This is the second talk that I did at the recent UKOUG conference at the East Side rooms in Birmingham. This talk discusses how you should respond if you think that your database has been breached or if you unfortunately know that you really have been breached.
The main purpose of this short blog post is to introduce the talk and to present a link to the MS Powerpoint slides.
We started by discussing the fact that data is now the new gold rush like the Yukon and Klondike in the 1890s onwards. Data is growing faster than anything and we manage data in Oracle databases and that data is now valuable so becomes a target for theft or damage.
Data hacking and breaches are now an every day occurrence and almost every person now knows what a data breach is. We cover laws like GDPR and the hefty fines that can happen if personal data is stolen. These elements confirm why we must protect Oracle databases and why the data is an easy target now for thieves.
The next part I covered is what do hackers do; steal data (read it), change data (update it) and destroy data (delete it). Also we cover how attackers do this, what do they exploit in your systems and processes to gain access to your data. We also discuss who is the attacker, internal, external, third parties, public? Finally we looked at the methods used to attack the data. These are essentially the open doors that you have left open to allow them in; this could be through bugs in your applications, bad configuration, bad processes and more.
Next we laid out the complete breach handling process and all the steps before focusing in on the breach response team, the leader and how to handle an incoming breach. We finished with a brief discussion on writing a report and how to fix the security and the breached system. Finally we looked at what you should be doing now to prevent a breach and also to add things to make breach response and analysis easier.
Here is the MS PPT slides:
What should you do if your Oracle database is hacked? - link here. Please have a read and be prepared for a breahc before it happens or take action to prevent a breach.
#oracleace #sym_42 #oracle #forensics #databreach #liveresponse #datasecurity
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Top 10 Things to Consider in Securing an Oracle Database"]
