Week 2 Written Assignment Encryption & Key Management

In our readings we have learned the importance of encryption of sensitive data across database
environments. We must consider data at rest and data transmission. Encryption allows securing
both production and backup copies of databases. The successful use of encryption depends upon
two main features: the strength of the encryption algorithm and the security of the decryption
key or process.

As you contemplate encryption and its use in securing databases, it is worthy to note the
statement made in your textbook:
Encryption provides protection of sensitive data for an unprotected medium. The sensitive data
and transmission has to cross unprotected media. We must consider the access to sensitive data
from users who access databases at the operating system and storage tiers.

You are required to complete BOTH Part A and Part B of the assignment.
Part A
Please write short essay answers discussing the following questions and submit in a word
document:
1. Give an example of why data encryption is needed and when you would use encryption.
2. Name three examples of data elements that would require data encryption (per
regulations such as HIPAA).
3. Compare and discuss the pros and cons between the use of hashing and the use of
encryption.
4. Discuss encryption key management techniques. What are some of the considerations and
issues? Give at least two examples of key management techniques.

Part B Lab Create Users and Tables

Phase 0: Creating and Running Scripts
This week you will be writing SQL/PL scripts to create users and tables and then run them in the
Oracle command shell, as noted last week.
In order to write a script, first open the virtual box and launch the virtual machine. Then open
the text editor.
You will then type the script into this file. When you are ready to save the file, you need to go to
File > Save As Next you will enter the filename and location. You can then save the file as
filename.sql. See the screen below
Now go to your Oracle terminal window and type sqlplus at the command prompt. Next enter
system for the userid and oracle for the password. At the SQL command prompt enter
@filename This will execute your sql script file. See the image above with the notes for more
details.
In addition to your text and notes, links to tutorials are provided in the left navigation panel
under Oracle and SQL/PL Resources
Phase 1: Creation of User Accounts
Scenario:

You have been assigned the task of writing a script for creating database users. The script will
perform the following tasks and conform to the following specifications:
1. Create the following two (2) users with their respective passwords. Please use the exact
spelling. (15 points)

User Name Password

DBSEC IS481%sec
VPD_CLERK1 Nancy#481

The following parameters apply to the above two (2) users.

2. The default table space is USERS.

3. The temporary table space is TEMP.

4. The user has to change his/her password the first time when he/she log in the database.

5. The user account will be assigned to the DEFAULT profile.

6. The USERS table space has a 30MB quota.

7. At the end of the creation, list the user information that shows a successful creation of the
above user account.

Tips:

a. You need system privilege to create new user. An easy way is to log in as SYSTEM before
running the script. Or, you may use "CONNECT system" or "CONNECT system/&password."
Upon running your script, you will enter the password. The password is what you entered in your
installation or oracle if you are using the prebuilt image.

b. You will write the script in Notepad or WordPad. In order to test it again and again, it is a good
idea to add one statement of dropping the user at the beginning of the script. The drop statement
will be like "DROP USER dbsec CASCADE."
c. A database dictionary view "dba_users" can be used to find user information. There are, of
course, other ways to do it, which are acceptable as well.
d. Please note that the password specification is case sensitive even though Oracle SQL
statement in general is not case sensitive.
Phase 2: Modify User and Create Tables

This part of the lab requires you to use all previous knowledge to create database objects and
populate data into tables. It will prepare you for database objects to practice various database
security techniques in this course.
You need to create one (the only one) SQL script that will complete the following tasks:

1. Connect to SYSTEM user. When you need to connect to SYSTEM users, please use a
syntax so that it will ask the user to type the password. A typical example will be:
"connect system;"
2. Change the password of the user "DBSEC" to "secc$1new." Please note that the period
"." is not a part of the password specification.
3. Grant the DBSEC user with "CREATE SESSION" and "CREATE TABLE" privileges.
4. Connect to DBSEC with the new password.
5. Create the following 5 tables under DBSEC schema.

DEPARTMENT with the fields:

DEPARTMENT_ID,
DEPARTMENT_NAME
Note: use DEPARTMENT_ID as the primary key

JOB
JOB_ID
JOB_TITLE
Note use JOB_ID as the primary key

EMPLOYEE
EMPLOYEE_ID
EMPLOYEE_NAME
Note use EMPLOYEE_ID as the primary key

CUSTOMER
CUSTOMER_ID
CUSTOMER_NAME
Note use CUSTOMER_ID as the primary key

SUPPLIER
SUPPLIER_ID,
SUPPLIER_NAME
Note use SUPPLIER_ID as the primary key

6. Populate the tables with your own sample data/

Tip:

To be able to repeatedly test your script, you may add "DROP TABLE table-name;" at the
beginning of your file to drop all tables.

Submission Requirement:
For each Phase 1 and 2 you will be required to submit the following:
The SQL script files will be required and the screen capture of the lab completed steps.
Grading Rubric

Criteria Excellent Competent Needs Improvement Total

Points
Possible
Use of (10 -9 points) ( 8- 4 points) (3-0 points) 10
Encryption Meets Proficient Provides Insufficiently provides
criteria and reasoning to reasoning for the use
substantiated with support use of of encryption
evidence to support encryption
use of encryption
Data (10 -9 points) ( 8- 4 points) (3-0 points) 10
Elements Discusses the data Discusses the Insufficiently describes
elements that should data elements the data elements that
be encrypted. Meets that should be should be encrypted.
Proficient criteria encrypted but
and substantiated with does not supply
evidence to support reasons behind
selection. selection.
Hashing vs (10 -9 points) ( 8- 4 points) (3-0 points) 10
Encryption Meets Proficient Provides Insufficiently provides
criteria and reasoning for reasoning for the pros
substantiated with the pros and and cons of hashing
evidence to support cons of hashing versus encryption.
reasoning for the pros versus
and cons of hashing encryption
versus encryption
Key (10 -9 points) ( 8- 4 points) ((3-0 points) 10
Management Meets Proficient Provides an Insufficiently provides
criteria and explanation of explanation of the key
substantiated with encryption management
evidence to explain password and techniques
key management key
techniques management
with examples
of key
management
techniques
Lab Phase 1 (30-27 points) (26-15 points) (15-0 points) 30
Creation of Submission includes Submission Submission does not
User both the script file and includes both include the both script
Accounts screen capture of the script file and file and screen capture
creation of accounts screen captures of the creation of
of the creation accounts and contains
of accounts but errors
contains errors.

Lab Phase 2 (30-27 points) (26-15 points) (15-0 points) 30

Modify User Submission includes Submission Submission does not
and Create both the script file and includes both includes both the script
Tables screen capture of the the script file file and screen capture
creation of tables and and screen of the creation of
modification of user capture of the tables and modification
accounts creation of of user accounts or
tables and contains errors.
modification of
user accounts
but has errors