Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Auditing Matters

By Steve Jones,

There's been some reporting about Yahoo Mail getting hacked and potential issues recently. I ran across this piece that talks about what happened and it's an interesting read, but there's one quote that stuck with me: "Yahoo reported on its Tumblr that it had detected “a coordinated effort”—basically, an attack—by somebody trying to gain access to user accounts."

It's not the notification or the proactive resetting of accounts, but the detection that resonates with me. We'll never stop all hack attacks. We'll never plug all the holes in software. We'll never anticipate the ways in which our systems might be compromised, but we can detect issues. I think more often than not we can deal with any hacks or attacksif we are aware they took place.

We have some login auditing in SQL  Server, an auditing and eventing framework, and the ability to capture and store this data. However we don't have good proactive tools to help us detect issues. I'd like to see enhanced tooling to allow us to review log data, write alerts that look for patterns, and more. While much of this can be built by DBAs, it requires use to develop and maintain software, and even then it's easy to miss potential attack vectors if you don't constantly supplement your knowledge and enhance your tools.

Given what we have to work with, I'd encourage you to learn a bit about the different frameworks and gain some basic skills with the tools. I'd also encourage you to think about writing queries to look for potential hacking issues, like updating all of your lookup values to the same string, or embedding script tags in your data. I'd encourage you to write or speak about what you learn, and how you use the information. If you'd like to write software to make the task easier, that would be great.

I'd also encourage you to befriend your network or security administrators and teach them how to query their own lo data. Lots of their tools collect data, but provide poor query tools for the information. Perhaps you can even build them a data warehouse that allows them to tighten security by examining their own data.

Total article views: 133 | Views in the last 30 days: 3
 
Related Articles
BLOG

Detecting Fake Reviews

I saw this write up about Cornell coming up with a way to detect fake online reviews with about 90%....

BLOG

Panic Attack

I had a minor panic attack recently where I was getting ready for bed and all of a sudden thought......

FORUM

injection attack

injection attack to saeed

ARTICLE

An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.

FORUM

doing detective work

detective work

Tags
auditing    
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones