accept or reject credit
requests in the future.
v) Prediction

Prediction has attracted considerable attention given the potential implications of successful forecasting
in a business context. There are two major types of predictions: one can either try to predict some
unavailable data values or pending trends or predict a class label for some data. The latter is tied to
classification.
Once a classification model is built based on a training set, the class label of an object can be foreseen
based on the attribute values of the object and the attribute values of the classes. Prediction is, however,
more often referred to as the forecast of missing numerical values, or increase/ decrease trends in time-
related data.
QUESTION 3
The architecture of most engineering DBMS is based on the ANSI-PARC architecture (1975). The
ANSI-PARC model of database identifies three distinct levels at which data items can be described.
With the aid of a diagram describe the three level architecture of a DBMS. Include its objective in your
explanation.

1. It allows independent customised user views.

2. It hides the physical storage details from users
3. The database administrator should be able to change the database storage structures without affecting
the users’ views.
4. The internal structure of the database should be unaffected by changes to the physical aspects of the
storage.
5. The database administrator should be able to change the conceptual or global structure of the database
without affecting the users.
QUESTION 3
QUESTION 4
Data mining is a knowledge of discovery process of automated extraction of hidden predictive
information from large databases.
i) With the aid of appropriate diagram, describe the architecture of data mining system
showing all components
 ii) Identify and discuss major challenges spatio and temporal in data mining

1)Scale effect in space and time is a challenging issue in spatiotemporal data analysis and mining. Scale
in terms of spatial resolution or temporal granularity can have a direct impact on the kind and strength
of spatiotemporal relationships that can be discovered in datasets.

2) Development of efficient techniques for visualization of spatiotemporal knowledge and interaction

facilities for gaining an insight of underlying phenomena represented by the knowledge is another
challenge. This requires the results of spatiotemporal data mining are to be embedded within a process
that interprets the results for further properly structured investigation into reasons behind the results.
The development of effective visual interfaces for viewing and manipulating the geometrical and
temporal attributes of spatiotemporal data is also another challenge

3) Many rules of qualitative reasoning on spatial and temporal data provide a valuable source of domain
independent knowledge that should be taken into account when generating patterns. Therefore, there is
an issue on how to express rules and how to integrate them with spatiotemporal reasoning mechanisms.

4) In spatial statistics such spatial dependence is called the spatial autocorrelation effect. Ignoring
autocorrelation and assuming an identical and independent distribution when analyzing data with spatial
and spatiotemporal characteristics may produce hypotheses or models that are inaccurate or inconsistent
with the data set

5) Spatial and temporal relationships are implicitly defined. They are not explicitly encoded in a
database. These relationships must be extracted from data. Extracting interesting and useful patterns
from spatial datasets is more difficult than extracting the corresponding patterns from traditional
numeric and categorical data due to the complexity of spatial data types, spatial relationships, and
spatial autocorrelation
QUESTION 5
Why would you choose a database system instead of simply storing data in operating system files?
When would it make sense not to use a database system?
A database is an integrated collection of data, usually so large that it has to be stored on secondary
storage devices such as disks or tapes. This data can be maintained as a collection of operating system
files, or stored in a DBMS (database management system).

The advantages of using a DBMS are:

 Data independence and efficient access. Database application programs are independent of the
details of data representation and storage. The conceptual and external schemas provide
independence from physical storage decisions and logical design decisions respectively. In addition,
a DBMS provides efficient storage and retrieval mechanisms, including support for very large files,
index structures and query optimization.
 Reduced application development time. Since the DBMS provides several important functions
required by applications, such as concurrency control and crash recovery, high level query facilities,
etc., only application-specific code needs to be written. Even this is facilitated by suites of
application development tools available from vendors for many database management systems.
 Data integrity and security. The view mechanism and the authorization facilities of a DBMS
provide a powerful access control mechanism. Further, updates to the data that violate the semantics
of the data can be detected and rejected by the DBMS if users specify the appropriate integrity
constraints.
 Data administration. By providing a common umbrella for a large collection of data that is shared
by several users, a DBMS facilitates maintenance and data administration tasks. A good DBA can
effectively shield end-users from the chores of fine-tuning the data representation, periodic back-ups
etc.
 Concurrent access and crash recovery. A DBMS supports the notion of a transaction, which is
conceptually a single user’s sequential program. Users can write transactions as if their programs
were running in isolation against the database. The DBMS executes the actions of transactions in an
interleaved fashion to obtain good performance, but schedules them in such a way as to ensure that
conflicting operations are not permitted to proceed concurrently. Further, the DBMS maintains a
continuous log of the changes to the data, and if there is a system crash, it can restore the database to
a transaction-consistent state. That is, the actions of incomplete transactions are undone, so that the
database state reflects only the actions of completed transactions. Thus, if each complete transaction,
executing alone, maintains the consistency criteria, then the database state after recovery from a
crash is consistent.

When would it make sense not to use a database system?

Answer. if not needed for the user as it can cast a huge amount and overheads of purchasing
the database and maintaining it. then it make a sense not to use database system
QUESTION 6
What is logical data independence and why is it important?
The ability to modify schema definition in one level without affecting schema of that definition in the
next higher level is called data independence. There are two levels of data independence, they are
Physical data independence and Logical data independence.

1. Physical data independence is the ability to modify the physical schema without causing
application programs to be rewritten. Modifications at the physical level are occasionally
necessary to improve performance. It means we change the physical storage/level without
affecting the conceptual or external view of the data. The new changes are absorbed by mapping
techniques.
2. Logical data independence is the ability to modify the logical schema without causing
application program to be rewritten. Modifications at the logical level are necessary whenever
the logical structure of the database is altered (for example, when money-market accounts are
added to banking system). Logical Data independence means if we add some new columns or
remove some columns from table then the user view and programs should not change. For
example: consider two users A & B. Both are selecting the fields "EmployeeNumber" and
"EmployeeName". If user B adds a new column (e.g. salary) to his table, it will not affect the
external view for user A, though the internal schema of the database has been changed for both
users A & B.
Logical data independence is more difficult to achieve than physical data independence, since
application programs are heavily dependent on the logical structure of the data that they access.
QUESTION 7
Explain the difference between logical and physical data independence
Difference between Physical and Logical Data Independence
Logica Data Independence Physical Data Independence

Logical Data Independence is mainly concerned with Mainly concerned with the storage of the data.
the structure or changing the data definition.

It is difficult as the retrieving of data is mainly It is easy to retrieve.

dependent on the logical structure of data.

Compared to Logic Physical independence it is Compared to Logical Independence it is easy to

difficult to achieve logical data independence. achieve physical data independence.

You need to make changes in the Application program A change in the physical level usually does not need
if new fields are added or deleted from the database. change at the Application program level.

Modification at the logical levels is significant Modifications made at the internal levels may or may
whenever the logical structures of the database are not be needed to improve the performance of the
changed. structure.

Concerned with conceptual schema Concerned with internal schema

Example: Add/Modify/Delete a new attribute Example: change in compression techniques, hashing

algorithms, storage devices, etc
QUESTION 9
How are these different schema layers related to the concepts of logical and physical data
independence?
By “the various schema layers in DMBS” I assume you are referring to the layers as defined in the
ANSI-SPARC architecture as it is usually presented in database textbooks. Keep in mind that this is
mostly a theoretical ideal and in practice almost no DBMS fully follows it, although they usually do
make it possible to realise the basic idea of separation of concerns that it is based upon.

So let us recall that in this architecture we have the following layers / schemas:

1. The external level described by the external schema. This manages how the data is
presented to the different (sets of) users and applications. The external schema describes
for each type of user (1) the structure of the data as it is presented to them, i.e., the
external presentation of the data, and (2) how from the entire database as it is described
at the conceptual level their data is selected, projected and transformed into the external
presentation. The data model used for the presentation can be the Relational Model, but
also any other data model that might be more appropriate for the application such as
XML, JSON or the data model of the used programming language.
2. The conceptual level described by the conceptual schema. This schema describes the
structure of the data in the entire database as it is shared by the different users and
applications. This is typically described in a data model for large shared database such as
the Relational Model. Note that the notion of conceptual schema is sometimes also used
to refer to a conceptual data model, such a data model formulated in the ER model, or in
UML Class diagrams or ORM diagrams. That is however not what is meant with this
concept in the ANSI-SPARC architecture.
3. The physical level described by the physical schema. This schema describes how the
data as described by the conceptual schema is mapped to actual storage data structures
in memory and/or on disk. This mapping covers design decisions such whether a relation
should be stored in a column-oriented or a row-oriented fashion, whether it should be
physically sorted and/or clustered, whether relations should be horizontally or vertically
split, or whether different relations should be merged, which combinations of columns
should be indexed and what type of index should be used, et cetera.
With this settled, let us revisit logical data independence and physical data independence.

Logical data independence: This refers to the separation between the external schema and the
conceptual schema. This makes it possible that that the external schema can change without
changing the conceptual schema, and vice versa. This means that it can be that for certain
applications the presented data can change without having to change the shared data model in
the conceptual schema, or that the shared data model at the conceptual level can change without
requiring a change in how the each existing application sees their data. In existing DBMSs this is
usually realised through views, where the applications never get to see the base tables but only
query views that are based on these base tables. In that case we can adapt only the views if a
certain application requires for example additional data, which will be possible as long as this view
is expressible over the existing base tables and does not violate any business rules concerning data
access permissions. It will also be possible to adapt the base tables without changing the
appearances of the views, as long as we can reformulate the view definitions over the new base
tables.

Physical data independence: This refers to the separation between the conceptual schema and
the physical schema. This makes it possible that the physical schema changes without having to
change the conceptual schema. This means the same relations might be stored in a different way,
for example to allow faster execution of certain queries, without changing the definitions of the
relations in the conceptual schema. This means that existing applications that depend directly or
indirectly on this schema do not need to be rewritten. In existing DBMSs this is often realised by
allowing indexes to be added or removed, or allow to change the type of index (e.g. , from
clustered to non-clustered), without influencing the results of SQL queries.

QUESTION 10
What are the responsibilities of a DBA? If we assume that the DBA is never interested in running his or
her own queries, does the DBA still need to understand query optimization? Why?
The role may include capacity planning, installation, configuration, database design, migration,
performance monitoring, security, troubleshooting, as well as backup and data recovery
The responsibility of the DBA is include:

1-Schema definition: the person (DBA)is make main the database schema through implement set of data
definition in DDL .

2- storage body and define the access method

3- Schema and physical-organization modification: The DBA execute changes on the schema and
physical organization to invert all the needs changing of the organization or change the
organization physical to progress performance.

4- Granting of authorization for data access.: the DBA can organize any part of data base allow to
users can access by agree to give various kinds of authorization and keep the information in private
system structure that the DB system confer whenever try anyone access to the data in system.

5- Routine maintenance.: the activities of Routine maintenance like support Periodically Up the DB
to prevent loss data, and making sure if free disk space enough and control chances of work on DB
and making sure the performance.

because the DBA needs to understand the query optimization untill if he or she not intersted in running
because some of these responsibilities are linked to query optimization and if the DBA not undersatnd
the performanceof the queries on wide range athen can not make good decisions
QUESTION 12
Explain the following terms briefly:
i) Attribute,
ii) Domain,
iii) Entity,
iv) Database
v) DBMS
vi) Record
vii) Modelling

QUESTION 13
With the aid of Appropriate Examples, Compare and Contrast the Network Hierarchical and
Relational Data Models
Difference Between Hierarchical Network and Relational Database Model

Definition
A hierarchical model is a structure of data organized in a tree-like model using parent-child relationships
while network model is a database model that allows multiple records to be linked to the same owner file.
A relational model, on the other hand, is a database model to manage data as tuples grouped into relations
(tables).

Basis
Hierarchical model arranges data in a tree similar structure while network model organizes data in a graph
structure. In contrast, relational model arranges data in tables. Hence, this is the main difference between
hierarchical network and relational database model.

Relationship
Moreover, an important difference between hierarchical network and relational database model is that
while a hierarchical model represents “one to many” relationship, a network model represents “many to
many” relationship. Furthermore, relational model can represent both “one to many” and “many to many”
relationships.

Accessing data
Although it is difficult to access data in the hierarchical model, it is easier to access data in the network
model and the relational model.

Flexibility
Also, another difference between hierarchical network and relational database model is their flexibility.
The hierarchical model is less flexible, but the network model and relational model are flexible.
 QUESTION 14
a) What is Encryption

1. the process of converting information or data into a code, especially to prevent unauthorized access

b) Briefly Describe the Major Types of Encryption that may be Used to Safeguard a Database against
Unauthorized use
There are two types of encryption in widespread use today: symmetric and asymmetric encryption.
The name derives from whether or not the same key is used for encryption and decryption.

What is symmetric encryption?

In symmetric encryption the same key is used for encryption and decryption. It is therefore critical that a
secure method is considered to transfer the key between sender and recipient.

Figure 2:
Symmetric encryption – Using the same key for encryption and decryption

What is asymmetric encryption?

Asymmetric encryption uses the notion of a key pair: a different key is used for the encryption and
decryption process. One of the keys is typically known as the private key and the other is known as the
public key.
The private key is kept secret by the owner and the public key is either shared amongst authorised
recipients or made available to the public at large.
Data encrypted with the recipient’s public key can only be decrypted with the corresponding private
key. Data can therefore be transferred without the risk of unauthorised or unlawful access to the data.

Figure 3: Asymmetric encryption – Using a different key for the encryption and decryption process

What about hashing?

Hashing is a technique that generates a fixed length value summarising a file or message contents. It is
often incorrectly referred to as an encryption method.

Hash functions are used with cryptography to provide digital signatures and integrity controls but as no
secret key is used it does not make the message private as the hash can be recreated.
QUESTION 15
i) Clarify the difference between functional dependencies and full functional dependencies.

ii) What are the three data anomalies that are likely to occur as a result of data redundancy?

An update anomaly is a data inconsistency that results from data redundancy and a partial update. For
example, each employee in a company has a department associated with them as well as the student
group they participate in.
A deletion anomaly is the unintended loss of data due to deletion of other data. For example, if the
student group Beta Alpha Psi disbanded and was deleted from the table above, J. Longfellow and the
Accounting department would cease to exist. This results in database inconsistencies and is an example
of how combining information that does not really belong together into one table can cause problems.
An insertion anomaly is the inability to add data to the database due to absence of other data. For
example, assume Student_Group is defined so that null values are not allowed. If a new employee is
hired but not immediately assigned to a Student_Group then this employee could not be entered into the
database. This results in database inconsistencies due to omission.
Update, deletion, and insertion anomalies are very undesirable in any database. Anomalies are avoided
by the process of normalization.
QUESTION 16
Chitova wants to store information (names, addresses, descriptions of embarrassing moments, etc.)
about the many ducks on his payroll. Not surprisingly, the volume of data compels him to buy a
database system. To save money, he wants to buy one with the fewest possible features, and he plans to
run it as a stand-alone application on his Personal Computer. Of course, Chitova does not plan to share
his list with anyone. Indicate which of the following DBMS features Chitova should pay for; in each
case, also indicate why Chitova should (or should not) pay for that feature in the system he buys.
i) A security facility;
ii) Concurrency control;
iii) Crash recovery;
iv) A view mechanism;
v) A query language;

Question 17
a) Explain the difference between conceptual, logical, and physical database design. Why
might these tasks be carried out by different people?
b) Data mining is a knowledge of discovery process of automated extraction of hidden predictive
information from large databases.

i) Describe FIVE (5) main steps involved in data mining when viewed a process of
Knowledge discovery.
QUESTION 19
a) Identify and describe the five components of the DBMS environment and discuss how they
relate to each other.

DBMS Components: Hardware

When we say Hardware, we mean computer, hard disks, I/O channels for data, and any other physical
component involved before any data is successfully stored into the memory.
When we run Oracle or MySQL on our personal computer, then our computer's Hard Disk, our
Keyboard using which we type in all the commands, our computer's RAM, ROM all become a part of
the DBMS hardware.

DBMS Components: Software

This is the main component, as this is the program which controls everything. The DBMS software is
more like a wrapper around the physical database, which provides us with an easy-to-use interface to
store, access and update data.
The DBMS software is capable of understanding the Database Access Language and intrepret it into
actual database commands to execute them on the DB.
DBMS Components: Data
Data is that resource, for which DBMS was designed. The motive behind the creation of DBMS was to
store and utilise data.
In a typical Database, the user saved Data is present and meta data is stored.
Metadata is data about the data. This is information stored by the DBMS to better understand the data
stored in it.
For example: When I store my Name in a database, the DBMS will store when the name was stored in
the database, what is the size of the name, is it stored as related data to some other data, or is it
independent, all this information is metadata.

DBMS Components: Procedures

Procedures refer to general instructions to use a database management system. This includes procedures
to setup and install a DBMS, To login and logout of DBMS software, to manage databases, to take
backups, generating reports etc.

DBMS Components: Database Access Language

Database Access Language is a simple language designed to write commands to access, insert, update
and delete data stored in any database.
A user can write commands in the Database Access Language and submit it to the DBMS for execution,
which is then translated and executed by the DBMS.
User can create new databases, tables, insert data, fetch stored data, update data and delete the data
using the access language.

Users

 Database Administrators: Database Administrator or DBA is the one who manages the
complete database management system. DBA takes care of the security of the DBMS, it's
availability, managing the license keys, managing user accounts and access etc.
 Application Programmer or Software Developer: This user group is involved in developing
and desiging the parts of DBMS.
 End User: These days all the modern applications, web or mobile, store user data. How do you
think they do it? Yes, applications are programmed in such a way that they collect user data and
 store the data on DBMS systems running on their server. End users are the one who store,
retrieve, update and delete data.

b) Explain the following terms as used in Database Management and Modelling

ii) Database A database is an organized collection of structured information, or data, typically

stored electronically in a computer system. A database is usually controlled by a database
management system (DBMS).

iii) Data model Data models define how the logical structure of a database is modeled. Data
Models are fundamental entities to introduce abstraction in a DBMS. Data models define
how data is connected to each other and how they are processed and stored inside
the system

iv) Views a view is the result set of a stored query on the data, which the database users can
query just as they would in a persistent database collection object.

v) Data independence Data independence is the type of data transparency that matters for a
centralized DBMS. It refers to the immunity of user applications to changes made in
the definition and organization of data. ... There are two types of data independence:
physical and logical data independence

vi) Field A database field is a single piece of information from a record. A database record is a
set of fields
QUESTION 20
Database management and modelling system have become very essential component in engineering
society. Why would you choose a database system instead of simply storing data in a traditional filling
system?
 A database is an integrated collection of data, usually so large that it has to be stored on
secondary
 storage devices such as disks or tapes. This data can be maintained as a collection of operating
system files,or stored in a DBMS (database management system).

 Operating System (OS) files do NOT hold data for your personal use. Any data in an OS file is
used STRICTLY by the OS.
 A database system is used for storing data of any kind. A text file is not stored data, so you
wouldn't use a database for THAT. But a dictionary of words used in the text file, along with
their definitions, could use a database.
Even pics can be stored in a database, and even a list of other files can be stored in a database.

A database is an integrated collection of data, usually so large that it has to be stored on

secondary storage devices such as disks or tapes. This data can be maintained as a collection of
operating system files, or stored in a DBMS (database management system).
The advantages of using a DBMS are:
Data independence and efficient access
Data integrity and security
Data administration. By providing a common umbrella for a large collection of data
Concurrent access and crash recovery
b) Explain the difference between logical and physical data independence.
PHYSICAL DATA INDEPENDENCE LOGICAL DATA INDEPENDENCE

It mainly concern about how the data is It mainly concerned about the structure or
stored into the system. the changing data definition.

It is difficult to retrieve because the data

is mainly dependent on the logical
It is easy to retrieve. structure of data.

As compared to the logical As compared to the physical

independence it is easy to achieve independence it is easy to achieve logical
physical data independence. data independence.

Any change at the physical level, does

not require to change at the application The change in the logical level requires a
level. change at the application level.

The modifications made at the internal

level may or may not be needed to The modifications made at the logical
improve the performance of the level is significant whenever the logical
structure. structure of the database is to be changed.

It is concerned with the conceptual

It is concerned with the internal schema. schema.

Example: Change in compression

techniques, Hashing algorithms and Example: Add/Modify or Delete a new
storage devices etc. attribut

Question 22
a) Suppose your task as a Mining engineer at Mimosa Mining Company is to design a data mining
system to examine their mining course database, which contains the following information: the name,
ecnumber, address and status (e.g., working underground or Surface) of each employee, courses taken,
and their cumulative grade point average (GPA).

c) In any, mining organization you are familiar with, identify any 5 potential threats to database
security. For each threat suggest a remedy.
d) Excessive Database Privileges.
Database users may have different privileges. However, users may abuse them and here are the
major types of privilege abuses: excessive privilege abuse, legitimate privileges abuse and
unused privilege abuse. Excessive privileges always create unnecessary risks. According to
statistics 80% of the attacks on company databases are executed by current company employees
or ex-employees.
Countermeasures:
a. It is advised to deploy and uphold a strict access and privileges control policy.
 b. Don’t grant excessive privileges to company employees and revoke outdated privileges
in time.
e) SQL Injections. This is a type of attack when a malicious code is embedded in frontend (web)
applications and then passed to the backend database. As the result of SQL injections
cybercriminals get unlimited access to any data being stored in a database. There are two types
of such computer attacks: SQL injection targeting traditional databases and NoSQL injections
targeting big data databases.
Countermeasures:
a. Stored procedure shall be used instead of direct queries.
b. MVC Architecture shall be implemented.
f) Weak Audit Trail. If a database is not audited it represents risks of noncompliance with national
and international sensitive data protection regulations. All database events shall be recorded and
registered automatically and it’s obligatory to use automatic auditing solutions. Inability or
unwillingness to do that represents a serious risk on many levels.
Countermeasures:
Use automatic auditing solutions that impose no additional load on database performance. Using
DataSunrise Database Auditing module could be the best solution for you and your business
g) Database Backups Exposure. It’s a good practice to make backups of proprietary databases at
defined periods of time. However, surprisingly database back-up files are often left completely
unprotected from attack. As a result, there are numerous security breaches happening through
database backup leaks.
Countermeasures:
a. Encrypt both databases and backups. Storing data in encrypted form allows secure both
production and back-up copies of databases. DataSunrise Data Encryption is the best way
to do that.
b. Audit both the database and backups. Doing this helps to see who has been trying to get
access to sensitive data.
h) DB Vulnerabilities and Misconfigurations. It often happens that databases are found totally
unprotected due to misconfiguration. Moreover, some databases have default accounts and
configuration parameters. One should remember that hackers are often highly professional IT
specialists who surely know how to exploit database vulnerabilities and misconfigurations and
use them to attack your company.
Countermeasures:
a. Your databases shouldn’t have any default accounts.
b. Your IT personnel should be highly qualified and experienced.
i) Lack of Security Expertise and Education. Databases get breached and leaked due to insufficient
level of IT security expertise and education of non-technical employees who may break basic
database security rules and put databases at risk. IT security personnel may also lack the
expertise required to implement security controls, enforce policies, or conduct incident response
processes.
Countermeasures:
 a. Database users shall be educated in database security.
b. IT security specialists shall be urged to raise their professional level and qualification.
j) Denial of service attack. This type of attacks slows down a database server and can even make it
unavailable to all users. Despite the fact that a DoS attack doesn’t disclose the contents of a
database, it may cost the victims a lot of time and money. Moreover, what’s the use of a database
if you can’t use or access it.
Countermeasures:
a. Harden the TCP/IP stack by applying the appropriate registry settings to increase the size
of the TCP connection queue.
b. Decrease the connection establishment period.
c. Employ dynamic backlog mechanisms to ensure that the connection queue is never
exhausted.
d. Use a network Intrusion Detection System (IDS).
k) Unmanaged Sensitive Data. Many companies store a lot of sensitive information and fail to keep
an accurate inventory of it. Forgotten and unattended data may fall prey to hackers. In addition,
new sensitive data is added on a daily basis and it’s not easy to keep track of it all. It means that
newly added data may be exposed to threats.
Countermeasures:
a. Encrypt all sensitive data in your database(s).
b. Apply required controls and permissions to the database.