Beating the breach

Getting to grips with best practices in database security and monitoring.


Things used to be simple. You could have on-site security guards and identity checks at the server room. You could stop outsiders from accessing your data by restricting physical access to the machines that process it.

In today's web-enabled world, that's no longer the case. To be useful, a company's data must be connected to the internet. That exposes it to more automated and targeted attacks than ever before. Hackers are highly motivated, with crime syndicates willing to pay hard cash for personal information hacked from customer databases. Should the database be breached, a company risks financial penalties from governments and credit card companies, as well as lost competitive advantage and customer trust. But defending the business requires companies to rethink how they protect their IT infrastructures.

Breach Analysis: Highest Risk is to Online Data Versus End-User Devices

The 2009 Data Breach Investigations Report from the Verizon Business RISK Team examines 285 million records that were compromised in 2008. While much media attention and security funding have focused on lost laptops and backup tapes, the study reveals some startling statistics: only 0.05 percent (1/20th of one percent!) of breached records came from mobile devices such as USB drives, end-user systems such as laptops, and offline data.

In comparison, the #1 source of breached records was database servers – which accounted for a massive 75 percent of all compromised records.

With the very real risks present at the core of their data centres, it may seem surprising that many businesses put almost all their focus into protecting the perimeter. They set up firewalls and IDS/IPS systems, and install AV software to scrutinise email attachments. They may even install Data Leak Prevention (DLP) solutions to examine USB devices and email and instant messaging (IM) traffic for sensitive data patterns. While these are important activities as part of a multi-layered, defence-in-depth strategy, they are not sufficient on their own.

The truth is that there is no longer a perimeter to protect. There are many ways the data in a database could fall into the wrong hands, and in most of these cases, a firewall isn’t going to do much good.

The Threat from Privileged Insiders

One of the primary threats comes from insiders. Privileged users such as database administrators (DBAs), developers and outsourced personnel typically have unfettered access to databases as part of their daily jobs.
It only takes one dissatisfied employee to cause a breach. Privileged users can also disrupt business applications by making unauthorised or even accidental changes to sensitive data – bypassing formal change control processes – and in most organisations, no one would know the difference.

External Attacks: SQL Injection

Let’s turn to external attacks. According to a recent IBM report, SQL injection attacks have now become the number one web application vulnerability, increasing 134 percent in 2008.

Most modern businesses use web applications, which are essentially windows into your most critical databases used by customers, partners and employees.

By typing malicious code into poorly-coded web forms, hackers can steal sensitive data and even plant malware on unsuspecting users that visit vulnerable sites. This type of attack completely bypasses traditional security measures because it leverages web applications to penetrate your perimeter.

Find your next job with computerworld UK jobs