SQLServerCentral Editorial

Auditing Matters

,

There's been some reporting about Yahoo Mail getting hacked and potential issues recently. I ran across this piece that talks about what happened and it's an interesting read, but there's one quote that stuck with me: "Yahoo reported on its Tumblr that it had detected “a coordinated effort”—basically, an attack—by somebody trying to gain access to user accounts."

It's not the notification or the proactive resetting of accounts, but the detection that resonates with me. We'll never stop all hack attacks. We'll never plug all the holes in software. We'll never anticipate the ways in which our systems might be compromised, but we can detect issues. I think more often than not we can deal with any hacks or attacksif we are aware they took place.

We have some login auditing in SQL  Server, an auditing and eventing framework, and the ability to capture and store this data. However we don't have good proactive tools to help us detect issues. I'd like to see enhanced tooling to allow us to review log data, write alerts that look for patterns, and more. While much of this can be built by DBAs, it requires use to develop and maintain software, and even then it's easy to miss potential attack vectors if you don't constantly supplement your knowledge and enhance your tools.

Given what we have to work with, I'd encourage you to learn a bit about the different frameworks and gain some basic skills with the tools. I'd also encourage you to think about writing queries to look for potential hacking issues, like updating all of your lookup values to the same string, or embedding script tags in your data. I'd encourage you to write or speak about what you learn, and how you use the information. If you'd like to write software to make the task easier, that would be great.

I'd also encourage you to befriend your network or security administrators and teach them how to query their own lo data. Lots of their tools collect data, but provide poor query tools for the information. Perhaps you can even build them a data warehouse that allows them to tighten security by examining their own data.

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating