Re: Question on data corruption or cyber-threat
Date: Fri, 11 Nov 2022 00:21:03 +0530
Message-ID: <CAKna9VZ+7ODM4rBGEsOqOGZq7t7OV2Q4HeiRkim6bF64s1hr_w_at_mail.gmail.com>
Thank you very much Yudhi and Mark for your valuable response. Will
definitely consider these options for detecting cyber attack or data
corruption.
Also will try explore more on this. I was trying to see if any
documentation available related to this topic.
On Wed, 9 Nov, 2022, 6:23 pm Mark W. Farnham, <mwf_at_rsiz.com> wrote:
> I believe the correct goal is detection enough quicker than the delay of
> application of logs to your lagged recovery system to prevent rogue
> transactions from being applied to your lagged recovery system.
>
>
>
> Old school protection is simply mathematical: Comparing the totals of key
> validated transactions with the time range delta of the related balances in
> totals tables. That protects against programming errors and thefts pretty
> well. If that is done periodically all the time (say every two hours if you
> have a four hour lag on the lagged recovery system, then you have two hours
> to stop the application of those logs.)
>
>
>
> The more difficult problem now is the combination of folks whose goals
> don’t include direct theft, but just want to mess you up. That could be
> juvenile delinquents, market share competitors, or “political action by
> other means.” And I’m sure other motives I don’t imagine at the moment.
> There is plenty of data not amenable to control total checking that harming
> could put your in dire straits.
>
>
>
> The notion of collecting patterns of authorized transactions is certainly
> not silly. A key piece of minimizing the challenge is having “who” columns
> (see Oracle’s E-biz suite for a decent data model with respect to the “who”
> columns) and a policy to log transcriptions of any changes made outside of
> applications that utilized whatever “who” column system you adopt. Then at
> least you might have a control on total transactions versus tables via each
> application, and if those total don’t match up you get a clue.
>
>
>
> And although my viewpoint is skewed toward business system data, I believe
> the use of application systems is a key piece of minimizing what must be
> scrutinized via “artificial intelligence” to be reasonably safe.
>
>
>
> NOT SILLY AT ALL!
>
>
>
> mwf
>
>
>
> *From:* oracle-l-bounce_at_freelists.org [mailto:
> oracle-l-bounce_at_freelists.org] *On Behalf Of *yudhi s
> *Sent:* Wednesday, November 09, 2022 4:22 AM
> *To:* Lok P
> *Cc:* Oracle L
> *Subject:* Re: Question on data corruption or cyber-threat
>
>
>
> Might be silly thought. But just want to share, if you just create some
> machine learning model to study the dml pattern and based on that any
> deviation on that pattern will raise you an alert of probable cyber attack
> or data corruption etc.
>
>
>
> On Sun, 30 Oct, 2022, 8:20 pm Lok P, <loknath.73_at_gmail.com> wrote:
>
> Hi all, I understand it's a broad topic. Data corruption or cyber attack
> may happen with new ways and techniques each passing days, So it may not be
> possible to prevent it 100% of the time but I believe, we should be in a
> position to detect it as fast as possible to minimize the loss.
>
>
>
> Want to understand from data experts here, if there exists some specific
> ways or standards to detect and alert cyber threats or data corruption in
> databases (it may be Oracle or any other database or data storage systems)?
>
>
>
> Regards
>
> Lok
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Nov 10 2022 - 19:51:03 CET