Database Security

Data Integration and App Integration {1}

by Mike Y

            The Information Weekly article compares data integration and app integration. Application integration should be about the communication of even such as transactions or messages between applications while data integration should be about the flow of standardized data. Both are different and distinct and require different approaches when they are being implemented. The problem arises when vendors attempt to be vague about data standards guised as compatibility in order to appeal to a wider range of companies. read more...

Data is Power {1}

by Cole O’C
Since we are looking into linking database with websites via ASP.NET, and Google just consolidated their database for all their users, I thought it would be worth talking about. Last Thursday, March 1, Google removed the barriers that legally stopped them from linking all of a person’s electronic data together. Before, it kept things separately, such as your Google searches, the videos you have watched on YouTube, where you have gotten directions to on Maps, and so forth. Now, all of that data is mingled together in order to let Google sell you what they think you most want. “If you watched football clips on YouTube, an ad for upcoming matches might appear beside your [Gmail] inbox.” This gives Google a tremendous amount of power over the web experiences of literally countless amounts of people. One of the largest concerns to crop up since these changes is, “What if Google got hacked?” It is now safe to assume that every intelligence agency in the world wants access to the Google data servers. The amount of information that Google has in its servers is completely ridiculous, but in and of itself is not worth a cent more than the servers storing the data. Using data correctly is a staple of being a successful business in the modern world, no matter the amount of data available. read more...

The Solution to Hackers? Hire Them! {6}

by Jongwoo Y
This article deals with the problems that many companies have been facing with the birth of the information age, hackers. Companies such as Sony, Zappos, and even the government have been targets of many different hacker groups. The author goes into detail about one group in particular, Anonymous. This group is viewed as a political movement, rather than just malicious hackers that are making businesses go crazy for no reason. Whenever Anonymous attacks a business’ database, it is politically motivated with recent events that the business has been a part of. The article suggests that when these hackers are actually caught, it would be more beneficial to help rehabilitate these hackers and actually hire them to help prevent future cyber attacks. A huge reason that supports this movement is that many of the hackers in today’s world are very young. A lot of the members of Anonymous that do the actual hacking for the group are between the ages of 14-22 (Rashid, 2012). Not only would it be harder to prosecute a minor for their actions; it would help shape the future of these young people and help them take a step in the right direction in their lives. An interesting analogy that the author of this article made was that when a group such as Anonymous disrupts an online business, it is debatable whether or not it is more damaging than actually physically picketing in front of a physical storefront. Due to the recent rise of “hacktivists” (hackers who have political motives), businesses and law enforcement have created a better system of sharing information with one another (Rashid, 2012). Misha Glenny states, “We have a lot of talent out there and we should start to think of developing methods so we can find incentives to channel those talents before it happens.”. This makes perfect sense for businesses, and is a great solution to combat cyber attacks. read more...

FORD’s Weak Database Security! {1}

by Abubaker D

Oracle’s Approach to Database Security {Comments Off on Oracle’s Approach to Database Security}

by Daniel L
Last week my blog post talked about McAfee’s database security offerings and how they were handling the security concerns of businesses.  Since database security is a key issue these days, especially with all these server breaches making the headlines, I wanted to cover another company’s approach at database security.  Oracle, the company known for its database management systems, has teamed up with F5 Networks to deliver a database firewall to the market.  Oracle is gearing this service to go up against database activity monitoring services offered by companies like Imperva and IBM.  The way the firewall works is by creating a barrier around the database, scrutinizing any of the SQL statements coming its way, ultimately determining if any immediate action should be taken to block the statement.  The firewall is capable of logging statements, sending out alerts if they are out of the ordinary, and it can even substitute SQL statements.  A company using the firewall can set up whitelist and blacklist policies which play the role of gatekeeper to the database.  Companies shouldn’t worry if they aren’t using a database system built by Oracle, the firewall is compatible with non-Oracle database platforms.  Moreover, Oracle and F5 have also developed a web application firewall. read more...

New Way of Thinking {Comments Off on New Way of Thinking}

by Monica G
With computer hacking on the rise, it’s no wonder people are looking at other ways to avoid these inconveniences. The author explains this new way of approaching password guessing attacks from unauthorized users; it is called PGRP (Password Guessing Resistance Protocol). With past ways, the ATT-based login protocols allowed for very few user free attempts without requiring more information and others fell on the other side of the spectrum where user convenience was all and ATTs where low but required other fields. Fortunately there is some type of middle ground, PGRP which allows the user to have a lot of password attempts without pestering with ATTs but it sometimes only works for users trying to enter from the same device. Because many times that is the problem, invaders will come from random places when the attacks occur, and when this does occur, PGRP usually only allows the user one attempt at most. read more...

Database Security and McAfee {1}

by Daniel L
The number of databases getting hacked or compromised keeps going up, but the question is, are there any counter-measures being used against these database breaches?  The answer to this question lies in the approach to database security McAfee has taken, providing businesses with protective countermeasures capable of thwarting the influx of potentially harmful intrusions.  McAfee offers businesses protection of data in every state, whether it is at rest or in use, through the combination of network and server security, along with encryption and file permission controls.  It is understood that safeguarding databases is one of the most difficult things to do, and this is where McAfee is trying to make a difference through their offerings.  The security solutions that McAfee offers include database discovery and assessment, protection of data, database management tools, and activity monitors.  First and foremost, information about all the databases belonging to an organization are collected, which ultimately determines if security patches have been properly deployed and installed, scanning for any possible vulnerabilities along the way.  Furthermore, McAfee ensures that critical data will be protected through the use of a firewall along with access restrictions of the users or applications with insufficient permissions.  Real time monitoring alerts are also used to warn database administrators of a possible intrusion attempt, giving them the ability to terminate sessions accordingly. read more...

More Database Protection {Comments Off on More Database Protection}

by Alexander V
Summary:

Most people have probably heard of McAfee and their security solutions for personal computers. Now, they recently announced a database security solution that would protect databases with no loss in performance.  According to the article, McAfee’s database solution will be based on their Security Connected Initiative which means that data will be protected in all states and all centrally managed. A survey by Evaluserve showed that databases were the most difficult part of IT to protect. This can be seen from the recent outbreaks in data breaches. In addition to that, the article states that a large amount of data breaches involved a database, and the majority of those breaches required technical skills to execute. McAfee’s approach to database security includes: “automated discovery and assessment”,” protection”, and “manage and monitor.” “Automated discovery and assessment” uses McAfee Vulnerability Manager which scans the network for databases and checks if they are up to date and whether they have any vulnerabilities.  Their “protection” involves three layers of protection: a network firewall, application whitelisting and  host intrusion prevention, and protection of the data. Last of all is “manage and monitor,” customer’s use McAfee’s Database Activity Monitoring software so they can monitor their databases and be alerted of real-time data breaches. read more...

Protecting Against Data Breaches {1}

by Alexander V
Summary

The article is about Application Security, Inc.’s (AppSecInc) DbProtect Precision DAM (Database Activity Monitoring) software. AppSecInc is a leading provider of database security solutions who introduced their DbProtect Precision DAM software in response to the recent rise in breaches of database security. This software was designed to be low-maintenance and easy to use, addressing the main reason why many organizations do nothing to prevent security breaches—complexity. According to the article, a recent survey conducted at the 2011 Gartner Security &Risk Management Summit found that more than 90% of attendees had high profile breaches similar to Sony and only 23% took preventative measures. In addition to that, the article states that Verizon’s 2010 Data Breach Report showed that 96% of breaches could have been easily avoided. Josh Saul, the CTO of AppleSecInc states that thieves thrive off the inactivity of organizations in preventing data breaches. DbProtect Precision DAM provides efficient and effective monitoring based on user-defined policies such as “reduction in the scope of required database activity monitoring” and “reduced risk of data loss.” The software also “allows organizations to monitor for deviations from normal authorized activity”; examples include monitoring privileged user activities and new avenues of attack. read more...

Just Another Hack? {Comments Off on Just Another Hack?}

by Monica G
Summary:

It has become obvious that we do not live in a perfect world, but with everyone logging online and purchasing so much via Internet, you would think companies have prepared themselves, meaning protecting our private information from outsiders. Of course this is not the case, every day we are hearing about more corporations becoming victims of hackers. And guess who suffers from these occurrences, the average consumer; our private information is taken by these people. This was exactly the case for STEAM, an electronic videogame distribution service. At first the company assumed that the invaders only attacked their announcement board because that was caught first, but the problem had a deeper root. The hackers were able to enter the customer database and retrieve encrypted passwords along with credit cards information. As of now, the damages are unknown but STEAM is advising its’ customers to change their passwords and monitor their credit card statements for any suspicious activity. read more...