Lacking security for databases {1}

by Edwin T
Hackers attacking a network are ususally trying to go after the database.  The article i read discussed the measures some companies take in order to protect their databases.  Unfortunately, they are not good enough.  Companies such as Epsilon and Sony have suffered attacks where information gets stolen, this is because they believe protecting their perimeter is sufficient to protect the database.  Firewalls and security protocols are essential but organizations should be thinking about implementing new security measures.  “the closer we get to the data, we see fewer preventive controls and more detection measures” said Josh Shaul, CTO of Application Security.  Having continuous real-time monitoring that detects suspicious or unauthorized activity allows security administrators to stop anyone from accessing information they shouldn’t be accessing.  SQL injection remains a  very popular way to trick the database into returning results.  Continuous monitoring is new technology that is catching on quick and many companies are implementing it to have something to rely on if the perimeter security measures are breached. read more...

Oracle’s Approach to Database Security {Comments Off on Oracle’s Approach to Database Security}

by Daniel L
Last week my blog post talked about McAfee’s database security offerings and how they were handling the security concerns of businesses.  Since database security is a key issue these days, especially with all these server breaches making the headlines, I wanted to cover another company’s approach at database security.  Oracle, the company known for its database management systems, has teamed up with F5 Networks to deliver a database firewall to the market.  Oracle is gearing this service to go up against database activity monitoring services offered by companies like Imperva and IBM.  The way the firewall works is by creating a barrier around the database, scrutinizing any of the SQL statements coming its way, ultimately determining if any immediate action should be taken to block the statement.  The firewall is capable of logging statements, sending out alerts if they are out of the ordinary, and it can even substitute SQL statements.  A company using the firewall can set up whitelist and blacklist policies which play the role of gatekeeper to the database.  Companies shouldn’t worry if they aren’t using a database system built by Oracle, the firewall is compatible with non-Oracle database platforms.  Moreover, Oracle and F5 have also developed a web application firewall. read more...

The all “new” Database Firewall {Comments Off on The all “new” Database Firewall}

by Stephen O
It slices, it dices, it makes healthy meals in thirty minutes flat, unclogs drains with ease, and will fold your laundry! Okay maybe it does none of that, but what it does do is offer a small peace of mind when it comes to Database protection.  This year was known as the Year of the hacker, with hacking stealing the headlines away from shark attacks, missing children, and celebrity rehab news (Thankfully). People have known about hackers for ages, but this last summer hacker groups such as Anonymous and LOLZSEC made everyone feel a little less safe. Sony was a focus of several attacks, and millions of people were affected by one attack alone. The Spree of hacking brought the hacking problem into the public eye. What is even more freighting is how easy it is. read more...

Internet Abuse in the workplace {2}

by Rafael F
Information Systems e-Business Management Journal Volume 6 page 419-439

This article focuses on a very important issue that has plagued the workplace for many years. It is referring to the misuse of the internet by employees. This misuse is referred to as Internet abuse in the workplace. Such abuse can lead to network congestion, security risks, and even sexual harassment (p. 420). It goes on to explain how several companies are implementing or have begun to implement filtering software that will help detect and hopefully stop this abuse. The essence of this paper is to introduce a study on Text Mining which is a new form of detecting websites that should be blocked. Traditional web blocking is limited to predefined words that place websites into certain categories. This can lead to blocking sites that really should not be blocked. Text mining however, treats each web page as a document and goes through each page and classifies it as potential abuse or not. It did not really explain how it determines what is abusive and what is not. What it does mention several times is that text mining is a complement to filtering software that is out on the market. read more...