Database_Attacks - Dark Reading

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Dark Reading 1 of 5 5/9/2008 2:49 PM Hacker's Choice: Top Six Database Attacks It doesn't take a database expert to break into one MAY 8, 2008 | 6:20 PM By Kelly Jackson Higgins Senior Editor, Dark Reading It takes the average attacker less than 10 seconds to hack in and out of a database -- hardly enough time for the database administrator even notice the intruder. So it’s no surprise that many database attacks go unnoticed by organizations until long after the data has been compromised. And surprisingly, according to many experts, the database -- home of the enterprise’s crown jewels -- is still not secured properly in many enterprises. Malicious hackers are using shockingly simple attack methods to break into databases, such as exploiting weak passwords and lax configuration, and capitalizing on known vulnerabilities that go unpatched. And don’t even get us started on the epidemic of missing backup tapes: If the lost or stolen tapes are unencrypted, you’re toast if a bad guy gets hold of them. No hack required. “One of the biggest problems is that many database attacks are not even known” about, says Noel Yuhanna, principal analyst with The Forrester Group. “The typical database may have 15,000 to 20,000 connections per second. It’s not humanly possible to know what all of these [connections] are doing.” Hackers are well aware of enterprises' database patch dilemma -- in fact, they’re banking on a backlog. Gone are the days when companies could lock down a handful of databases in the data center: Most organizations today have hundreds, even thousands of databases to configure, secure, and monitor -- and remote users, customers, and business partners all need access to them. “The big thing that bothers me is when I go to a customer’s site, usually their [database] configuration is so weak that it’s easy to exploit. You usually don’t need buffer overflow or SQL injection [attacks] because the initial setup of the database is totally insecure,” says Slavik Markovich, CTO of Sentrigo, a database security vendor. Database attacks don’t have to be complicated with all of this low-lying fruit hanging around. “Those are basic configuration problems, so a hacker doesn’t have to do something really sophisticated because these easy things work,” Markovich says. So what are these hacks, and how can enterprises stop them? Here’s a look at the top six database hacks attackers are using today. Many of them take advantage of painfully obvious weaknesses in how organizations set up their databases. Some are more useful to the malicious insider; others are used by bad guys trying to get to valuable corporate data. Either way, the only way to lock down the database is to get to know where the bad guys are getting in. Hackers' top six database attacks:
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/14/2011 for the course CPE 549 taught by Professor Sparks during the Fall '11 term at University of Alabama - Huntsville.

Page1 / 5

Database_Attacks - Dark Reading

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online