What are the common problems facing Database Security? Presenters: Group 13 Yichen Jiang, Yingxu Liu Ericka Chickowski, “Five Hurdles That Slow Database.

Slides:

Advertisements

Similar presentations

Protecting Cyber-TA Contributors: Risks and Challenges Vitaly Shmatikov The University of Texas at Austin.

Advertisements

UNIT 20 The ex-hacker.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

7 Effective Habits when using the Internet Philip O’Kane 1.

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

1Balaji.S. 2 COMPUTER NETWORK AND SECURITY 3Balaji.S.

Honeypots Presented by Javier Garcia April 21, 2010.

Netezza Mantra Cutting edge database activity monitoring technology Shehba Shahab ISM 158 Spring 2010 Prakash Mehra.

Access Control Chapter 3 Part 5 Pages 248 to 252.

Prepared by: Nahed Al-Salah

Akamai Confidential©2011 Akamai. In the Cloud Security Highlighting the Need for Defense-in-Depth R. H. Powell IV Director, Government Solutions CISSP.

1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking by Shivam.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang.

Network security policy: best practices

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Network Problems and Solutions M. Sc. Juan Carlos Olivares Rojas

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Part 2- An IT Auditing Framework

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.

Protecting the Player– Information Security Concerns Gus March 21, 2014.

 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Cyber Security Nevada Businesses Overview June, 2014.

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Database Activity Monitoring

Database Security and Data Protection Suseel Pachalla, CISSP.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

What is hacking? Hacking is the use of a computer and its files with out being allowed by the owner. Hacking is used to find out peoples passwords and.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

South Wales Cyber Security Cluster A networking group with a purpose Membership Open to anyone with an interest in Cyber Security.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Computer Security By Duncan Hall.

Access Control for Security Management BY: CONNOR TYGER.

St Bernadette RC Primary School WELCOME.

HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.

Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!

INTRODUCTION Sam Wachira

Nation State Actors Lex Dunlap.

Social Engineering Dr. X.

Securing Network Servers

Team 1 – Incident Response

 Evolution is a personal information management application that provides integrated mail, address book and calendaring functionalities.

Common Methods Used to Commit Computer Crimes

Outline Introduction Characteristics of intrusion detection systems

Introduction to Networking

Forensics Week 11.

Social Engineering No class today! Dr. X.

A Web-based Integrated Console for Controlling a Set of Networks

Security Essentials for Small Businesses

Lesson 16-Windows NT Security Issues

12 STEPS TO A GDPR AWARE NETWORK

Protecting Your Company’s Most Valuable Asset

Considerations for Cybersecurity and Data Security in Today’s World

Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Anuj Dube Jimmy Lambert Michael McClendon

IP Addresses & Ports IP Addresses – identify a device on a network

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

What are the common problems facing Database Security? Presenters: Group 13 Yichen Jiang, Yingxu Liu Ericka Chickowski, “Five Hurdles That Slow Database Security Adoption”, Dark Reading, Mar 20, 2013

Overview Why database security is so important? Current technologies Challenges: scale, tech integration, tradeoff

Why Database Security is So Important? On March 20, a wave of cyberattacks that targeted South Korean banks and media networks. [1] On March 8, the U.S. National Vulnerability Database (NVD) was taken down due to suspicious activity detected. [2]

Why Database Security is So Important? On early March, an anonymous hacker claimed to have attacked a website belonging to the U.S. Department of State. An analyze indicated 199 Addresses, 207 Possible Hashed Passwords leaked.[3]

Current technologies Database Activity Monitoring (DAM) Interchangeably: ◦ Security Information and Event Management (SIEM) ◦ Security event manager (SEM) ◦ Security information management (SIM)

Challenges - Scale (1/3) A small or midsize operation has only dozens or even hundreds of database servers to protect. 40% of Fortune 500 companies have more than 10,000 database servers. Even 20% of those databases require activity monitor and enforce separation of duties, it can easily cost millions.

Challenges - Tech integration (2/3) Use DAM for failed log-in detection DAM and SIEM don’t work well together

Challenges - Trade off (3/3) Security comes second to performance. When administrators focus on availability, they often overlook configuration issues that can introduce security vulnerabilities and expose confidential data.

Reference [1] Kelly Jackson Higgins, “'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets”, Dark Reading, Mar 20, [2] Larry Seltzer, “U.S. National Vulnerability Database Hacked”, Dark Reading, Mar 14, [3] “Anonymous Attacks US State Department Careers Website”, Dark Reading, Mar 14, [4] Ericka Chickowski, “Five Hurdles That Slow Database Security Adoption”, Dark Reading, Mar 20, 2013