Content

Debate

For,
by Guatam Vij,
product management, Symanted Database Security, Symantec

To ensure the security of their databases, without compromising the accessibility of data, organizations require tools that detect malicious activity from legitimate users and hackers in real time, provide clear visibility into database activity, have zero performance impact, and satisfy regulatory compliance needs.

Today's new appliances offer superior network sniffing technology to monitor real-time data activity over the wire, and provide real-time alerting to inform administrators of suspicious activity as it occurs. Policies can be built around patterns to control what gets flagged.

As appliances, these tools can be dropped in without making any changes to the database infrastructure. Moreover, by shifting audit responsibility to the appliance, an audit trail is generated, which helps meet regulatory requirements — but without the disruptive load traditionally placed on the database server. Also, because these tools sit on the network, they can be managed by security teams rather than database administrators in order to further meet compliance demands.

 

Against,
by Dr. Murray Mazer,
vp of corporate development and co-founder, Lumigent

It is seductive yet dangerous to think that monitoring traffic before it enters the database provides a sensible and complete approach to database security.

Monitoring network traffic does not tell you what actually happened. A credible, strong detective and mitigating control must capture the actual activity resulting from the submitted request. This is required for detecting out-of-policy behavior, forensics, alerting, audit, activity validation, fraud analysis, reporting - any security-related business process enabled by the technology. A tight coupling with the database is essential for completeness and credibility.

Simply monitoring network traffic comes with numerous vulnerabilities. It captures neither the activity of privileged users accessing the database directly nor execution of server-side logic. Monitoring encrypted network traffic becomes difficult or impossible. The list goes on.

Monitoring at the database itself eliminates these risks. Companies now recognize the value of an "inside-out" or data-centric approach.

 

THREAT OF THE MONTH:
Blackjacking

What is it?
With the use of the BlackBerry Enterprise Server (BES), a BlackBerry becomes a virtual computer on the corporate network, able to access any resources the BES server can. Blackjacking refers to gaining unauthorized access to a corporate network by installing a backdoor program onto a user's BlackBerry.

How does it work?
The BlackBerry platform allows users to install third-party programs by an over-the-air process. A user need only click on a specially prepared link on a web page and confirm the installation, and the program will be added to the BlackBerry applications menu. An application called BBProxy has been created that can tunnel a connection from an external host through the BES server and into the corporate network, bypassing the perimeter firewall.

Should I be worried?
Anyone could potentially provide a malicious download to a BlackBerry user, with some social engineering to entice them to install it.

How can I prevent it?
The BES server should not be located on the internal network, but rather in a DMZ where it is firewalled from all services except those the BlackBerry clients should be allowed to access. The BES server policy can be changed to disallow third-party application downloads.
— Joe Stewart, senior researcher, SecureWorks (formerly LURHQ)

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds