**3. Security design principle**

## **3.1 Web security design principle**

We should obey the following principle when designing and deploying computer network security.

1. Balance Analysis Principle of Demand, Risk and Cost

According to the existing technology, there is hardly a perfect Safety network. We should do some qualitative and quantitative analyse to threaten and possible risk network faced. The standards and measures are then made to confirm security policy of system.

2. Principle of Comprehensiveness and Integrity

We can analyse security issues of network and formulate specific measures by using views and methods of system engineering. Multi-methods make a prefer security measure. A computer network including links of human being, device, software and data take an important role in network security, and only analyse and treat in whole view can they obtain valid and executive measures.

3. Consistency Principle

Consistency Principle means that network security issues should concurrent exist with the whole network operating cycle, and security architecture should keep in line with network security. Actually, network security strategies should taken into consideration in the beginning of network construction rather than at the end of this procedure with characters of facility and low cost.

4. Principle of Security and Reliability

Guarantee of system security is very important. In procedure of design and implement, specify measures are adopted to ensure security of information secure product and technology proposal. By strict technology administration and redundancy configuration of device, quality of product and reliability of system can be guaranteed.

5. Principle of Advanced Technology

Advanced technology system and standard technology are required in security design.

6. Principle of Easy-operation

Security measures are manually completed. Complexed measures can always lead to high requirement for administrators, and low security. Otherwise, the measures should be friendly to operation of system.

7. Principle of Adaptability and Flexibility

Security measures must change with the developing of network performance. Characters of easily to adapt and modify are required.

 Further attack. From definition and principle of SQL inject, we know that attackers are interested in administrators authorizations rather than their account numbers. The administrator authorizations will bring further attack and acqire higher authorization

We should obey the following principle when designing and deploying computer network

According to the existing technology, there is hardly a perfect Safety network. We should do some qualitative and quantitative analyse to threaten and possible risk network faced. The

We can analyse security issues of network and formulate specific measures by using views and methods of system engineering. Multi-methods make a prefer security measure. A computer network including links of human being, device, software and data take an important role in network security, and only analyse and treat in whole view can they

Consistency Principle means that network security issues should concurrent exist with the whole network operating cycle, and security architecture should keep in line with network security. Actually, network security strategies should taken into consideration in the beginning of network construction rather than at the end of this procedure with characters

Guarantee of system security is very important. In procedure of design and implement, specify measures are adopted to ensure security of information secure product and technology proposal. By strict technology administration and redundancy configuration of

Advanced technology system and standard technology are required in security design.

Security measures are manually completed. Complexed measures can always lead to high requirement for administrators, and low security. Otherwise, the measures should be

Security measures must change with the developing of network performance. Characters of

device, quality of product and reliability of system can be guaranteed.

standards and measures are then made to confirm security policy of system.

for attackers to add Trojan to webpages.

1. Balance Analysis Principle of Demand, Risk and Cost

2. Principle of Comprehensiveness and Integrity

obtain valid and executive measures.

4. Principle of Security and Reliability

5. Principle of Advanced Technology

7. Principle of Adaptability and Flexibility

easily to adapt and modify are required.

6. Principle of Easy-operation

friendly to operation of system.

3. Consistency Principle

of facility and low cost.

**3. Security design principle 3.1 Web security design principle** 

security.

#### 8. Multiple-protection Principle

Perfect security protection methods merely existed, so that a multiple-protection system is constructed to protect each layer. When one layer is broken, any other layers can still protect information.

Methods as installing fire wall, setting up isolation region for protected resource, encrypting the sensitive information being stored and transmitted, providing identity authentication and building secret passage, providing digital signature for audit and tracking to software without any security guarantee are adopted to ensure Web service security.

#### 1. Install Fire Wall

The most popular security method is providing an isolation region to LAN or website. Fire wall of LAN is a function module inside computer or network equipments between innernet and Internet. Its purpose is to provide security protection to an innernet or host and control access objects, so it can also called access control technology. There are two operation mechanisms for fire wall e.g. packet filtering and agency. Packet filtering aims at the service provided by host of special IP address. Its basic principle is to intercept and capture IP packet of IP layer in network transmission, then find out resource address and destination address, source port and destination port of IP packet. Whether to transmit IP packet is based on fixed filtering principle.

Agent is achieved in the application layer, the basic principle is to construct an independent agent program for Web services, and client program and the server can only exchange information by their own agent programs rather than allow them to interact directly with each other.

2. Encryption for Confidential Information

This method is particularly effective to protect confidential information, which can prevent wiretapping and hacking. Transmission encryption in Web services is in general achieved in the application layer. When WWW server sends confidential information, firstly, it selects keys to encrypt the information, based on the receiver's IP address or other identification; After browser receives the encrypted data, it decrypts the encrypted data according to source address or other identification of the information in IP packet to get the required data. In addition, transmission, encryption and decryption of information at the IP layer also can be achieved by encrypting and decrypting the whole message to ensure information security at the network layer.

3. Provide Identity Authentication for the Client / Server Communication and Establish A Secure Channel

Currently some network security protocols e.g. SSL and PCT have appeared, which are based on the existing network protocol. These two protocols are mainly used for not only protecting confidential information but also preventing other unauthorized users to invade their own host.

SSL protocol is a private communication and includes technology of authentication, signature, encryption for the server, which can not only provide authentication for the server but also provide authentication for the client according to the options of the server.

Web and Database Security 9

management, database maintenance and query management; At application layer, users can

Access control is the rights control of user access to all kinds of resources of the database, which is divided into two stages: one is security account identification, the other is the access permission identification. In the security account authentication phase, the user logins for the authentication, if it's successful, he can connect to the SQL Server, otherwise it will reject the connecting requirement. Access license verification refers to that after the user connect to SQL Server, the system determine whether they have license to access to the database according to the user account stored in the database and correspond to server login

After the legal users access to the server and database, the database access mechanism will control the legal users to operate the data objects. First of all, statements in the database license will limit the database user to carry out some SQL statements. Secondly, objects in the database license will limit the database user to carry out some tasks of the database

As the database administrator, if you want a user to have a select right rather than the delete right, at this time you can achieve the goal by establishing stored procedures, thus

If the administrators give users the permission to access the database tables and form a too large user access area, it will cause threats brought by users to data security of the database. To avoid this situation, you can achieve data security view through the way of establishing

This role is used for setting license at a time that number of database users can access to the database, if permission is not deployed properly, it will threat data in the database directly. As an administrator, you should be very careful when you give permission to the public

Data backup is principal work in the course of daily management of the database. When the server or database system breaks down, the original data is difficult to recover without a backup strategy. Therefore, the database should be installed in security zone of their intranet, and can not be connected to the Internet directly. In addition, different computers should implement backup strategies to protect data security when people deal with

manage database through not only interactive ways but also command mode.

2. Management Strategy of Database

identification. Access control can prevent the illegal users.

c. Establish Data Security by Using System Stored Procedures

a. Access Control

b. Database License

protecting the safety of the data.

d. Establish Data Security by Using the View

e. Establish Data Security by Using the Database Role

objects.

data view.

role.

f. Data Backup

abnormal failure.

SSL protocol can run on any kind of reliable communication protocols, e.g. TCP, and can also run in application protocols e.g. HTTP, FTP, Telnet etc. SSL protocol uses X.509 V3 certification standards, RSA, Diffie-Hellman and the Fortezza-KEA as its public key algorithm and uses the RC4-128, RC-128, DES, 3-layer DWS or IDEA as its data encryption algorithm. The authentication scheme and encryption algorithm provided by PCT are more abundant than SSL, and it makes improvements in some details of the agreement.

IPSec protocol is used to provide end to end encryption and authentication services for public and private networks. It specifies all kinds of optional network security services, and the organizations can integrate and match these services according to their own security policy, and they can build security solution on the framework of the IPSec. The protocol provides three basic elements to protect network communications, the basic elements are "Authentication Header", "Encapsulating Security Payload" and "Internet Key Management Protocol".

HTTPS protocol (Secure Hypertext Transfer Protocol), which is built on its browser for compressing and decompressing the data, and returns the result which is back to the network.

4. Digital Signatures for the Software

Many large companies use digital signature technology for their software, and claim that they are responsible for the security of their software, especially e.g. Java applets, ActiveX controls, which will bring risks to Web services. Digital signatures are based on public key algorithms, using their private key to sign its own released software, and are authenticated by using the public key. Microsoft's Authenticode technology is used to identify a software publisher and prove that it has not been damaged. Authenticode is software for client, which monitors the ActiveX control, Cab files, Java applets, or download of executable file, and look for the digital certificate to verify in these files, and then show warning words, the certificate organization's name and other information to the user for possible security problems. Digital signature can protect the integrity of the software, and it is sensitive to illegal change of the software in the transfer process.

## **3.2 Database design principles**

Users enter into the database system through the database application program when users firstly access the database, database applications deliver the username and password which is submitted by the user to the database management system for certificating, after determining their legal status, users are allowed to enter. They also must pass the authentication when operate objects, tables, views, triggers, stored procedures etc. in the database. How can users operate in application and database is depended on rights allocation and constraints of accessing control.

1. Secure Database System Model

Criteria based on security database, you can create a simple security database system model which is divided into four layers: system layer, including data access, encryption and decryption algorithm; function layer is the key to the whole system, including key distribution mechanism, fast indexing mechanism and derive control; interface layer is directly user-oriented, which includes the function of user authentication, authorization

SSL protocol can run on any kind of reliable communication protocols, e.g. TCP, and can also run in application protocols e.g. HTTP, FTP, Telnet etc. SSL protocol uses X.509 V3 certification standards, RSA, Diffie-Hellman and the Fortezza-KEA as its public key algorithm and uses the RC4-128, RC-128, DES, 3-layer DWS or IDEA as its data encryption algorithm. The authentication scheme and encryption algorithm provided by PCT are more

IPSec protocol is used to provide end to end encryption and authentication services for public and private networks. It specifies all kinds of optional network security services, and the organizations can integrate and match these services according to their own security policy, and they can build security solution on the framework of the IPSec. The protocol provides three basic elements to protect network communications, the basic elements are "Authentication Header", "Encapsulating Security Payload" and "Internet Key Management

HTTPS protocol (Secure Hypertext Transfer Protocol), which is built on its browser for compressing and decompressing the data, and returns the result which is back to the

Many large companies use digital signature technology for their software, and claim that they are responsible for the security of their software, especially e.g. Java applets, ActiveX controls, which will bring risks to Web services. Digital signatures are based on public key algorithms, using their private key to sign its own released software, and are authenticated by using the public key. Microsoft's Authenticode technology is used to identify a software publisher and prove that it has not been damaged. Authenticode is software for client, which monitors the ActiveX control, Cab files, Java applets, or download of executable file, and look for the digital certificate to verify in these files, and then show warning words, the certificate organization's name and other information to the user for possible security problems. Digital signature can protect the integrity of the software, and it is sensitive to

Users enter into the database system through the database application program when users firstly access the database, database applications deliver the username and password which is submitted by the user to the database management system for certificating, after determining their legal status, users are allowed to enter. They also must pass the authentication when operate objects, tables, views, triggers, stored procedures etc. in the database. How can users operate in application and database is depended on rights

Criteria based on security database, you can create a simple security database system model which is divided into four layers: system layer, including data access, encryption and decryption algorithm; function layer is the key to the whole system, including key distribution mechanism, fast indexing mechanism and derive control; interface layer is directly user-oriented, which includes the function of user authentication, authorization

abundant than SSL, and it makes improvements in some details of the agreement.

Protocol".

network.

4. Digital Signatures for the Software

**3.2 Database design principles** 

illegal change of the software in the transfer process.

allocation and constraints of accessing control.

1. Secure Database System Model

management, database maintenance and query management; At application layer, users can manage database through not only interactive ways but also command mode.


Access control is the rights control of user access to all kinds of resources of the database, which is divided into two stages: one is security account identification, the other is the access permission identification. In the security account authentication phase, the user logins for the authentication, if it's successful, he can connect to the SQL Server, otherwise it will reject the connecting requirement. Access license verification refers to that after the user connect to SQL Server, the system determine whether they have license to access to the database according to the user account stored in the database and correspond to server login identification. Access control can prevent the illegal users.

b. Database License

After the legal users access to the server and database, the database access mechanism will control the legal users to operate the data objects. First of all, statements in the database license will limit the database user to carry out some SQL statements. Secondly, objects in the database license will limit the database user to carry out some tasks of the database objects.

c. Establish Data Security by Using System Stored Procedures

As the database administrator, if you want a user to have a select right rather than the delete right, at this time you can achieve the goal by establishing stored procedures, thus protecting the safety of the data.

d. Establish Data Security by Using the View

If the administrators give users the permission to access the database tables and form a too large user access area, it will cause threats brought by users to data security of the database. To avoid this situation, you can achieve data security view through the way of establishing data view.

e. Establish Data Security by Using the Database Role

This role is used for setting license at a time that number of database users can access to the database, if permission is not deployed properly, it will threat data in the database directly. As an administrator, you should be very careful when you give permission to the public role.

f. Data Backup

Data backup is principal work in the course of daily management of the database. When the server or database system breaks down, the original data is difficult to recover without a backup strategy. Therefore, the database should be installed in security zone of their intranet, and can not be connected to the Internet directly. In addition, different computers should implement backup strategies to protect data security when people deal with abnormal failure.

Web and Database Security 11

Security audit techniques use one or several security testing tools (generally referred to as scanner), first of all, it will scan loopholes and inspects security vulnerabilities of the system, then achieve the inspection report about the weak link of system, at last it will take security

Traditional security audit has the function of "old records", pay attention to the audit afterwards and emphasize the deterrent of the audit and verification of security incidents. With the change of United States national information security policy, doing the so-called "defense in depth strategy information" in the information infrastructure is put forward by Information Assurance Technical Framework (IATF), this strategy requires security audit system to participate in the active protection and response. In modern time, network security audit is an all-round, distributed, and multiple-level strong audit concept, which breaks the previous concept of "log" and other shallow level security audit, and it's consistent with the requirements of protecting, detecting, replying and recovering (PDRR) dynamic process, which is put forward by IATF. It can protect and response to the

 Distributed audit: audit information is stored in the server and security equipment, and system security administrator will review it. Distributed audit is applied to enterprise

Host based audit. Host based control mechanism can control the specified host system,

 Network based audit. Network based control mechanism can real-time monitor network security risks, to realize the comprehensive protection of intranet resources; Combination of host and network based audit. It can not only monitor host but also the

4. The emphasis of the information system security audit are mainly the following types: Network communication system: It mainly includes analysis, recognition judgment and record of the typical protocol in the flow of network, intrusion detection of Telnet, HTTP, Email, FTP, online chat, file sharing etc, as well as for traffic monitoring, recognition and alarm of anomaly traffic and network equipment operation monitoring. Important server host operating system: It mainly includes audit of the startup of system, running situation, the administrator login, operation situation, system configuration changes (e.g. the registry, the configuration file, the user system) as well as a worm or virus infection, the resource consumption; audit of hard disk, CPU, memory, network load, processes, operating system security log, system events, access

information system which demands less with information security protection. Centralized audit: audit information in the server and security equipment is collected, collated, analyzed and compiled into the audit report. Centralized audit is applied to enterprise information system which demands more with information security

protection and emergency measures according to the response strategies.

information actively on the basis of improving the breadth and depth of audit.

1. Based on the objects of audit, security audit is divided into:

2. Based on the ways of audit, security audit is divided into:

3. Based on control mechanism of audit, security audit is divided into:

 Operating system of audit; Application system of audit;

Network application of audit;

its control ability is in detail;

to the important document.

Equipment of audit;

protection.

network.

#### g. Database Encryption

Database encryption requires that database cryptography changes plaintext into cipher-text, and cipher-text data stored in the database. Cipher-text is decrypted to get clear information when queries, so data will not be leaked even if the hardware store is stolen, thus the database system security is greatly improved, of course, the cost also increases. Response to attacks from the network level, the database mainly uses many ways e.g. installing a firewall, doing intrusion detection etc. to improve its safety performance. Firewall resists the incredible connections from outside. Intrusion detection systems are generally deployed in firewall, and detect abnormalities on the network and the host through Network packet interception analysis or Analysis of log.

#### h. Audit Trail and Attack Detection

The audit function records all database's operation in the audit log automatically when the system works, attack detection system analyses and detects attempt of internal and external attackers according to the audit data, and reproduces events which leads to the status of the system, find vulnerabilities of the system by analyzing, and then trace the relevant responsible person.
