- 7 Tem 2013
- 8,219
- 709
Types of Database Attacks
Customer information, research and development drawings, tender files, credit cards, financial movements are all important information for us, right? but why?
The common point of these data is that all of them are kept in databases, which means that your most important data are kept in the database.
Common Attack Types
As everyone knows, SQL Injection is a type of attack against a database.
1- SQL İnjection:
SQL injection is designed to allow the attacker to gain access to unauthorized resources or to change touchy information. To put it plainly, it is a type of SQL security abuse.
Brute Force attack is very useful for "passwords"
2-Brute Force:
These attacks involve many combinations. It's widely used today. Sometimes we use it in our daily life.
For example;
You found a password with SQL Injection, but in cracked (MD4, MD5, etc.) Brute Force Attack intervenes to break this. Tries the required combinations one by one. It notifies you when you decode the password.
"If hacking is locksmithing, DDoS is to shoulder the door."
3- DDoS / DOS Attacks:
As everyone knows, DDoS / DOS Attacks are a very common attack type. By sending a large number of packets in the system, it's aimed to overload the server and render it unavailable. These attacks can sometimes cause permanent damage.
How Is This Kind of Data Protected?
Ensuring Physical Database Security:
Traditionally, this is taking a machine and transferring your data locally into it. Unauthorized persons should be prohibited from entering these rooms. Nobody should enter this room except for authorized personnel. In this way, your data will be more protected.
Use Web Application and Database Firewalls:
Your database server can be protected by a firewall that prevents it from accessing traffic. The allowed traffic may only be requested from the applications or servers you specify. In this way, your data is protected against SQL Injection attacks.
Encrypt Your Data:
In many companies, it has become a tradition to encrypt data stored in the organization, but it's important to ensure that your backup data is also stored separately from decryption keys.
Minimize the Size of Your Database:
Attackers can only capture data, so it's very important that we take care not to store important information in the database and be sensitive about it.
Tightly Manage Database Access:
You can put the access to the database under strict management, for example, a room -where only managers can enter- can be created in a room where machines found. The fewer executives we put in this room, the better.
Auditing and Monitoring Database Activity:
This is important for you to audit activities such as logging thanks to the logs stored in the database because an unusual activity is difficult to detect.
Source: https://www.turkhackteam.org/web-server-guvenligi/1942604-veritabani-guvenligi-ve-saldirilari.html
Çevirmen/Translator Gauloran
Customer information, research and development drawings, tender files, credit cards, financial movements are all important information for us, right? but why?
The common point of these data is that all of them are kept in databases, which means that your most important data are kept in the database.
Common Attack Types
As everyone knows, SQL Injection is a type of attack against a database.
1- SQL İnjection:
SQL injection is designed to allow the attacker to gain access to unauthorized resources or to change touchy information. To put it plainly, it is a type of SQL security abuse.
Brute Force attack is very useful for "passwords"
2-Brute Force:
These attacks involve many combinations. It's widely used today. Sometimes we use it in our daily life.
For example;
You found a password with SQL Injection, but in cracked (MD4, MD5, etc.) Brute Force Attack intervenes to break this. Tries the required combinations one by one. It notifies you when you decode the password.
"If hacking is locksmithing, DDoS is to shoulder the door."
3- DDoS / DOS Attacks:
As everyone knows, DDoS / DOS Attacks are a very common attack type. By sending a large number of packets in the system, it's aimed to overload the server and render it unavailable. These attacks can sometimes cause permanent damage.
How Is This Kind of Data Protected?
Ensuring Physical Database Security:
Traditionally, this is taking a machine and transferring your data locally into it. Unauthorized persons should be prohibited from entering these rooms. Nobody should enter this room except for authorized personnel. In this way, your data will be more protected.
Use Web Application and Database Firewalls:
Your database server can be protected by a firewall that prevents it from accessing traffic. The allowed traffic may only be requested from the applications or servers you specify. In this way, your data is protected against SQL Injection attacks.
Encrypt Your Data:
In many companies, it has become a tradition to encrypt data stored in the organization, but it's important to ensure that your backup data is also stored separately from decryption keys.
Minimize the Size of Your Database:
Attackers can only capture data, so it's very important that we take care not to store important information in the database and be sensitive about it.
Tightly Manage Database Access:
You can put the access to the database under strict management, for example, a room -where only managers can enter- can be created in a room where machines found. The fewer executives we put in this room, the better.
Auditing and Monitoring Database Activity:
This is important for you to audit activities such as logging thanks to the logs stored in the database because an unusual activity is difficult to detect.
Source: https://www.turkhackteam.org/web-server-guvenligi/1942604-veritabani-guvenligi-ve-saldirilari.html
Çevirmen/Translator Gauloran
