“mobile”/ adcombo
Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Common database security misconception

Discussion in 'Programming and Scripts' started by temi, May 7, 2008.

  1. temi

    temi Facilitator affiliate

    CTO of Sentrigo put together a list of commond misconception about database security, I find it quite useful, two of the misconceptions below, you can find the full list here

    “My databases are all behind firewalls and IDS/IPS so I’m protected”
    --Not so. Attacks can originate inside the organization, and even those originating from the outside can bypass firewalls and IDS/IPS. An SQL injection attack would use an open port via a web application, for instance, and if slightly altered from common SQL injection signatures it would easily evade IDS/IPS. 2. “We have full auditing turned on, so we know everything that’s happening in the database”--First off, it’s unlikely that you have full DBMS auditing turned on. You may have told the DBA to do it, and maybe he did, but then 5 minutes later he turned it off. Why? Because it made the database crawl. Additionally, even with full audit turned on you will only know of an attack after it already happened. Additionally, many privileged users can turn audit off or delete/tamper with the audit trail and do things without leaving a trace.
  2. terraleads
  3. bochgoch

    bochgoch Affiliate affiliate

    Then sack your DBA ... such a change should fully tested and additional resource applied to ensure that service levels are maintained.

    The CTO of Sentrigo is obviously an amateur!

Top Resources