Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: security curmudgeon (jerichoattrition.org)
Date: Tue Dec 21 2010 - 01:23:51 CST
---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>
By Adam Ely
December 18, 2010
No one likes to think about database breaches, but the fact is, they
happen. Rather than cross your fingers and hope for the best, create an
incident response plan ahead of time. Without a plan, you may destroy
critical evidence that could be used to prosecute the offender. You might
also overlook just how the incident occurred, leaving you exposed to
Log analysis is an essential component of an incident response plan.
You'll want to review logs from the compromised machine or machines and
from other sources, including network devices and access control systems.
A number of log types--transaction, server access, application server, and
OS--can all provide valuable information to retrace what occurred. If your
database administrator has enabled transaction logs--and it's a big
if--start there because they're a rich source of information.
Your first goal is to understand what data has been extracted, which will
help you gauge the current risk to the company. Then examine what else the
attacker may have tried to do. As you review logs, look for queries that
would match the data known to be exported. If you don't have any evidence
to match against, gather up the database administrator, application
developer, and anyone else who knows normal application and database
activity. Get a conference room, display the logs on a projector, and have
them help you look for anomalies such as unusual queries that applications
or administrators wouldn't normally make.
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list
Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works