What To Do With An Online Security Breach Part 2

By Author: Mel Joelle
Total Articles: 4328
Comment this article

Here is an example of a system that has too many fail points.

Company Widget Maker has a main database system that houses all of the company's leads. Company Widget Maker also has 400 additional branch offices that have access to the system; each branch has about 10 employees. Each branch also has separate branch websites that connect directly to the main database system.

In the above scenario there are over 4,000 users that can access the database system at the same time. Human beings like doing things easy, so most likely they don't have secure passwords, and they write down the password on plain sticky note in plain sight. The first and biggest fail points are all the employees. The second is the websites. They all access the same database system without a separate filter; a web-service is needed to filter out unwanted commands. Since they are all directly connecting to the main database, the database passwords have to be stored on each of the branches' database systems. That is an additional 400 fail points as well.

My advice in this particular situation is to create a web-service filter on the main ...
... database that only takes in information for known sources, and when the correct key or password is sent over. Having the key change at random intervals will minimize the window of opportunity a cracker has to get into your system since the keys change. Next time, make sure the servers at each branch that are talking to the main database are tightly secured, using strong usernames and passwords that are frequently so that no unauthorized personnel can ever get to them.

Next, require the entire staff to create a non-dictionary password that is reset every 30 to 60 days to minimize the risk in case a cracker does gain access to a password to the database. Making it mandatory to have the users' email account passwords also reset after 30 to 60 adds additional barriers of security. In the case that a cracker gets into an email account and sits and reads all the emails without a user ever knowing it, the system resets the passwords after a time period locking the cracker out.

All systems are only as strong as their weakest point and in today's technologically advanced world, the weakest point is still human error. By using the method of having random changing interval keys being passed between the database systems, it creates an additional level of security on the machine side. Doing the same for the human side will greatly reduce the risk of a security breach.

I also cannot stress this enough; make sure you keep up with all security patches for all the software you are running. This is a huge job to do in itself. This is usually the responsibility of the network administrator, so having a competent one on staff is a must.
Click here to read the rest of Online Security Breach. If you enjoyed this article, you also might like our other stories about Search Engine Optimization.