Which of the following interfaces developed by Microsoft is a set of interfaces that enable applications to access data stored in a database Managem?

Database Servers

Database servers are used to store and manage databases that are stored on the server and to provide data access for authorized users. This type of server keeps the data in a central location that can be regularly backed up. It also allows users and applications to centrally access the data across the network. A large number of the databases used in your organization can be kept on one server or a group of servers that are specifically configured to protect data and service client requests.

The Configure Your Server Wizard does not include a configurable role for database servers. A database server is any server that runs a network database application and maintains database files, such as Microsoft SQL Server or Oracle. SQL Server is a high-performance database management system. It is used for data storage and analysis, and it provides users with the ability to access vast amounts of data quickly over the network. Because SQL Server provides additional measures of security that would not otherwise be available (as discussed in the “Securing Database Servers” section later in this chapter) and processing occurs on the server, transactions can occur securely and rapidly.

Data stored in database management systems is generally accessed through user interfaces that are developed by an organization or third parties. For example, a company might create custom applications in Visual Basic (or some other programming language), or use ASP on the Web server to display information that is stored in a database. While the user interacts with the data through the user interface, the data is actually stored in the SQL Server or Oracle database located on a database server.

III.B.1. Description

Database servers are networked computers on a network dedicated to database storage and data retrieval from the database. The database server is a key component in a client/server computing environment. It holds the database management system (DBMS) and the databases. In the database context, the client manages the user interface and application logic, acting as a sophisticated workstation on which to run database applications. The client takes the user's request, checks the syntax, and generates database requests in SQL or another database language. It then transmits the message to the server, waits for a response, and formats the response to the end-user. The server accepts and processes the database requests, then transmits the results back to the client. The process involves checking authorization, ensuring integrity maintaining the system catalog, and performing query and update process.

Database Server

Sybase database servers consist of a data server and a backup server. There are two processes of the Sybase database server, whereas an Oracle instance has five mandatory processes: SMON (System Monitor), PMON (Process Monitor), LGWR (Log Writer), DBWR (Database Writer), and CKPT (Checkpoint). The optional ARCH archive process writes filled redo logs to the archive log location(s). In an Oracle Real Application Cluster (RAC), the various ARCH processes can be utilized to ensure that copies of the archived redo logs for each instance are available to the other instances in the RAC setup should they be needed for recovery. Additional Oracle background processes include the CJQ job queue processor, CQJ0 job queue controller, FMON mapping libraries, LMON locking manager, and MMON collector for AWR (Automatic Workload Repository). It is good to understand the server architecture differences between these two databases; however, these differences will not have an adverse effect on your migration project and estimates.

A key difference is that the Sybase data engine can have multiple databases within one engine. Oracle, on the other hand, has one database for the entire data engine. This can cause customers to believe they need to create an Oracle database server for each Sybase database. This is not the case, as Oracle has the concept of schemas (i.e., a database user). Therefore, a Sybase database is mapped to an Oracle schema.

8.4.3 Memory Options

The database server uses physical memory for caching pages from disk. While operational database systems often deal with small transactions, data warehouse systems deal with large queries (referring to the amount of data being touched by the query). In addition, a query often requires multiple passes to deal with large tables; having the table already in memory can greatly improve the performance [23]. If SQL Server doesn’t have enough memory available to complete the operation, it uses hard disk storage, for example by using page files, tempdb or re-reading database pages from disk. Therefore, the more RAM the data warehouse system provides to Microsoft SQL Server, the better.

Revoke PUBLIC Permissions

Every database server platform has a default role to which every login belongs, usually called the public role, which has a default set of permissions that includes access to system objects. Attackers can use this default access to query database metadata to map out the database schema and target the juiciest tables for subsequent querying, such as those storing application login credentials. The public role is also commonly assigned permissions to execute built-in system stored procedures, packages, and functions used for administrative purposes.

Usually you cannot drop the public role; however, it is recommended that you not grant additional permissions to the public role, because each database user inherits the permissions of this role. You should revoke public role permissions from as many system objects as possible. Additionally, you must revoke superfluous permissions granted to the public role on custom database objects (such as application tables and stored procedures) unless a justifiable reason for the permissions exists. If necessary, you should assign database permissions to a custom role that you can use to grant a default level of access to specific users and groups.

System Command Execution

For PostgreSQL database servers prior to Version 8.2, you can use the following SQL to import the system function from the standard UNIX libc library:

CREATE OR REPLACE FUNCTION system(cstring) RETURNS int AS '/lib/libc.so.6',

'system' LANGUAGE 'C' STRICT;

The system function can then be called by executing the following SQL query:

SELECT system('command');

Current versions of Postgres require that external libraries be compiled with the PostgreSQL PG_MODULE_MAGIC macro defined. To achieve code execution via this method you will need to upload your own shared .so or .dll file with the appropriate PG_MODULE_MAGIC macro enabled. See the following resource for further information:

www.postgresql.org/docs/8.2/static/xfunc-c.html#XFUNC-C-DYNLOAD

Configuring the Backend Database

The first step in the initial configuration process is to configure a backend SQL Server database. As I mentioned before, I will be configuring GFI EventsManager to use a SQL Server 2005 Developers Edition database rather than a SQL 2005 Express Edition Database. Keep in mind though that other versions of SQL Server are also supported, and that the SQL Server database does not have to reside locally.

To configure the SQL Server database, perform the following steps:

Click the Click Here To Configure link, found in the Configure SQL Server Database Backend section.

Windows will now display the Database Backend properties sheet, which prompts you to enter the name of the server and database you want to use. Enter either the name or the IP address of your database server, followed by a backslash, and then the name of the database instance. For example, I have a SQL Server instance named GFI installed on my local server. Therefore, I am using GFI\GFI as the server name. If your database is not installed locally, then just replace [local] with the NetBIOS name or IP address of your database server.

Enter EventsManager into the Database field.

Choose the Windows Authentication option, as shown in Figure 13.4.

Click OK.

GFI EventsManager will now create the necessary database. When the process completes, click OK.

Handling Malware

Malware infecting a database server can be a serious problem. The result may be loss of data, loss of access to the database, or loss of control of the database server’s hardware. Protection against malware is typically provided by “virus protection” software running on firewalls and the servers themselves.

Most current virus protection software handles worms, Trojan horses, and bots, as well as viruses. The most important thing to keep in mind, however, is that there is an ever-escalating battle between those who write malware and those who produce the virus protection software. As soon as a new threat is identified, the software developers rush to add the new malware to their protection database; the malware producers then write new malware that is typically more powerful and sophisticated than previous releases. You can never be completely safe from malware because there is always a lag, however short, between the detection of a new piece of malware and the updating of virus protection software to handle that malware. The best you can do is to update the database that accompanies your virus protection software regularly.

8.4 Implementing Transformations in Wrappers or Mappings

Wrappers on SQL database servers are usually straightforward. In principle, in such a wrapper the data passes one-to-one from the relational source table to the relational virtual table. For wrappers on non-SQL data stores, such as XML documents and web services, it might be a different story. Languages such as XPath, XSLT, or XQuery are used to transform the nonrelational structure of the data store. If those languages are indeed used, extra processing can be added to those wrappers. For example, selections can be added to minimize the amount of data returned, projections can be added to minimize the number of columns returned, transformations can be added to change values, and so on.

This allows designers to choose whether particular transformations should be included inside the wrappers or inside the mappings of the virtual tables. This choice can have a serious impact on performance. If the module executing the wrapper executes the transformations faster than the data virtualization server can execute the mapping, then including them in the wrappers can speed up performance. Moving transformations to the wrapper can also minimize data transmission (Stage 8), but this only applies if the wrapper is really executed on the data store side.

Design Guideline 10: Include transformations in wrappers if the module executing them can do this faster than the data virtualization server can.

Configure the Backend Database

The next step in the initial configuration process is to configure a backend database. Technically, configuring a backend database is optional (as are all of the initial configuration tasks), but it doesn't mean that using a database is optional. It only means that you do not have to configure a database right this minute if you don't want to. Since the database plays such an important role in GFI EndPointSecurity, I want to go ahead and set it up now. For demonstration purposes, I will be configuring GFI EndPointSecurity to use a Structured Query Language (SQL) Server 2005 database. Keep in mind that other versions of SQL Server are also supported, and that the SQL Server database does not have to reside locally.

To configure the SQL Server database, perform the following steps:

Click the Click Here to Configure link found in the Configure Backend Database section.

At this point, you will see a screen prompting you to enter the name of the server and database that you want to use. Enter either the name or the IP address of your database server, followed by a back slash and the name of the database instance. For example, I have a SQL Server instance named GFI installed onto my local server. Therefore, I am using [Local]\GFI as the server name. If your database is not installed locally, then just replace [local] with the Network Basic Input/Output System (NetBIOS) name or Internet Protocol (IP) address of your database server.

Enter EndPointSecurity into the Database field. Choose the Windows Authentication option, as shown in Figure 8.4.

Choose the Use Windows Authentication option.

Click OK.

GFI EndPointSecurity will now create the necessary database, as shown in Figure 8.5. When the process completes, click OK.