Skip navigation.

Chris Foot

Syndicate content
Remote DBA Experts Blog
Updated: 2 hours 14 min ago

How invested are millennials in cybersecurity?

Wed, 2015-01-28 00:30

As 2014 is increasingly becoming known as "the year of the breach" among some, security analysts are looking toward the future.

Specifically, these professionals are wondering whether millennials will exercise cybersecurity best practices or disregard them as basic accommodations. In addition, some fear that this generation isn't interested in making careers as data protection specialists.

A case of misplaced values?
Millennials aren't ignorant of the prevalence of database security monitoring and other IT asset defense services – they essentially grew up with the Internet at their disposal. They're aware of the security breaches that occurred at Target and other major corporations, but Dark Reading's Chris Rouland maintained millennial concern for cybersecurity pales in comparison to the way they value organic food, for instance.

Rouland asserted that millennials essentially regard security breaches as a part of daily life. After famed mobile app Snapchat was infiltrated, divulging user photos and personal information, the app's usage rose in the aftermath of the ordeal.

Services can only go so far
Essentially, the millennial culture expects these incidents to occur. Furthermore, it appears they have completely sacrificed any sense of privacy. The problem for enterprises is wondering whether this attitude will permeate into operations. Rouland referenced a survey of millennials conducted by TrackIT, which found that millennials "aren't concerned about corporate security when they use personal apps instead of corporate-approved apps."

An organization could have the best team of network and database analysts on the planet at its disposal, but if its employees are disregarding rudimentary security protocols, it makes the jobs of cybersecurity professionals that much more difficult. The idea that "there's always going to be a breach" could be eliminated if greater value for corporate security was prevalent.

Little interest in a career path?
If millennials' general attitude toward cybersecurity persists, it would be easy to assume they wouldn't pursue the topic as a career. However, maybe organizations and professionals are missing the mark: What if the issue lies not in a generation's lack of care, but ignorance?

A survey conducted by Raytheon discovered that approximately one-quarter of millennials want a job in cybersecurity. However, awareness of technology wasn't ubiquitous among participants. The largest number of respondents asserted they wanted careers as app designers and developers while others strove to become computer software engineers.

So why is cybersecurity getting the short end of the stick? Two-thirds of millennials reported they either "don't know" or "aren't sure" about what being a cybersecurity professional entails. In this regard, education seems to be the best course of action.

The post How invested are millennials in cybersecurity? appeared first on Remote DBA Experts.

SQL Server gains several notable features

Tue, 2015-01-27 01:01

Cloud migration tools, hybrid cloud compatibility features and analytics capabilities are just a few of the accommodations database administrators are favoring nowadays. Throughout 2014, Microsoft made a number of revisions to its signature database engine SQL Server, which is a solution of choice among many DBA experts. 

Azure synchronization 
Microsoft Azure, which encompasses Microsoft's varying cloud services, is witnessing slow but persistent adoption rates among enterprises. For professionals using on-premise SQL Server deployments interested in either migrating these implementations to Azure or developing a hybrid cloud environment, Azure Active Directory Sync Services (ADD Sync) is expected to make these endeavors all the more simple. 

Compatible with both Azure Active Directory and Office 365, the tool replaces DirSync and eliminates the need for a Forefront Identity Management program, according to WindowsITPro. The source acknowledged ADD Sync offers the following enhancements:

  • DBAs can now synchronize multi-forest AD ecosystems without requiring access to functions within Forefront Identity Manager 2010 R2. 
  • ADD Sync sets advanced mapping, provisioning and filtering rules for objects and attributes.
  • The solution offers configuration options that allow Exchange organizations to connect to one ADD tenant. 

Satisfying DB2 migration needs 
Transitioning information from IBM's DB2 database engine to SQL Server is a decision some DBAs choose to make based on a number of reasons. InfoQ noted SQL Server Migration Assistant's sixth iteration was unrolled in 2014, and promises to automatically conduct migration assessment analyses, schemas and SQL statement conversions, making migration more manageable for DBAs. 

Best of all, because DB2 offers functions that SQL Server does not, SSMA for DB2 v6.0 establishes DB2-esque features in SQL Server to help easy workflow adaptation for DBAs. However, what these specific tools and applications are has not been publicly disclosed. 

Integrated analytics 
While Power BI offers a list of data analytics tools via Excel and Office 365, one of the program's components is a natural language query engine that enables users with little to no technical now-how to enter questions regarding aggregated information. 

To further synchronize back-end database information in SQL Server with this simple query function, SQL Server now comes with a Power BI Analysis Services Connector that enables users to establish a relationship between Power BI and an on-site occurrence of SQL Server Analysis Services. However, before a connection can be set, DBAs must install Active Directory Sync between Azure and their employers' on-site Active Directories. 

Microsoft's development leaders are obviously interested in enhancing SQL Server to accommodate more than just DBAs, and are trying assiduously to boost the solution's simplicity and capabilities. 

The post SQL Server gains several notable features appeared first on Remote DBA Experts.

Backdoor vulnerability puts Oracle database users at risk

Thu, 2015-01-22 00:37

Companies using Oracle's database engine to support their enterprise application and information storage needs should consider consulting Oracle experts to help them patch a bug that could allow infiltrators to completely take over their systems. 

Researcher identifies misconfiguration
Forbes contributor Thomas Fox-Brewster noted that Australian security researcher and hacker David Litchfield discovered a vulnerability that would allow any user to receive privileges that are only reserved for system administrators. This means a hacker could change user passwords, transfer financial information across the Web and perform a number of other actions.

"They have no record of the change, no documentation as to why one of their devs did it," said Litchfield in an email to Forbes.

It is likely Oracle is conducting an investigation as to how this flaw managed to fall through the cracks. Apparently, this bug and 10 others were fixed on Jan. 21, 2015. For enterprises using Oracle's e-Business suite, having an outside party conduct a thorough assessment of all user activity is a safe step to take. Any hints of malicious activity that may have been sanctioned by an index created in the DUAL table could indicate an instance in which a public user managed to manipulate the engine. 

What defines a "backdoor" vulnerability? 
The flaw discovered by Litchfield is classified as a "backdoor" flaw. This particular kind of bug allows a malicious actor to ignore normal authentication protocols and obtain remote access to a machine or application while remaining unprotected. Some of these backdoor vulnerabilities are relatively easy to exploit, which exacerbates the severity of these flaws. 

Software receives the brunt of attention from organizations in regard to backdoor flaws, but hardware isn't exempt either. The Next Web contributor Josh Ong noted that espionage agencies in the United Kingdom, Australia and the United States apparently banned the use of Lenovo PCs due to remote access bugs. However, this conclusion has been regarded as unsubstantiated.

Yet Ong cited a paper released by the Australian Financial Review that said intelligence entities banned the machines in the mid-2000s "after intensive laboratory testing of its equipment allegedly documented 'back-door' hardware and 'firmware' vulnerabilities in Lenovo chips." Specifics regarding these flaws or the alleged bans have not been disclosed to the public. 

Either real or perceived, it's important to have a team of analysts specializing in databases, operating systems and business applications sweep these assets for backdoor flaws. 

The post Backdoor vulnerability puts Oracle database users at risk appeared first on Remote DBA Experts.

Database popularity: Is Oracle still on top? [VIDEO]

Tue, 2015-01-20 14:14

Transcript 

Hi, welcome to RDX! While Oracle has often been regarded as the undisputed leader of database technology, other engines are growing more popular among database administrators.

DB-Engines, which ranks a solution’s popularity based on how many times a database is mentioned and searched for on the Web, found that Oracle’s database engine is still top of the line. In general, relational databases remained at the top of the list, with MySQL, Microsoft’s SQL Server and PostgreSQL bringing up the rear.

Although Oracle’s proprietary offering is at the top of the list, open source engines are receiving more recognition among enterprises, particularly MySQL and PostgreSQL. For business interested in deriving full value from these systems, partnering with a DBA expert with the know-how needed to do so is a guaranteed win.

Thanks for watching! For more database news, be sure to check in next time!

The post Database popularity: Is Oracle still on top? [VIDEO] appeared first on Remote DBA Experts.

IS flexes its hacking skills

Tue, 2015-01-20 01:00

The Islamic State in Iraq and the Levant has received much attention as of late, and not for nothing.

As the organization took a long time to prepare for its assault on Iraq, Syria, Israel, Lebanon and other states within the region that is considered the Levant, it's no surprise that the Islamic State group spent resources developing assets to be used in cyberwarfare.

US government caught off guard 
The United States military has not been exempt from the Islamic State group's cyberattacks. According to TechCrunch, Cyber Caliphate, a hacker organization that has associated itself with the Islamic State group, obtained control over United States Central Command's (CENTCOM) Twitter and YouTube accounts. The entity then tweeted a message titled "Pentagon networks hacked. AMERICAN SOLDIERS WE ARE COMING, WATCH YOUR BACK. ISI. #CyberCaliphate."

The aforementioned message also had links that supposedly led to confidential U.S. Army documents, although some have speculated that those files were either previously disclosed or are not highly confidential. Once the Twitter account was hacked, Cyber Caliphate members posted the following information:

  • Scenarios displaying how the U.S. would combat North Korea in the event the latter nation invaded South Korea
  • Three separate Army commands and 10 distinct Army service component commands 
  • A picture showing the interior of a U.S. military base taken through a PC camera
  • A message stating the group's intent to break into networks and the personal devices of soldiers

This particular instance is a sign that U.S. military databases are no doubt being targeted by the Islamic State group. Although the hack of CENTCOM's Twitter account was a demonstration of the organization's proficiency in cyberwarfare, more serious undertakings could lead to the disclosure of highly classified information. 

Duplicity, social media as assets
The Islamic State group also found a unique way to hack into smartphones by making an app titled "The Dawn of Glad Tidings" available for download via the Google Play store. IDG Connect reported that between 5,000 and 10,000 people have downloaded the app, aggregating 4.9 stars out of 600 reviews. The app allows users to receive updates from the Islamic State group, but the organization took over their phones as a result. 

Although Google Play has since removed "The Dawn of Glad Tidings" from its selection of apps, the program's moderate success demonstrates the technical prowess of its developers. 

In general, the Islamic State group's ability to use social media as a tool through which to attract new recruits should not be underestimated. Its use of social media could be argued as one of its most vital assets. 

The post IS flexes its hacking skills appeared first on Remote DBA Experts.

Cybersecurity bill may return to Congress [VIDEO]

Mon, 2015-01-19 08:12

Transcript

Hi, welcome to RDX! In response to increasing cyberthreats, lawmakers throughout the United States have considered implementing laws that would obligate organizations to take greater cybersecurity measures.

According to The Verge, one such legislator, Representative Dutch Ruppersberger, of Maryland, stated that he would reintroduce the Cyber Intelligence Sharing and Protection Act on January 9th. The bill proposes that corporations and government agencies share more information regarding cyberdefense, malicious behavior, and the like.

However, not every legislator is in favor of this bill. Many Web groups have viewed this bill as a means to encourage unjustified espionage on Web users. For obvious reasons, privacy is an incredibly sensitive subject among businesses and consumers alike.

Regardless of whether this bill is passed or not, monitoring all internal systems to ensure all vulnerabilities are assessed is a best practice. Leaving databases, networks and other assets exposed could lead to particularly damaging data breaches.

Thanks for watching!

The post Cybersecurity bill may return to Congress [VIDEO] appeared first on Remote DBA Experts.

The Database Protection Series– Common Threats and Vulnerabilities- Part 2

Fri, 2015-01-16 10:35

This is the third article of a series that focuses on database security. In my introduction, I provide an overview of the database protection process and what is to be discussed in future installments. In last month’s article, we began with a review of the various database vulnerabilities and threat vectors we need to address. In this article, we’ll finish our discussion of the most common threats and vulnerabilities. In the next installment of this series, we’ll take a look at the database vulnerability analysis process. We’ll begin by learning how to perform an initial database vulnerability assessment. In addition, we’ll discuss the importance of performing assessments on a regular basis to ensure that no new security vulnerabilities are introduced into our environment.

Unsecured Non-Database Files

It’s fairly obvious that, as DBAs, our focus will be on securing our sensitive database data stores. However, during the course of normal processing, the database often interacts with flat files and other objects that may contain sensitive data that needs to be secured. For our review, we’ll classify the data as we have always done – input or output. Input data that the database ingests or output data that the database generates.

Databases can receive data from a host of different mechanisms:

  • The database can retrieve data directly from other databases or be sent data from those systems. Database links in Oracle and linked servers in Microsoft SQL Server are often implemented to share data. If your sensitive database can be accessed using these features, you will need to take the additional steps required to secure those access mechanisms. Both Oracle and Microsoft have made improvements to the security of external database links, but the level of protection depends on how they are implemented. There will be times when this will require you to secure multiple database targets. It will broaden the scope of the security activities you will be required to perform, but the sensitive database data store will be vulnerable until you do.
  • Input files that are used by the database product’s load or import utility. DBAs can be pretty creative about using the database’s inherent toolsets to ingest data into their databases or transfer it to other systems. You will need to identify the data they contain and secure these files accordingly.
  • ETL products that extract, transform and load data into other data stores. ETL products are able to access data from a variety of sources, transform it into a common format and move it to the target destination. Each ETL product uses different strategies to collect and process the data. Identify what work files are used, how the product is secured and the sensitivity of the data that is being accessed as well as sent to other systems.
  • Middleware products that transfer data between disparate systems. Like ETL products, you will identify the sensitivity of the input and output, work files produced and how the product is secured.

Databases also have the ability to produce various forms of output:

    • Application report files that are either stored on disk or sent directly to printers. An in-depth review of the application report output the database generates will need to be performed. If the data being reported on contains sensitive data elements, you will need to determine if the printers are in secure locations, the personnel that have access to them and if the reports are stored on disk, how the storage is secured.
    • Flat file output generated by the database. Besides application reports that we just discussed, there are numerous methods that technicians use to generate flat file output from the database data store. Oracle external tables, export files, custom coded output files generated by developers and DBAs during debugging sessions, and system trace execution all have the capability to expose data. Everything from the spool command in SQL*PLUS to the PL/SQL util_file needs to be evaluated. A best practice is to provide a secure set of folders or directories in the operating system running the database and to not allow non-secure destinations to be utilized.
    • Database product and third-party database backup files. All leading database products provide the functionality to encrypt database backup files as do most third-party offerings. An analysis is required to determine how the data is encrypted, at what point in the process is it encrypted and how is the encryption mechanism secured.
Unsecured Data Transmissions

One of the more challenging tasks will be to identify the mechanisms used to transmit database data throughout the organization. You need to determine what’s being transmitted over the network wire as well as the wireless. One of the constraints I have in this series is that I can’t get into the details that would allow you to secure your connections to the target database. That’s far beyond the scope and intent of this series of articles. The series’ intent is to be a general overview of database protection best practices. All major database manufacturers provide a wealth of documentation on how to secure the communication mechanisms, encrypt data transfers as well as secure the operating system the database runs on. If you are serious about protecting data transmissions, a thorough review of vendor documentation is essential. In addition, you’ll need to become quite good friends with your network engineers as their assistance and expertise will be required.

Access Tools

Databases can be accessed using a variety of tools. That’s the benefit of using a database; you can interact with it using everything from Excel to a sophisticated enterprise-wide program suite. You will need to work with end-users, application developers and your security team to determine what happens to that data after it is retrieved from the database. For example, if a business user accesses sensitive data using Excel, where do they store the spreadsheets? The solution is to inter-weave the proper security procedures, constraints and end-point permissions to safeguard the data.

Application Hacks – SQL Injection and Buffer Overflows

SQL injection occurs when an attacker sends commands to the database by attaching it to web form input. The intent is to grant themselves privileges or access the data directly. In the past, hackers were required to manually attach the malicious code to the statement. There are hacking toolkits available now that allow them to automate the process. SQL injection attempts to confuse the database so it is unable to distinguish between code and data.

Here’s a couple of very rudimentary examples of SQL injection (as processed by the database):

SELECT name, address, SSN FROM employees WHERE lastname=”FOOT” or “x=x”

The program wants to return names, addresses and social security numbers for a specific employee. The attached   or “X=X” returns as true and allows the hacker to return all employees’ information.

SELECT name, address FROM employees where lastname=”FOOT” ;SELECT * from employees;

Most databases allow the use of delimiters to string statements together. In this case, instead of selecting just the name and address, the SQL statement injected at the end dumps the entire contents of the table.

Statements that use parameters as input, as opposed to using dynamic statements that generate the input values during execution as well as the use of stored procedures containing SQL code, prevent hackers from attaching malicious code to the statements. For example, in the or “x=x” example used above in a SQL statement using parameters as input (lastname = @lname), the database would look for the “x=x”value literally and fail to successfully process the statement.

A buffer overflow, also called a buffer overrun, occurs when the data being input to the buffer overflows into adjacent memory. The volume of input exceeds buffer size. This is a fairly complex hack, requiring a strong knowledge of the programming language using the buffer. The ease of performing the buffer overflow attack is based on the application language used, how the software is protected and how the developers write the code used to process data. By carefully coding input to a web application, the attacker is able to execute the code contained in the overflow. The hacker issues the commands to overwrite the internal program structures and then executes the additional code. The most common strategies of this hack are to crash the program, corrupt the data or have the code stored in the overflow execute malicious code to access data or grant authorities.  You’ll quickly find a listing of languages on the web that are vulnerable to buffer overflows.  Some are far more vulnerable than others.

I’ll be devoting an article to ongoing database security strategies. One of the key steps of that process will be to educate developers, DBAs, network engineers and OS administrators on how security best practices can be utilized to harden the application ecosystem. Although DBAs may feel that preventing SQL injection, buffer overflows and other application attacks are the responsibility of the development teams, the DBA must take an active role in their protection.

Privilege Abuse

Privilege abuse can be broken down into the following two categories:

  • Intentional Abuse – An example of an intentional abuse of privileges would be a database administrator, senior level application developer or business user accessing data they shouldn’t.
  • Non-Intentional Abuse- The user, in error, accesses sensitive data. The data is exposed unintentionally. Data stored in an unsecure directory, on a laptop that is subsequently stolen or on a USB drive, for example. The list of potential vulnerabilities is pretty much endless.

Disgruntled employees, especially disgruntled ex-employees, and those with just a general criminal inclination are common offenders. To safeguard sensitive data stores, the organization can ensure that background and credit checks are performed on new employees, only the privileges necessary for the employee to perform their work are granted and security credentials are immediately revoked upon termination for any reason. Once again, we will focus more on this topic in upcoming articles of this series.

Audit Trails (or lack thereof)

Auditing is not an alerting mechanism. Auditing is activated, the data is collected and reports are generated that allow the various activities performed in the database to be analyzed for the collected time period.

Identifying a data breach after the fact is not database protection. It is database reporting. To protect databases we are tasked with safeguarding, the most optimal solution is to alert in real time or alert and stop the unwarranted data accesses from occurring. We’ll discuss the various real-time breach protection products during our discussion on security monitoring products.

You will need to be very scientific when selecting the level of auditing to perform. Too much will lead to an excessive use of finite system resources. Auditing can place a significant impact on the system and database. Too little will give you the potential of missing critical security events that have occurred. An in-depth analysis of who and what is to be audited is an absolute requirement.

Auditing just the objects containing sensitive data elements and users with high levels of privileges are good starting points. Leading database vendors like Oracle, Microsoft and IBM all have advanced auditing features that reduce auditing’s impact on the system by transferring it to other components. In addition, most vendors offer add-on products that improve auditing’s capabilities at an additional price.

Auditing plays a critical role in database security, especially to those organizations that don’t have a real-time breach protection solution. Properly populated audit trails allow administrators to identify fraudulent activities, and the audit reports are often requirements for the various industry regulations including SOX, HIPAA and PCI.

Poor Security Strategies, Controls and Education

The two critical components that play a significant role in the database protection process are education and awareness; the awareness that your systems are vulnerable to breaches and not putting your head in the sand thinking that your systems aren’t potential targets. Pay a quick visit to the various websites that record data breaches. Although you will see information stating that organizations storing massive numbers of credit cards, like large retailers, are the most popular targets, you will also find that no organization is immune. Breaches occur daily, and all organizations are targets.

According to the Symantec 2014 Breach Investigations Report, companies with less than 250 employees accounted for 31% of all reported attacks. Visa reports an even more alarming statistic: 85% of all Visa card breaches occur at the small to medium-sized business level. The National Cyber Security Alliance SMB report states that 60% of small businesses close their doors within 6 months of a data breach.

When sensitive data is breached for any reason, it can threaten the survivability of your organization. The financial impact of the breach is not the only issue that affects companies that are victims of unauthorized data access. Loss of customer goodwill, bad press and legal penalties (lawsuits, fines, etc.) must also be considered.

After you realize the importance of protecting your sensitive database data stores, you need to transfer that awareness to your entire organization. DBAs can’t protect their environments on their own. All IT groups must become actively involved. Management buy-in is crucial. Expenditures on products and personnel may need to be made to improve the level of protection required to safeguard sensitive data assets. The organization has to commit the resources necessary to generate a well thought out enterprise-wide security strategy that requires that the appropriate level of controls be in place and audited regularly. If you don’t, I’ll be reading about your shop in the next data breach newsletter.

Learning how to secure your environments is like learning anything else. You will need to commit time to learning various security best practices. At an enterprise level, industry regulatory requirements like SOX, HIPAA and PCI DSS provide a laundry list of protective controls. Download the compliance control objectives. It will give your organization an excellent starting point. In RDX’s case, we decided to become PCI DSS and HIPAA compliant. PCI DSS contains a little over 300 separate security objectives and information about how those objectives are to be audited to demonstrate proof of compliance.

In the next installment of this series, we’ll take a look at the database vulnerability analysis process.

Thanks for reading.

The post The Database Protection Series– Common Threats and Vulnerabilities- Part 2 appeared first on Remote DBA Experts.

Chick-fil-A joins the payment card breach club [VIDEO]

Fri, 2015-01-16 09:26

Transcript

Hi, welcome to RDX. Given the number of payment card breaches that have occurred over the past couple of years, it’s no surprise that a fast food joint recently joined the list of companies that have been affected.

According to eSecurity Planet, Chick-Fil-A recently noted that a few of its restaurants have experienced unusual credit and debit card activity. Additional reports suggest that Chick-Fil-A is the link to approximately 9,000 instances of payment card loss. It’s possible that the perpetrators managed to steal payment card numbers from Chick-Fil-A’s databases, but analysts are still investigating.

First, it may be appropriate for Chick-Fil-A as well as other retailers to use tokenization, which will prevent hackers from accessing payment data. In addition, setting up a database security monitoring solution will allow specialists to receive alerts the minute a server records suspicious activity.

Thanks for watching!

The post Chick-fil-A joins the payment card breach club [VIDEO] appeared first on Remote DBA Experts.

President Obama takes stand against hackers

Thu, 2015-01-15 02:46

Legislation pertaining to cybersecurity is a topic of discussion that isn't going away. Cyberattacks are only less shocking nowadays because they've grown more commonplace.

Therefore, it's not surprising that President Barack Obama is taking a stance on the matter, especially upon seeing how the United States has "more to lose than any other nation on Earth" as far as cyber warfare is concerned, according to former National Security Agency employee Edward Snowden. Snowden recently conducted an interview with PBS as part of a documentary about cyber attacks, discussing the implications of what a major infiltration could do to a country. 

"I think the public still isn't aware of the frequency with which these cyberattacks, as they're being called in the press, are being used by governments around the world, not just the U.S.," said Snowden, as quoted by the news source.

Obama's response 
While the sanctity of the U.S. government's IT assets is obviously a priority, the president is advocating for protection of private industries as well. According to InfoWorld, President Obama recently announced the proposal of law in a speech to the Federal Trade Commission that would obligate companies to notify customers of a data breach within 30 days of the attack occurring. 

Obama acknowledged the various state-based laws regarding business transparency, but asserted that these mandates are not consistent, making a case for a federal law that would apply to all organizations based in the U.S.

"It's confusing for consumers and it's confusing for companies – and it's costly, too, to have to comply to this patchwork of laws," said Obama, as quoted by the source. "Sometimes, folks don't even find out their credit card information has been stolen until they see charges on their bill, and then it's too late."

What are the chances of the bill being passed? 
Whether the bill will be implemented into law depends on the sentiments of those in Congress. John Pescatore, the SANS Institute's director of emerging trends, spoke with InfoWorld about the proposed legislation, commenting that several iterations of a similar bill have entered both houses but have not been approved. 

What makes this particular iteration so different? For one thing, both Senate and House of Representatives majorities reside with the Republicans, so the president arguably doesn't have as much clout with the institutions as he would have otherwise. 

Regardless of whether the bill passes or not, organizations should not neglect to develop a recovery plan in the event any one of them suffers a major data breach. 

The post President Obama takes stand against hackers appeared first on Remote DBA Experts.

The last thing cybersecurity experts want: A ‘Skeleton Key’ for hackers

Wed, 2015-01-14 01:06

Imagine giving a skeleton key to your databases to a cybercriminal – obviously a situation everybody would like to avoid.

While the so-named type of malware doesn't work exactly like a skeleton key, it still poses a grievous threat to financial institutions, government agencies, retailers and other companies participating in different industries. 

What Skeleton Key can do for hackers 
According to Dark Reading, Dell SecureWorks Counter Threat Unit discovered "Skeleton Key" which is capable of circumventing Active Directory systems that use single-factor user authentication. The way the malware is presented to victims is what makes it so dangerous. Dell's report found that Skeleton Key is implemented as an in-memory patch on a machine's AD domain controllers, enabling the hacker who initiated the endeavor to give any user authorization. 

Essentially, using Skeleton Key eliminates the need for a cybercriminal to steal a user's login credentials or change his or her password. Don Smith, CTU's director of technology, informed the source that Skeleton Key also prevents behavioral analysis software from distinguishing an illegitimate administrator from a legitimate one.

"The Skeleton Key malware allows the adversary to trivially authenticate as any user using their injected password," explained Smith, as quoted by Dark Reading. "This can happen remotely for Webmail or VPN. This activity looks like, and is, normal end user activity, so the chances of the threat actor raising any suspicion is extremely low and this is what makes this malware particularly stealthy." 

The malware isn't perfect 
Although Skeleton Key may seem like the perfect tool for any cybercriminal, it's not without its own flaws. For one thing, Dark Reading noted that in order for a hacker to deploy the malware, he or she needs to have already obtained admin-level access to an organization's network. 

In addition, Forbes contributor Thomas Fox-Brewster noted that Skeleton Key also isn't "persistent," meaning it can be deleted once an infected Active Directory system is rebooted. Once this step is taken, perpetrators will not be able to sign into systems as employees. However, this particular vulnerability can be subverted by using a Remote Access Trojan, which would allow Skeleton Key to get back up and running. 

It's malware such as Skeleton Key that necessitates a comprehensive database security monitoring strategy. Ensuring all data is secure involves more than simply establishing "more robust access permissions" – rather, it consists of consulting a team of experts who know how to defend databases against malware and other intrusion techniques. 

The post The last thing cybersecurity experts want: A ‘Skeleton Key’ for hackers appeared first on Remote DBA Experts.

The greatest cybersecurity concerns of the new year [VIDEO]

Mon, 2015-01-12 09:29

Transcript

Hi, welcome to RDX! While cybersecurity experts may not have a crystal ball to tell them which threats will impact companies the most, it’s still important to prepare for the future.

So, what does the average data breach look like in 2015? More people are expected to use mobile payment solutions and other similar systems this year. As a result, it’s likely that cybercriminals will use any tactics at their disposal to infiltrate this technology and the protocols associated with it.

Forbes noted that experts also acknowledged how bugs in old open source software pose a threat to companies. One example of such a threat was the Heartbleed bug that was discovered in 2014.

Ultimately, using database security monitoring to ensure all back-end systems are protected and accounted for is a step organizations shouldn’t ignore. In many cases, this can be the last line of defense.

Thanks for watching! Visit us next time for more security news and tips.

The post The greatest cybersecurity concerns of the new year [VIDEO] appeared first on Remote DBA Experts.

The reasons behind nation-state hackers

Fri, 2015-01-09 01:15

There are the archetypal teenage hackers who advance their reputations by accessing restricted networks just for the thrill of it, and then there are cyberespionage masters who target the databases of nationwide financial enterprises and public entities. 

When one thinks of the latter, it's easy to imagine a character out of a modern spy movie. However, it's difficult to identify the exact reasons why a nation would use hackers to conduct covert cyber-operations on another country, or large businesses operating within a state of interest. 

Why nations infiltrate large banks 
According to BankInfoSecurity contributor Eric Chabrow, an attack on a major financial institution is usually conducted by a nation-state that is looking to obtain intelligence for the purpose of protecting or improving its economy. Bankers, analysts and economists working in the finance industry all have insight into how certain agreements, global shifts and other factors will affect the condition of national markets. 

Surprisingly enough, hackers contracted by a nation-state to infiltrate an organization such as JPMorgan Chase, for example, are likely not interested in stealing money or personally identifiable information. Philip Casesa, director of IT service operations at IT security education and certification company (ISC)2 agrees with this viewpoint. 

"A government-sponsored actor doesn't have the same goals as a crime organization – the objective is much bigger than that," said Casesa, as quoted by Chabrow. "It isn't stealing dollars – it's manipulating world politics by shifting the economic balance of power." 

Goals are elusive 
One of the reasons why many people opt to speculate as to what the intentions of hackers acting on behalf of nation-states are is that, sometimes, that's simply all that can be done. In a way, only organizations such as the U.S. National Security Agency and the Federal Bureau of Investigation identify concrete intentions behind a specific attacks. 

Yet there are times when journalists can scrutinize a clear pattern. Dark Reading noted that there have been a number of cases in which intellectual property owned by a person or organization within the U.S. was stolen by Chinese operatives. Think of the impact the automobile had on the 20th-century economy. If China could gain intelligence regarding a new invention that could impact the global market in such a way, it would establish itself as an economic superpower. 

All things considered, this particular topic deserves extensive coverage – the kind often found in a college dissertation. While a blog can provide a glance, a book can provide understanding. 

The post The reasons behind nation-state hackers appeared first on Remote DBA Experts.

How an employee mishap can reveal database login credentials

Thu, 2015-01-08 04:02

Sometimes, the most grievous data breaches are not incited by sophisticated cybercriminals using the latest hacking techniques, but everyday employees who ignore basic protocols. 

Internal threat 
Last year, Symantec and the Ponemon Institute conducted a study on data breaches that occurred throughout 2012. The two organizations discovered that an astounding two-thirds of these incidents were caused by human errors and system issues. Most of these situations were spawned by workers mishandling confidential information, organizations neglecting industry and government regulations and lackluster system controls. 

"While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious," said Ponemon Institute Chairman Larry Ponemon. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey."

Facebook's mistake 
ITWire's David Williams noted that Facebook employees accidentally divulged the username and password of its MySQL database by using Pastebin.com. For those who aren't familiar with the service, Pastebin allows IT specialists to send bits of code via a compact URL, allowing professionals to share the code through an email, social media post or simple Web search. 

As URLs are designed so that anyone can view a Web page, it's possible for a random individual to accidentally come across a URL created by Pastebin, allowing him or her to read the content within the URL. As it turns out, Sintehtic Labs' Nathan Malcolm learned that Facebook programmers were exchanging error logs and code snippets to one another through Pastebin. 

By perusing the Pastebin URLs, Malcom discovered Facebook shell script and PHP code. Williams maintained that none of this data was obtained illegally, nor did he receive it from a Facebook engineers. Instead, the code was "simply lying around the Internet in public view." 

MySQL entry 
It just so happened that one of the URLs contained source code that revealed Facebook's MySQL credentials. The server address, the database name as well as the username and password were available to the public. Although Facebook has likely changed these access permissions since the accident occurred, it's still an example of how neglect can lead to stolen information. 

Implementing database security monitoring software is one thing, but ensuring workers are following policies that prevent data from accidentally being divulged to the public is another – it's a step that shouldn't be ignored. 

The post How an employee mishap can reveal database login credentials appeared first on Remote DBA Experts.

How an employee mishap can reveal database login credentials

Thu, 2015-01-08 04:02

Sometimes, the most grievous data breaches are not incited by sophisticated cybercriminals using the latest hacking techniques, but everyday employees who ignore basic protocols. 

Internal threat 
Last year, Symantec and the Ponemon Institute conducted a study on data breaches that occurred throughout 2012. The two organizations discovered that an astounding two-thirds of these incidents were caused by human errors and system issues. Most of these situations were spawned by workers mishandling confidential information, organizations neglecting industry and government regulations and lackluster system controls. 

"While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious," said Ponemon Institute Chairman Larry Ponemon. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey."

Facebook's mistake 
ITWire's David Williams noted that Facebook employees accidentally divulged the username and password of its MySQL database by using Pastebin.com. For those who aren't familiar with the service, Pastebin allows IT specialists to send bits of code via a compact URL, allowing professionals to share the code through an email, social media post or simple Web search. 

As URLs are designed so that anyone can view a Web page, it's possible for a random individual to accidentally come across a URL created by Pastebin, allowing him or her to read the content within the URL. As it turns out, Sintehtic Labs' Nathan Malcolm learned that Facebook programmers were exchanging error logs and code snippets to one another through Pastebin. 

By perusing the Pastebin URLs, Malcom discovered Facebook shell script and PHP code. Williams maintained that none of this data was obtained illegally, nor did he receive it from a Facebook engineers. Instead, the code was "simply lying around the Internet in public view." 

MySQL entry 
It just so happened that one of the URLs contained source code that revealed Facebook's MySQL credentials. The server address, the database name as well as the username and password were available to the public. Although Facebook has likely changed these access permissions since the accident occurred, it's still an example of how neglect can lead to stolen information. 

Implementing database security monitoring software is one thing, but ensuring workers are following policies that prevent data from accidentally being divulged to the public is another – it's a step that shouldn't be ignored. 

The post How an employee mishap can reveal database login credentials appeared first on Remote DBA Experts.

5 Linux distributions for servers

Thu, 2015-01-08 01:06

When a professional says he or she specializes in Linux operating systems, some may be cheeky enough to ask "which one?"

The truth is, depending on how knowledgeable a Linux administrator is, he or she could create dozens of unique iterations of the OS. Generally, there are a handful that have either been developed by companies who then redistribute the open-source OS. Iterations vary depending on the functions and settings certain professionals require of the OS. Listed below are five different Linux distributions for servers.

1. Debian 
According to Tecmint contributor Avishek Kumar, Debian is an OS that works best in the hands of system administrators or users possessing extensive experience with Linux. He described it as "extremely stable," making it a good option for servers. It has spawned several other iterations, Ubuntu and Kali being two of them. 

2. SUSE Linux Enterprise Server 
TechTarget's Sander Van Vugt lauded SUSE Linux as one of the most accessible Linux distributions available, also recognizing it for its administrator-friendly build. The latter feature may be due to its integration with Yet another Setup Tool, a Linux OS configuration program that enables admins to install software, configure hardware, develop networks and servers and several other much-needed tasks. 

3. Red Hat Enterprise Linux 
Kumar maintained that RHEL was the first Linux distribution designed for the commercial market, and is compatible with x86 and x86_64 server architectures. Due to the support that Red Hat provides for this OS, it is often the server OS of choice for many sysadmins. The only "drawback" of this solution is that it isn't available for free distribution, although a beta release can be downloaded for educational use. 

4. Kali Linux 
As was mentioned above, this particular iteration is an offshoot of Debian. While not necessarily recommended for servers (and one of the latest Linux distributions) it has primarily been developed to conduct penetration testing. One of the advantages associated with Kali is that Debian's binary packages can be installed on Kali. It serves as a fantastic security assessment program for users concerned with database or WiFi security.

5. Arch Linux 
Kumar maintained that one of the advantages associated with Arch is that it is designed as a rolling release OS, meaning every time a new version is unrolled, those who have already installed it won't have to re-install the program again. It is designed for the X86 processor architecture. 

The post 5 Linux distributions for servers appeared first on Remote DBA Experts.

Is Oracle going mobile?

Tue, 2015-01-06 01:40

Factoring a mobile workforce into a business's enterprise application infrastructure is a consideration many CIOs are making nowadays.

Bring-your-own-device has a number of implications regarding database security, accessibility, operating system compatibility and a wealth of other factors. Constructing and maintaining an ecosystem designed to accommodate personnel using mobile devices to access enterprise software through public networks is more than a best practice – it's a necessity.

Oracle makes enterprise mobility a little easier
Enterprises using Oracle's E-Business Suite applications would do well to regard the developer's Mobile Application Framework, which allows developers to create single-source mobile apps capable of being deployed across multiple OSes. Nation Multimedia reported that MAF provides programmers with a set of tools that allows them to fabricate software that can satisfy the demands incited by the mobile workforce.

Oracle Asia Pacific Vice President for Asean Fusion Middleware Sales Chin Ying Loong spoke with the source, asserting that enterprises need platforms that allow them to provide apps through whatever devices their employees choose to use, whether they be Apple tablets or Android phones.

"The trick for organizations today is to implement their own end-to-end mobile platforms, and to keep things simple," said Loong, as quoted by Nation Multimedia. "Simplicity is crucial to the rapid and effective integration of business data with user-friendly mobile applications. The cloud in particular offers businesses an excellent back-end platform to support their mobility solutions in a simple and cost-effective manner."

Has the mobile workforce really arrived?
BYOD isn't a trend of the future, but an occurrence of the present. MarketsandMarkets found that the enterprise mobility market will increase to $266.17 billion in 2019 at a compound annual growth rate of 25.5 percent from 2014 to 2019. IDC predicted that by next year, the number of mobile employees will reach 1.3 billion – approximately 37 percent of the global workforce.

Smart Dog Services' Alison Weiss commented on these statistics, acknowledging that the average IT department has a budget of $157.00 per device per worker, an expenditure that is anticipated to reach $242 per device per employee by 2016.

Given these developments, it's important for enterprises to consider which kind of applications personnel will attempt to access via mobile devices. For instance, cloud storage services for saving documents, enterprise resource planning software and customer relationship management solutions are all technologies mobile workers would strive to use while on the go.

The post Is Oracle going mobile? appeared first on Remote DBA Experts.

Is your disaster recovery plan a disaster?

Wed, 2014-12-31 08:14

Transcript

Hi, welcome to RDX. You may think your disaster recovery strategy is rock solid, but is it as comprehensive as you would like it to be? Are you leaving any factors out of the equation?

Dimension Research recently conducted a survey of 453 IT and security pros based in the U.S. and Canada. The group discovered 79 percent of respondents experienced a major IT blackout within the past two years. Of those participants, only 7 percent felt confident in their ability to deploy recovery strategies within two hours of an incident.

To ensure information is transferred to functional facilities in the event of a disaster, enterprises would benefit from collaborating with remote DBAs. These professionals can help detail every aspect of the DR initiative and outline how continuity can be maintained.

Thanks for watching!

The post Is your disaster recovery plan a disaster? appeared first on Remote DBA Experts.

Taking it to the hackers: Going on the offensive?

Wed, 2014-12-31 08:04

Transcript

Hi, welcome to RDX! Firewalls, intrusion detection systems and database access security are all necessary for protecting information. However, some professionals are saying businesses could be doing more to deter hackers.

For example, why not make it difficult for them to infiltrate systems? Amit Yoran, a former incident response expert at the U.S. Department of Defense, believes data analysis programs must be leveraged to not only identify threats, but map out sequences of events.

Once complex infiltration strategies are understood, embedded database engines can deploy counter-attacks that exploit hackers' vulnerabilities. This allows organizations to effectively dismantle complex infiltration endeavors while enabling them to reinforce existing defenses.

Thanks for watching! For more advice on database security, be sure to check in!

The post Taking it to the hackers: Going on the offensive? appeared first on Remote DBA Experts.

Retailers face new threats this holiday season

Tue, 2014-12-30 08:31

Transcript

Hi, welcome to RDX! The holidays are underway, meaning shopping mall and e-commerce traffic is booming. It also means that hackers are redirecting their attention to retail point-of-sale systems.

Last year, cybercriminals were attacking databases holding credit and debit card information. However, their attention is being directed elsewhere. NuData Security's Ryan Wilk maintained that hackers are focusing on servers that are hosting user accounts. For instance, if a thief were to target a person's Amazon account, he or she would gain access not only to their payment card info, but their home address and phone number as well.

There are two ways in which companies can prevent hackers from taking over accounts. First, installing a threat detection surveillance system is necessary. From there, businesses should send emails to account holders advising them to use stronger passwords.

Thanks for watching!

The post Retailers face new threats this holiday season appeared first on Remote DBA Experts.

Hackers targeting simple Web application vulnerabilities [VIDEO]

Tue, 2014-12-30 08:12

Transcript

Hi, welcome to RDX! In the past, cybercriminals typically focused on operating systems and software written in C or C++. Now, they’re redirecting their attention to Web applications and services that were coded in languages such as Java and .NET.

One such attack, dubbed “Operation Aurora,” occurred in 2009. Allegedly, the initiative was conducted by hackers connected to the Chinese military. The perpetrators directed their attention toward Adobe, Rackspace and others to manipulate application source code.

How can enterprises prepare for these kinds of attacks? Backing up their applications and the data within those programs is the best course of action. In addition, companies should install malware detection programs to prevent software from being corrupted.

Thanks for watching! Be sure to check in again for more security news and tips.

The post Hackers targeting simple Web application vulnerabilities [VIDEO] appeared first on Remote DBA Experts.