Insider could be anyone within the organization who
has access to the data beyond the general public.
of the memory keys
The typical threat model in an organization recites
in either hardware or software. Attackers are often assumed to have physical
access to the sensitive information in various ways. The target for these
attackers is mainly to get the encryption key which is hidden in the chip
boundary. This increases the workload of the attacker since it requires
expertise knowledge. The cryptographic keys unlike most data in the computer
memory, are random. Looking through memory structures can be an easy way to
reveal the key material. Well made libraries for use like the Local Encryption
Services help to a great extent in protecting keys in memory. Key-encryption
keys are used to encrypt the key while it is in the memory and then this
encrypted key is divided into several parts and then spread throughout the
memory spread. Memory holding the key should be immediately cleared as soon as
this cryptographic process is finished. To increase the security Master key
must be backed up separately.
of service (DOS)
It is not possible to completely eradicate DOS but
to some extent we can avoid it. It becomes
very difficult to differentiate between a genuine request and a fake request
because both of them use the same ports and
protocols which may resemble each other. Some of the ways to prevent
this can be :
Purchasing a lot of bandwidth: This can
be the easiest but the most expensive. Enterprise with a lot of bandwidth would
be less susceptible to DOS because it has more bandwidth than an attacker has
Prepare a DOS response: The use of
throttling and rate-limiting technologies reduces the risk of DOS attacks. This
response stops all the new inbound connections in the DOS attacks, allowing
only the established connections and new outbound connections to continue.
Using DOS attack identification and
detection technique: This can help to differentiate between authentic and
fake traffic. Activity profiling can be
used for this, it measures average traffic rates and flag significant increase
in traffic. Identifying the DOS attack can help organization to determine the
type of attack i.e. DDOS attack or domain name system amplification
Data in cloud
Using the cloud can come with a great ease and a
great threat to the data. But if done smartly this can help to a great extent.
Use private clouds: Private clouds are
more expensive but much more secure than public clouds. Private
cloud providers are in better position to monitor your account, enabling them
to preemptively deflect attacks and minimize their impact.
wisely: Passwords must be strategically chosen since they are the most
avoidable and common cyber security attack. The idle password must be at least
8 character long, utilizes a wide range of symbols, no complete words, no word
related with the company. If CEOs credentials get into the hands of cybercriminals,
they can send emails to the employees to
take action without the knowledge of the CEO.
Use secure data
transfer channel: Always encrypt the sensitive data before sending
.This reduces the attacks up to a great extent.
4.Using system Triggers
A trigger is
a special kind of stored procedure that automatically executes when the event
occurs in the database.
when the user tries to alter data using data manipulation language(DML). DML
events are INSERT,UPDATE,DELETE statements.
in response to the variety of data Data Defination Language(DDL)
System triggers can be used to detect when something
suspicious is going on in the database. System events that could be triggered
CREATE TRIGGER -creates or enables database triggers
ALTER TRIGGER-enable,disable or compile a database
DROP TRIGGER-removes a database trigger from the
These can be triggered either before or after the
actions. Example: if a trigger is to be fired after all the CREATE events,then
the trigger itself is not fired because it was not committed at the time when
the trigger on Create was triggered. Whereas,if a trigger is DROPPED that was
supposed to be fired before all the DROP events,the trigger then triggers
before the DROP i.e the trigger would be able to protect themselves. You need
to ensure that they are not possible to reset externally if you are trusting
only the system triggers. For eg:Oracle SGA modification.
5. Using System events
At the same time Oracle introduced the possibility
to have a trigger on database logons they also
provided the mechanism for tracking other system
events. There are two different types of events onwhich triggers can be
created; Resource Manager Events, that are related to instance startup and
shutdown, and Client Events, related to user logon
/logoff, DML, and DDL operations. Depending on the
event, the publication functionality imposes
different restrictions. It may not be possible for the server to
impose all restrictions. The restrictions that
cannot be fully enforced are clearly documented. For
example, certain DDL operations may not be allowed
on DDL events. Instead of looking at the encryption
of data and the DBA-attack protection as different
mechanisms, they should be considered as
complement to each other in the mission of creating
a “secure database”.