Re: Question on data corruption or cyber-threat

From: Lok P <loknath.73_at_gmail.com>
Date: Thu, 17 Nov 2022 23:51:41 +0530
Message-ID: <CAKna9VZC3R7-hq3Co9ffrEMx8eKTQdvLBTo4NqAmAeeYsh1hKg_at_mail.gmail.com>

Hello Mark, Can you please elaborate a bit more on the below point. I am still struggling to understand regarding the "who" Column. Do you mean logging audit information like who inserted/updated/deleted data by maintaining a column created_by or modified_by users in tables which may be populated by triggers etc and then checking if those users are outside entity?

"*A key piece of minimizing the challenge is having “who” columns (see Oracle’s E-biz suite for a decent data model with respect to the “who” columns) and a policy to log transcriptions of any changes made outside of applications that utilized whatever “who” column system you adopt. Then at least you might have a control on total transactions versus tables via each application, and if those total don’t match up you get a clue.** key piece of minimizing the challenge is having “who” columns (see Oracle’s E-biz suite for a decent data model with respect to the “who” columns) and a policy to log transcriptions of any changes made outside of applications that utilized whatever “who” column system you adopt. Then at least you might have a control on total transactions versus tables via each application, and if those total don’t match up you get a clue."*

On Fri, 11 Nov, 2022, 12:21 am Lok P, <loknath.73_at_gmail.com> wrote:

> Thank you very much Yudhi and Mark for your valuable response. Will
> definitely consider these options for detecting cyber attack or data
> corruption.
>
> Also will try explore more on this. I was trying to see if any
> documentation available related to this topic.
>
> On Wed, 9 Nov, 2022, 6:23 pm Mark W. Farnham, <mwf_at_rsiz.com> wrote:
>
>> I believe the correct goal is detection enough quicker than the delay of
>> application of logs to your lagged recovery system to prevent rogue
>> transactions from being applied to your lagged recovery system.
>>
>>
>>
>> Old school protection is simply mathematical: Comparing the totals of key
>> validated transactions with the time range delta of the related balances in
>> totals tables. That protects against programming errors and thefts pretty
>> well. If that is done periodically all the time (say every two hours if you
>> have a four hour lag on the lagged recovery system, then you have two hours
>> to stop the application of those logs.)
>>
>>
>>
>> The more difficult problem now is the combination of folks whose goals
>> don’t include direct theft, but just want to mess you up. That could be
>> juvenile delinquents, market share competitors, or “political action by
>> other means.” And I’m sure other motives I don’t imagine at the moment.
>> There is plenty of data not amenable to control total checking that harming
>> could put your in dire straits.
>>
>>
>>
>> The notion of collecting patterns of authorized transactions is certainly
>> not silly. A key piece of minimizing the challenge is having “who” columns
>> (see Oracle’s E-biz suite for a decent data model with respect to the “who”
>> columns) and a policy to log transcriptions of any changes made outside of
>> applications that utilized whatever “who” column system you adopt. Then at
>> least you might have a control on total transactions versus tables via each
>> application, and if those total don’t match up you get a clue.
>>
>>
>>
>> And although my viewpoint is skewed toward business system data, I
>> believe the use of application systems is a key piece of minimizing what
>> must be scrutinized via “artificial intelligence” to be reasonably safe.
>>
>>
>>
>> NOT SILLY AT ALL!
>>
>>
>>
>> mwf
>>
>>
>>
>> *From:* oracle-l-bounce_at_freelists.org [mailto:
>> oracle-l-bounce_at_freelists.org] *On Behalf Of *yudhi s
>> *Sent:* Wednesday, November 09, 2022 4:22 AM
>> *To:* Lok P
>> *Cc:* Oracle L
>> *Subject:* Re: Question on data corruption or cyber-threat
>>
>>
>>
>> Might be silly thought. But just want to share, if you just create some
>> machine learning model to study the dml pattern and based on that any
>> deviation on that pattern will raise you an alert of probable cyber attack
>> or data corruption etc.
>>
>>
>>
>> On Sun, 30 Oct, 2022, 8:20 pm Lok P, <loknath.73_at_gmail.com> wrote:
>>
>> Hi all, I understand it's a broad topic. Data corruption or cyber attack
>> may happen with new ways and techniques each passing days, So it may not be
>> possible to prevent it 100% of the time but I believe, we should be in a
>> position to detect it as fast as possible to minimize the loss.
>>
>>
>>
>> Want to understand from data experts here, if there exists some specific
>> ways or standards to detect and alert cyber threats or data corruption in
>> databases (it may be Oracle or any other database or data storage systems)?
>>
>>
>>
>> Regards
>>
>> Lok
>>
>>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Nov 17 2022 - 19:21:41 CET

This message: [ Message body ]
Next message: Chris Taylor: "Long Shot Q: Anyone using Flashgrid on AWS for RAC DB Enablement?"
Previous message: yudhi s: "Re: high temp space usage for same analytic function on latest version"
In reply to: Lok P: "Re: Question on data corruption or cyber-threat"
In reply to Lok P: "Re: Question on data corruption or cyber-threat"
Next in thread: Ls Cheng: "Re: Load Statistics of different databases from cloud control"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message