Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Lost in the Noise

By Steve Jones,

I'm glad I have well water. Not that it protects me, but it provides some insulation in the event that the local water company's systems were hacked and unclean water released. That hacking could happen, and the person in this piece speculates it is happening after a water authority honeypot attracted hackers from all over the world. It's scary to think how the world may change when any individual, as well as any country, could attack our digital systems. It means security is more and more important all the time.

As I read the article, I looked for a positive in the experiment. Was there something to take away from this research? The thing I thought of was the way in which hacker traffic was drawn to this system. Not that hackers were not also investigating other systems, but if honeypots existed, perhaps in enough places, would the additional targets provide more security?

That's an interesting idea. What if you had CRM/Sales/Inventory systems that were available for port scans, and hacks, but didn't connect to banking systems and had test/dummy data? Would a few of these provide some security by luring hackers into spending their resources on these systems instead of real systems? What if you had 4 or 5 instances of SQL Server, probably Express, responding to port scans and providing a relatively easy target. You could monitor these systems, and perhaps be more prepared for real attacks when they occur.

I have long felt that we can't completely eliminate threats and secure our systems from any unauthorized access. What might be worse is that we may not be able to separate real queries from fake ones. What we need is better monitoring and awareness of the traffic to our systems. Perhaps if we had honeypots that we could monitor, we would be able to draw some hacking traffic, identify users that were unauthorized and then use that information to better protect, or audit, our real systems.

Total article views: 97 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Physical Security

The physical security of our systems might be a bigger problem in the future as more and more hacker...

FORUM

Security Managemen Systems

problem with Security Managemen Systems

ARTICLE

The Security of Interconnected Systems

We are interconnecting more and more computer systems and applications all the time. Security become...

ARTICLE

Corporate Hackers

A report says that most of the data lost in corporations is from employees. What can be done about i...

FORUM

System Security Plan (examples) ?

I'm having to draft a System Security Plan for my org for SQL Server instances. to repeat [sorry] I...

Tags
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones