The Data Detective
-
Can you tell if sensitive data is stolen? Do you have any way of determining when a data theft occurred? Is this less difficult than figuring out who stole the data?
I saw this interesting article on data breaches that talked about that very thing. Various data thefts or compromises occurred months before they were detected. For all the companies know the thieves used the data, discarded it, and were on their way to other things by the time anyone knew the data was gone.
That's the problem with digital assets. They can be stolen, but you don't know they're gone because you still have your own copy. It's a distressing problem and means that we really have a lot of work to do on writing more secure applications.
We've also got a lot to do on the monitoring front. The challenge in analyzing all queries and somehow determining which are false is a huge problem. If you've ever run Profiler on your production systems and watched the data scream by, you have an idea of how difficult this might be. Since none of us wants to use Profiler to track all data, some good third party tools are needed.
And some robust frameworks to handle the stream of data. This seems like something that might benefit from the work of Michael Stonebreaker of Streambase Systems.
This stream of data certainly might be something beyond what you'd want your SQL Server dealing with.
-
Thanks for the editorial and the pointer to the article.
This piece reminds me of a great book I read a while ago: The Cuckoo's Egg, by Cliff Stoll.
*** SPOILER WARNING - If you don't wan't to know these book details yet, skip the part below. ***
It's the story of an astrophysicist doing some work as a systems administrator in a California university (my memory's fuzzy, but I think it was a university), and how he suddenly gets thrust into a search for a hacker with intentions to steal military secrets.
What made the book so amazing to me is that Stoll discovers the break-in by spotting a tiny discrepancy in one of the logs that track costs for system usage. It's an amazing bit of detective work - and it's about UNIX, so the details were over my head but I still got the gist - because as a result of the tiny money discrepancy (less than $1.00 over a month), Stoll goes on to find that the hacker has exploited a flaw in a program that allowed him to substitute his own hacked version of that program, so even the OS is fooled! The hacker covered almost all of his tracks - except there was one hidden system he did not spot, and it was that system that revealed the tiny difference in system usage when compared with other logs.
And that's just the beginning of the chase! A lot of the book also covers Stoll's amazing discovery that at the time, laws against hacking were either too lenient, didn't cover the needed cases, or were even nonexistent.
*** ****
I wish someone would write a similar book about databases, maybe even something practical that DBAs can use for advice. Unless such a book already exists?
- webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html -
Can you even tell if data has been stolen? No, not always.
Thieves stole a laptop from the car of a VA employee last year with data on 26 million veterans and their dependents on it, and two months later the FBI recovered it. I got a letter from the VA saying, yeah, we lost your SSN, but we got the laptop back and it hasn't been accessed, so no worries. How do we know that the hard drive wasn't removed, cloned, and replaced? We don't. So I purchased a credit-watch subscription from EquiFax, at my own expense.
And I don't even get veterans benefits. Grrrrr.
There is no "i" in team, but idiot has two.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply