IT Baseline Protection Manual T 2.39 Complexity of a DBMS

-->

T 2.39 Complexity of a DBMS

The selection and use of standard database systems requires careful planning, installation and configuration of the database management system (DBMS), thus ensuring trouble-free operation. The following examples are intended to elucidate the large variety of potential threats involved here.

Selection of an unsuitable standard database system:

The selected DBMS cannot be executed in the designated runtime environment. This might be due to the fact that the DBMS is only compatible with a particular operating system or that the hardware used does not fulfil the minimum requirements.

The selected DBMS constitutes a security risk because the security mechanisms provided by the manufacturer are not sufficient for ensuring the required availability, integrity and confidentiality of the data.

Incorrect installation or configuration of the standard database system:

Further threats might be posed if the security measures recommended by the manufacturer are ignored or incorrectly implemented.

Example:

The physical distribution of the data is not sufficient (if the DBMS provides for physical distribution).

Example:

Parameters that are set incorrectly can prevent access to certain data.

Example:

Poor database concept:

Missing database relations between individual tables can impair the consistency of data and the integrity of the database.

If application-specific data is not stored on separate physical media, the failure of a single hard disk can lead to the failure of all applications.

If no database triggers or s tored procedures are used, inconsistencies might arise in the data if an application, itself, does not take this into account..

The poor concept regarding the use of database triggers and stored procedures can impair the integrity of data and result in uncontrolled manipulations

home