Monday, August 25, 2008

Knowing is half the battle

Any G.I. Joe fans out there? This was the catch phrase used at the end of the cartoon during the public service announcement when they teach some badly behaving kid a lesson. In a recent investigation my network logs showed a mysql intrusion using a root account and the ubiquitous User Defined Function attack. When I arrived on site to take a look at the system, the manager asked me what happened. I said "based on network logs it looks like a database server got compromised."

If there ever was a deer in the headlights look this was it.
"Database server? What database server, I didn't know there was one".

We grabbed the user of the system...same look..and same response.
"Database server? What database server, I didn't know there was one".

Many software packages come bundled with supporting software that isn't readily apparent during installation. It may say something like "installing database". Microsoft is actually good about this and says "this product requires a database, do you want MSDE or a real SQL installation"? After doing software installs all day long, the tech working on the computer is probably surfing the web or getting coffee while the install is happening, and comes back when the install is done and that's that. Sure, I understand that, who the heck watches software installs? No one I know, unless they're in a hurry or compiling something on a linux box.

However, the software needs to be checked before install, because you need to know what to expect. You need to know that you just opened a hole in the security of your organization and someone now needs to deal with it appropriately. When risk is introduced in an organization it needs to be known and addressed, and remember..knowing is half the battle.