Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rolling Review Wrap-Up: Extrusion-Prevention Systems

 
Download a free PDF of this article at InformationWeek Reports
 

When a Web server attack exposed Second Life customer data last September, Linden Lab invalidated all user passwords and announced that one lowly SQL injection flaw had enabled attackers to run arbitrary SQL commands on a back-end database. The company admitted that 650,000 names along with contact information, encrypted passwords and payment data had been compromised.

Fast forward to May, when University of Missouri employees probably wished they were in some alternate universe. IT staff noticed abnormal application behavior on May 3 and the next day discovered a mother lode of errors. One vulnerability was in a Web page used to check the status of help desk issues, and exploiting a SQL injection flaw enabled an attacker to retrieve names and Social Security numbers the old-fashioned way—one record at a time, using tens of thousands of Web requests.


This article is the wrap-up of NWC's Rolling Review of extrusion-prevention systems. Click on that link to go to the Rolling Reviews home page to read all the features and reviews now.

By the time IT realized what was happening, sensitive data on 22,396 people was long gone.

The sad truth is, it's no coincidence that over the past year an increasing number of security breaches have been the result of database compromises, rather than pilfered laptops. Steal a PC from a car and you might get nothing but some hardware and an MP3 collection. Infiltrate a database of customer information and the possibilities are endless. And this trend will only continue as more companies deploy data-rich online services needing database back ends.




Real-World Analyst Assessment


Click to enlarge in another window
  • 1