I wonder about detecting database breach.
Currently, I use auditd to detect making database dump with mysqldump.
I wonder what more can I do to detect potential database breach.
Thanks for any ideas!
Asked
Active
Viewed 117 times
0
-
Could you give us some additional information? – Barry Carter Jul 21 '22 at 13:49
1 Answers
0
The general term, not specifically for database protection, is "intrusion detection system" (IDS) and the often closely related "intrusion prevention system" (IPS).
The Wikipedia article is quite informative: https://en.wikipedia.org/wiki/Intrusion_detection_system
Another closely related term is security information and event management (SIEM).
Normally you try to detect potential database breaches in the same way you test your normal security, relatively low hanging fruit are things like a port scan. A big alert should sound when that can connect remotely to your database server.
Other low hanging fruits are systems that are not kept up-to-date with security updates and bug fixes or for example overly generous file system permissions.
Much more difficult to detect are bad applications, for example a vulnerability to SQL injection.
Rob
- 1,175
- 1
- 7