Customer Relationship Management (CRM)
Data Farm
Inc.®
|
The Technical "Know-How"
|
Data Security - "don’t know you have been hacked"
Ths goal of this page is to cover:
• The Seriousness of Database Attacks
• Probelms With The Existing Database Security Systems
• Our KISS Approach.
According to FBI Director James Comey:
“There are two kinds of big companies in the United States. There are
those who’ve been hacked…and those who don’t know they’ve been hacked.”
“A chain is only as strong as its weakest link” is definitely true when it comes to database security.
The Seriousness of Database Attacks and the Damages to the Institutions Standings:
• Databases are sitting ducks for the taking and target practise
• The content of the databases (Corporate, Customer, Financial) are wealth of data
• If you have worked with one database, it is easy to work with another
• Access or crashing database do not take more than trails and errors on the hackers part
• Hackers have nothing to lose if they can go undetected
• Ransom from these big business to be left alone or payout hackers to unlock the data and files
Recent Database Attacks as Posted on the Web:
Anthem Inc.,
The country’s second-biggest health insurer, said hackers broke into a database containing
personal information for about 80 million of its customers and employees in what is likely
to be the largest data breach disclosed by a health-care company.
Ebay:
eBay went down in a blaze of embarrassment as it suffered this year’s biggest hack so
far. In May, eBay revealed that hackers had managed to steal personal records of 233 million
users. The hack took place between February and March, with usernames, passwords, phone numbers
and physical addresses compromised.
The New York Times:
SAN FRANCISCO - Chinese hackers have persistently attacked The New York Times, infiltrating
its computer systems and getting passwords for its reporters and other employees.
MongoHQ (NoSQL):
NoSQL Database hosting service MongoHQ, a Y Combinator alum, has suffered a major security
breach that appears to be a major factor in an attack over the weekend on Buffer, the social
media scheduling service. The MongoHQ intrusion is affecting customers of the hosting service
and potentially also their S3 storage accounts on Amazon Web Services (AWS).
LinkedIn (NoSQL):
SAN FRANCISCO - LinkedIn is a data company that did not protect its data. Hackers breached the
site and stole more than six million of its customers’ passwords, which had been only lightly
encrypted. They were posted to a Russian hacker forum for all to see.
Four main existing control measures which are used to provide security of data in databases are:
access control, inference control , flow control and data encryption.
Threats come from excessive privilege and legitimate privilege abuse, database platform vulnerabilities, SQL injection,
buffer overflows, weak audit trail, database communication protocol vulnerabilities, weak
authentication, backup data exposure and a number of other issues.
Our KISS Security Approach:
Apple computers had less security issues due to its "Closed Box" approach in dealing with the
outside world. Our system is not a closed box, but cloud services with controled flow of data:
• We have database services not database access
• Data only travels one way into our database services
• Our services are intelligent DAO, Interactive Frontend support, CRM Plug-ins , templates and files
• Output data is enclosed within compressed and encrypted files
• Interfaces are restricted to processes and protocols
• No administration access or any access by outsiders
• Input Data is farmed into our secret farming
• Data mainly stored into DAO-XML files and compressed and encrypted
• The only existing tables are few of the frequently used data and audit trails
• Daily Maintenance or any database activities are our secret
• Internal security is traced-audit trailed with bidirectional keys
• Security outside the database are addressed in different pages in this site
As for our Data Services performance, we are addressing it in other pages in this site.
|
|
