RE: Question on data corruption or cyber-threat

From: Mark W. Farnham <mwf_at_rsiz.com>
Date: Wed, 9 Nov 2022 07:52:50 -0500
Message-ID: <1ab801d8f43a$2d95eb70$88c1c250$_at_rsiz.com>

I believe the correct goal is detection enough quicker than the delay of application of logs to your lagged recovery system to prevent rogue transactions from being applied to your lagged recovery system.

Old school protection is simply mathematical: Comparing the totals of key validated transactions with the time range delta of the related balances in totals tables. That protects against programming errors and thefts pretty well. If that is done periodically all the time (say every two hours if you have a four hour lag on the lagged recovery system, then you have two hours to stop the application of those logs.)

The more difficult problem now is the combination of folks whose goals don’t include direct theft, but just want to mess you up. That could be juvenile delinquents, market share competitors, or “political action by other means.” And I’m sure other motives I don’t imagine at the moment. There is plenty of data not amenable to control total checking that harming could put your in dire straits.

The notion of collecting patterns of authorized transactions is certainly not silly. A key piece of minimizing the challenge is having “who” columns (see Oracle’s E-biz suite for a decent data model with respect to the “who” columns) and a policy to log transcriptions of any changes made outside of applications that utilized whatever “who” column system you adopt. Then at least you might have a control on total transactions versus tables via each application, and if those total don’t match up you get a clue.

And although my viewpoint is skewed toward business system data, I believe the use of application systems is a key piece of minimizing what must be scrutinized via “artificial intelligence” to be reasonably safe.

NOT SILLY AT ALL! mwf

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of yudhi s Sent: Wednesday, November 09, 2022 4:22 AM To: Lok P
Cc: Oracle L
Subject: Re: Question on data corruption or cyber-threat

Might be silly thought. But just want to share, if you just create some machine learning model to study the dml pattern and based on that any deviation on that pattern will raise you an alert of probable cyber attack or data corruption etc.

On Sun, 30 Oct, 2022, 8:20 pm Lok P, <loknath.73_at_gmail.com> wrote:

Hi all, I understand it's a broad topic. Data corruption or cyber attack may happen with new ways and techniques each passing days, So it may not be possible to prevent it 100% of the time but I believe, we should be in a position to detect it as fast as possible to minimize the loss.

Want to understand from data experts here, if there exists some specific ways or standards to detect and alert cyber threats or data corruption in databases (it may be Oracle or any other database or data storage systems)?

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Nov 09 2022 - 13:52:50 CET

This message: [ Message body ]
Next message: Mark W. Farnham: "RE: Zero DataLoss"
Previous message: Stefan Koehler: "Re: OEL versus RHEL"
In reply to: yudhi s: "Re: Question on data corruption or cyber-threat"
Next in thread: Lok P: "Re: Question on data corruption or cyber-threat"
Reply: Lok P: "Re: Question on data corruption or cyber-threat"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message