Lacking security for databases{1}


by Edwin T
Hackers attacking a network are ususally trying to go after the database.  The article i read discussed the measures some companies take in order to protect their databases.  Unfortunately, they are not good enough.  Companies such as Epsilon and Sony have suffered attacks where information gets stolen, this is because they believe protecting their perimeter is sufficient to protect the database.  Firewalls and security protocols are essential but organizations should be thinking about implementing new security measures.  “the closer we get to the data, we see fewer preventive controls and more detection measures” said Josh Shaul, CTO of Application Security.  Having continuous real-time monitoring that detects suspicious or unauthorized activity allows security administrators to stop anyone from accessing information they shouldn’t be accessing.  SQL injection remains a  very popular way to trick the database into returning results.  Continuous monitoring is new technology that is catching on quick and many companies are implementing it to have something to rely on if the perimeter security measures are breached.

Although we haven’t discussed security as much in class, i believe this is a very important topic that will benefit us as students and future professionals.  This article mentions SQL injection which was mentioned in class a couple of weeks ago.  This is in fact a nifty trick to get results from a database, by inserting SQL code into forms.  From what we’ve learned in class so far, the data contained in a database is very important as it may contain sensitive information about a customer such as credit card information.  This is what happened with Sony.  They were infiltrated and that data was stolen and distributed to the public.

I really enjoyed this article, it introduced me to new methods of infiltration such as SQL injection and also ways to prevent it by implementing real-time monitoring.  It does require more man power but i believe the trade-off is justifiable.  As technology progresses, hackers will find means to breach firewalls and when the perimeter fails, the data will be exposed unless measures are taken.

Citation:

Rashid, Y, F. (2011, February 6). Cyber-Attacks Highlight Need to Focus on Stronger Database Security. Retrieved from http://www.eweek.com/c/a/Security/CyberAttacks-Highlight-Need-to-Focus-on-Stronger-Database-Security-342260/