SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Auditing Matters

By Steve Jones,

There's been some reporting about Yahoo Mail getting hacked and potential issues recently. I ran across this piece that talks about what happened and it's an interesting read, but there's one quote that stuck with me: "Yahoo reported on its Tumblr that it had detected “a coordinated effort”—basically, an attack—by somebody trying to gain access to user accounts."

It's not the notification or the proactive resetting of accounts, but the detection that resonates with me. We'll never stop all hack attacks. We'll never plug all the holes in software. We'll never anticipate the ways in which our systems might be compromised, but we can detect issues. I think more often than not we can deal with any hacks or attacksif we are aware they took place.

We have some login auditing in SQL  Server, an auditing and eventing framework, and the ability to capture and store this data. However we don't have good proactive tools to help us detect issues. I'd like to see enhanced tooling to allow us to review log data, write alerts that look for patterns, and more. While much of this can be built by DBAs, it requires use to develop and maintain software, and even then it's easy to miss potential attack vectors if you don't constantly supplement your knowledge and enhance your tools.

Given what we have to work with, I'd encourage you to learn a bit about the different frameworks and gain some basic skills with the tools. I'd also encourage you to think about writing queries to look for potential hacking issues, like updating all of your lookup values to the same string, or embedding script tags in your data. I'd encourage you to write or speak about what you learn, and how you use the information. If you'd like to write software to make the task easier, that would be great.

I'd also encourage you to befriend your network or security administrators and teach them how to query their own lo data. Lots of their tools collect data, but provide poor query tools for the information. Perhaps you can even build them a data warehouse that allows them to tighten security by examining their own data.

Total article views: 149 | Views in the last 30 days: 1
Related Articles

Detecting Fake Reviews

I saw this write up about Cornell coming up with a way to detect fake online reviews with about 90%....


4 Common Misconceptions About SQL Injection Attacks

Photo by Jaanus Jagomägi on UnsplashInterested in learning more about SQL injection attacks, includi...


Panic Attack

I had a minor panic attack recently where I was getting ready for bed and all of a sudden thought......


injection attack

injection attack to saeed


An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.