IT Baseline Protection Manual - Chapter 9.2 Databases
9.2 Databases
Description
Database systems (DBS) are commonly accepted
computer-aided techniques of organising, generating,
manipulating and managing large amounts of data. A
database system consists of the database management
system (DBMS) and a certain number of databases. A
database is a collection of data representing facts on a
specific application in the real world. The DBMS acts as
an interface between users and the database, allowing
efficient and centrally monitored access to data, and
ensuring the pemanent availability of this data.
Database management systems now form an indispensable part of IT applications. Without a DBMS, it
would not be possible to manage the vast amounts of data which need to be collected, processed and
evaluated. The concept of a DBMS is based on a particular database model. The most important
database models are described in the following:
Hierarchical database model
This is the oldest existing variant, also regarded as the database model of the first generation. This
database model is structured like a tree. The nodes and leaves in this structure represent the files. A
node or leaf has exactly one predecessor, and data is always accessed sequentially. The access routes
are determined by the tree structure (and file structure respectively).
Relational database model
The relational database model involves strict separation between the data and the methods of accessing
it. The data is stored in the form of tables, where each row represents a data record (also termed tupel)
and each column represents an attribute of the data record. Tupels can be related to other tupels in
different tables, which is marked by a corresponding relationship. As opposed to the hierarchical model,
the relational database model does not impose any restrictions on access to data.
SQL (Standard Query Language), standardised by the ISO, is the database language provided with all
relational database systems.
Object-oriented database model
Object-oriented database models are an extension of classical database models and involve an object-oriented
(OO) technique. In this case, objects with similar attributes are grouped into classes which, in
turn, can be assigned class hierarchies. Only defined methods can be used to modify the objects, the
inheritance of methods and attributes playing a key role in object-oriented design. Standard data types
such as "Integer" and "Character" can be supplemented with type constructors allowing the definition of
complex values.
This chapter only provides a treatment of databases based on the relational database model, as it is
currently the most prevalent.
A database system generally provides simultaneous access for different users. It therefore has to process
several user requests (transactions) in parallel and guarantee a distinct level of fault tolerance. Of
central importance are four requirements which are called the ACID-principle:
Atomicity
From the view of a user, a transaction will either be completed as a whole or not at all. If there is an
error or interruption, all changes made so far will be undone. This is ensured in the DBMS with
appropriate recovery measures.
Consistency
All integrity conditions in the database are maintained. A transaction leads the database from a
consistent state into another consistent state. This can be ensured by appropriate synchronisation
mechanisms in the database.
Isolation
Every transaction is isolated from all other transactions. This also implies that a transaction can
access only data that are part of a consistent state of the database.
Durability
If a transaction has been reported to the user as successfully completed, all changes made in the
database will survive subsequent hardware or software failures (unless the database is destroyed as a
whole).
These requirements are fulfilled by almost all commercially available DBMS systems.
Database systems are based on standard commercial software offered by a variety of manufacturers.
The first step in acquiring a database for processing data is to select a suitable standard software
package. The related threats and safeguards stated in Chapter 9.1 Standard Software must also be
considered here.
Databases cannot be treated separately from the environment in which they are used. A stand-alone PC
is just as feasible as a mainframe or a network of Unix systems. For this reason, the threats and
safeguards described in Chapter 5 Non-networked systems, Chapter 6 Local Area Networks and
Chapter 7 Data Transfer Systems should be taken into consideration in accordance with the type of
environment involved. To prevent redundancies, this chapter does not repeat descriptions of threats and
safeguards unless they are of particular importance.
Threat Scenario
The following threats are assumed to be applicable to the IT baseline protection of databases:
For the purpose of IT baseline protection, we recommend the complete implementation of the safeguard
packages (modules) summarised in Chapters 2.1 and 2.4.
It is advisable to install the database server in a separate server room. The appropriate measures are
described in Chapter 4.3.2. If an office is used simultaneously as a server room, the safeguards
described in Chapter 4.3.1 must also be implemented.
If the database server is installed in a protective cabinet, also refer to
Chapter 4.4 Protective Cabinets.
The following essential steps must also be taken for databases:
Determining the requirements to be fulfilled by the database software.
First prepare a requirements catalogue to allow the selection of a suitable standard database software
(S 2.80 and S 2.124).
Training administrators
Before the database software is used in a productive environment, the responsible administrators
must be trained (S 3.11). If possible, this should be done before procuring the software package.
Design a database concept
Before using the database software, design a database concept which describes the installation and
configuration of the database software, the suitable concept for database users and their access
rights, as well as the application-specific database. Depending on the capacity and environment of
the database as well as the selected standard database software, such a concept can be very extensive
(S 2.125, S 2.128, S 2.129
and S 2.126).
Operating the database
Commissioning and operation of the database include the implementation of the database concept, as
well as continuous monitoring of the DBMS in order to ensure the availability, data integrity and
protection of confidential data. The most important safeguards here concern documentation
(S 2.25, S 2.31, S 2.34),
administration (S 2.130, S 2.133) and
utilisation of the database.
Contingency planning
In addition to the general safeguards relating to this topic, it is important to consider database-specific
circumstances in order to keep data losses and recovery times within reasonable limits in the
event of a system crash or database crash. (S 6.32, S 6.49,
S 6.50).
The safeguard package for databases is listed in the following: