On 3/5/22 15:44, Tim Gorman wrote:
Just a heads-up as to where (I think) the world is heading...
Years ago, I was working at a large US telecom, and one of the goals of their virtualization efforts (i.e. moves to VMs on-prem, moves to containers, moves to cloud, etc) is to enable themselves to rebuild every virtual machine from a trusted image every week.
If a VM becomes "infected" with anything, then that will last for only a finite period before it is wiped out by a scheduled automated rebuild, if it is not detected sooner and then wiped out by a manually-initiated automated rebuild.
This doesn't mean that other preventative or protective efforts are reduced in any way, just that this is a last protective measure, for when all else fails. And, as we know, all else will indeed fail, eventually.
Back then, they included a requirement for automated rebuild from a trusted image to be scheduled every 6-9 months for all newly-built infrastructure. As their skills improve, the stated plan was to gradually reduce the scheduled frequency from 6-9 months down to one week.
So, if you're wondering about your organization's push to automation, to virtualization, to containers, or to cloud, then it's not necessarily because these things are "shiny" and "new", or somehow less expensive in themselves. It is because these technologies are seen as stepping stones to a possibly-as-yet-unstated goal in the never-ending arms race of infoSec.
Well, I am not so sure how would that function with a terabyte sized database in the cloud. Also, there is a very real possibility (see SolarWinds) that the tools used for monitoring network would be used as an attack vector. The only thing that can prevent the data from being stolen by a rogue actor acquiring access rights is encryption. And we don't encrypt nearly enough data. Also, phishing attacks are getting more and more sophisticated. The good old times of a Nigerian prince in need of bank transfer or "winning Microsoft lottery" are long gone. Acquiring credentials is easier than ever, unless MFA is used. The problem isn't infecting the server with anything, the problem is data theft. Your database server doesn't necessarily need to be infected with anything. The tables ACCOUNTS, CUSTOMERS and ADDRESSES can be dumped to CSV files using a script and the damage is done.
Unfortunately, MS Defender doesn't do nearly good enough job to
protect your servers. And neither does any other software. I have
recently received several quite well crafted spear phishing
attempts. No warning from MS Defender or McAffee. The only real
defense is our security awareness.
-- Mladen Gogala Database Consultant Tel: (347) 321-1217 https://dbwhisperer.wordpress.com-- //www.freelists.org/webpage/oracle-l
