Portable Mobile Devices (I.E. Smart

¶ … portable mobile devices (i.e. smart phones and tablets) is having on database security. This is accomplished by looking at the scope of the problem and offering solutions for addressing these challenges. Once this occurs, is when an organization can be able to effectively adapt to the various security threats they are facing.

Over the last several years, the issue of database security has been increasingly brought to the forefront. Part of the reason for this, is because larger amounts of data are being stored online and in mainframe computers. This has increased the number of attempts to breach an organization's security system in order to be able to have access to wide variety of information. A good example of this can be seen by looking no further than the total number of cyber-attacks that were conducted last year. As, they rose by 93%, thanks in part to shortened IP addresses and the ability of hackers to create viruses that can penetrate most traditional defenses. Commenting about this was Symantec (a leading security firm) which said, "Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection. Social networking sites are increasingly important platform for attackers, as their popularity among consumers is rising fast. Attacks on leading mobile platforms were increasing after a 42% rise in mobile vulnerabilities last year. This is because the major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers. They are really following the consumers to these websites." ("Targeted Cyber Attacks Rise," 2011) This is significant, because it is showing how the total number of security issues has been increasing dramatically. To fully understand the overall scope of the problem requires looking at: the current strategies that are used to deal with these issues, how hackers are overcoming them and what specific tools can be used to enhance a firm's ability to protect themselves. Once this occurs, is when we can offer specific insights that will help us to understand how this is becoming a major issue for all organizations and what steps can be taken to deal with them.

Body

The Current Security Strategies

The basic approach that most organizations are using is limiting the overall amounts of access that outside parties will have to their database. This is accomplished through focusing on specific techniques such as: firewalls, encryption and actively monitoring for unusual activities from different IP addresses. The basic idea behind using this approach is to be able to frustrate most attempts to possibly have access to sensitive information. The below diagram illustrates the current approach that are being used by most organizations. (Kark, 2011) ("Department of Defense Strategy for Operating in Cyber Space," 2011)

Diagram 1: The Current Security Strategies of Most Firms

Hacker

Firewall

Encryption

Monitoring

This is important, because it is showing how the overall focus of the majority of organizations is to limit the total amount of access that outside parties will have to sensitive information. Once this takes place, it means that any kind of security breaches will be limited in scope. The reason why, is due to the fact that there are personnel who are actively monitoring for unusual activity. This is when they can identify these threats early and limit the potential negative impact that they will have on an organization. (Kark, 2011) ("Department of Defense Strategy for Operating in Cyber Space," 2011)

How Hackers are Overcoming the various Security Block in Place

Despite the current procedures in place hackers are becoming better at penetrating various defenses. The reason why is because technology has changed the way that everyone is retrieving and accessing information. As a result there are two common problems associated with database security to include: preventing unauthorized users from accessing the database and controlling access to various statistics. What is happening, is the way a database is established is through a doing business account (DBA). This is when a firm will create protocols that will give someone access to the entire database of the firm including: creating user names / passwords, the granting / revocation of privileges and assigning different levels of security. When someone can have access to this account is the point that they can use this information to determine an organization's overall vulnerabilities. (Navathe, 2007, pp. 616 -- 627)

Preventing Unauthorized Users from Accessing the Database

One of the most common ways that someone is able to gain access to the database is through existing user accounts. This is because most systems will often have some kind user name and password associated with a specific individual. When they are inside the database is the point that administrators will be able to: see where someone went and the kinds of activities they were involved in. The problem is that many firms will often have lax control of the database. This is because they will allow employees to access the information off site or they are not effectively monitoring / updating passwords regularly. Once this occurs is when hackers can be able to pretend to be IT personnel and they will often trick employees into providing them with this information. (Navathe, 2007, pp. 616 -- 627)

For example suppose that someone was at a particular social networking site or they received an email that looked like it was from company officials. Hackers could use this as way to inadvertently fool them into providing these individuals with the information they need. What hackers are doing is using this as a tool to trick many employees and executives into believing that they are receiving information from the firm through bogus IP addresses (which appear to be similar to that of the organization). Once this takes place, is when many criminals will use this to obtain information about the individual and the company. This is the point that they can start working aggressively to quietly penetrate the database's defenses. (Kark, 2011) (Navathe, 2007, pp. 616 -- 627)

Evidence of this can be seen by looking no further than a study that was conducted by Trend Micro. They found that 88% of the small and medium sized businesses have employees who are accessing their files offline through mobile devices. Furthermore, 74% of these firms reported that the equipment that is being used by employees is their own personal property. This is troubling, because it can give hackers the ability to go around many of the traditional strategies that are often used by IT personnel to protect the database. The reason why, is because these portable devices do not have the same kind of security blocks in place and employees may be exposed to potential breaches (based upon mistakes that can happen). Once this occurs, is when the vulnerabilities facing an organization increase due to the fact that they have no control over how hackers are able to gain access to their database. It is at this point that they can use this approach as a backdoor entrance into an entire firm's database. This is when they will have access to sensitive information by essentially going around the current security blocks. (Tanzy, 2011)

Controlling Access to various Statistics

Controlling access to various statistics is when there is focus on limiting the kinds of information that an individual will have available to them. This can be accomplished on the account or relation level. As far as the account level is concerned the database will know what specific information each user will have access to. While the relation level is when you are restricting someone based upon their status in the company or department. These elements are important because they are designed to control the kinds of information that anyone will have inside the database and accessibility to the most sensitive files of the firm. (Navathe, 2007, pp. 616 -- 627)

However, the problem is that many portable device or laptops are often high jacked by hackers. This is when they can be able to control the device remotely and develop a backdoor into the system itself. Once this takes place, is when the individual may not be aware of what is happening until it is too late. If a particular organization was targeted, is when hackers could take over a number of devices from different levels inside the firm. At which point they could use the authorization of various individuals to gain access to the database and any kind of statistics that are available through slowly working their way up the chain of command inside the organization. (Navathe, 2007, pp. 616 -- 627)

Evidence of this can be seen with a study that was conducted by Defense Systems. They found that the majority of smart phones have weaker security procedures to the point that they could be high jacked without the owner knowing what is happening. At the same time, more people are spending longer amounts of time using a host of applications that they are downloading off of the Internet. As most users, are averaging about three hours a day conducting a wide variety activities. It is at this point that hackers can be able to penetrate these vulnerabilities to use them as a backdoor inside a company's database. Once this occurs, is when there is the possibility that the situation will become worse as more criminals will utilize this as an easy way to overcome the challenges of going directly after a firm's initial blocks. This is important, because it is showing how there are increased vulnerabilities that these phones have due to the lack of effective security. (Coleman, 2011)

To make matters worse, many firms have begun using cloud computing as way to store large amounts of information. This is when they have significant pieces data on an organization's mainframe. The reason why, is because these kinds of computers have become more powerful and cheaper. This is allowing a variety of firms to be able to reduce costs and increase the total amounts of storage that they have available. The problem is that this kind of security procedure is giving hackers the ability to overcome traditional defenses. Part of the reason for this, is because a number of security experts have been advising their clients about how their current strategy can deal with any kind of threats they are facing. Once this occurs, is when it can lull most IT personnel into a sense of complacency about the overall nature of the threats. This is the point that odds increase that hackers will be able to break into mainframe computers that are storing large amounts of information. (Kark, 2011) (Tanzy, 2011)

A good example of this can be seen with the recent announcement that the security firm Stratfor (as they were the victim of this kind of attack.) What happened was a group of hackers identifying themselves as Anonymous had broken into the firm's mainframe and they were able to gain access to thousands of credit cards along with other pieces of personal information. Some of Stratfor largest clients include: the U.S. Air Force, Apple, and the Miami Police Department just to name few. Instead of using this information for illicit purposes, the hackers were politically motivated by calling for the release of Specialist Bradley Manning. He is accused of giving the web site Wiki Leaks tens of thousands of classified U.S. government cables. What the group has been doing is making donations to charity with the stolen information that was obtained. This is problematic, because it is showing the increasing vulnerability that a number of organizations are facing. The reason why, is because most firms are relying on IT security experts and consultants to reduce their risks. During this process is when they will have them store large amounts of data on their mainframe through cloud computing. However, the fact hackers are able to gain access by directly going after portable mobile devices is an indication that they can use this as a way to circumvent various security procedures. Once this takes place, is when they can be able to gain access to large amounts of information undetected. This is significant, because it is showing how there are increasing vulnerabilities that most firms are facing. ("Anonymous Hackers Target U.S. Security Think Tank," 2011)

As a result, IT security personnel must be able to understand the overall nature of the threat and how to effectively counteract what is happening. Otherwise the odds increase that there will be more of these kinds of incidents taking place. This is when there is the possibility that large amounts of information stored on various databases could increase the overall vulnerabilities of an organization to hackers. Once this takes place is when the odds improve, that there will be larger amounts of security breaches that are being reported. This is the point that it will be difficult to protect and store sensitive information that are vital to the success of an organization in achieving its objectives. Therefore, it is essential for IT personnel to create a strategy that will take the changing nature of the threat into account and how it should be effectively counterbalanced.

Specific Tools that can be used to enhance a Firm's ability to protect themselves

To deal with any kind of possible threats to the database in the future all organizations must be able to use a number of different tools in achieving these objectives. The best way that this can be accomplished is through having an approach that will specifically address the overall nature of the threat. This means that all organizations must implement an approach that is based upon flexibility and utilizing techniques that will deal with these challenges on the various mobile devices. To do this there must be an all-encompassing strategy that will concentrate on a number of specific tactics. The most notable include: storing information is absolutely necessary, protecting database that is accessed over public networks, configuring devices to block external spying, encrypting sensitive information, utilizing mandatory access control, conducting audits and backing up critical data. These elements are important, because the combination of them can allow an organization to adapt with the various threats that they are facing. Once this occurs, is when they will reduce the chances of allowing hackers to use this as a backdoor to receive key pieces of information. (Olzak, 2008)

Storing what is Necessary

This is when a firm is limiting the total amounts of data that is stored on smart phones and tablets. What has been happening is the lack of control of this information has allowed employees to download critical pieces of data that are sensitive such as: spreadsheets, customer files and various pieces of financial information. When a hacker is able to gain access to these devices they will automatically be able to retrieve files that are considered to be classified in nature. Moreover, this information could provide them with the ability to easily access larger amounts of an organization's files. This is because the data that is stored on these devices will often have user names and passwords for entering their database. Criminals can use this as way to make themselves appear to be the employee accessing these files. Once this occurs, is when IT personnel will not be able to identify any kind of unusual activity. This is the point that hackers can anonymously be able to retrieved large amounts of information despite the various external security blocks that are in place. (Olzak, 2008)

Protecting Data that is accessed from Public Networks

One of the most common methods that hackers are using to gain access to various devices is through public networks. This is because various WIFI connections do not have the same kind of security protocol as large organizations. At the same time, any kind of encrypted data that is received will not be secured. The reason why, is because most of these sites do not have any kind of SSL certificates or firewalls in place. This is problematic, because it can allow criminals to have access to information without the other party knowing what is happening. Once this takes place, is when the odds increase that there will be a number of challenges associated with maintaining control of various pieces of data. This is when hackers can use this to gain access to wide variety of areas inside the organization's database. To prevent this from happening, it is advisable that all firms require anyone who is accessing their database to use websites that have an SSL certificate. This will reduce the ability of criminals to monitor what kinds of activities are occurring. (Olzak, 2008)

Configuring Devices to Block External Spying

When we are configuring a device to prevent external spying is the point that a firm will require everyone to establish some kind of firewall. This is because most people will assume that the security provisions from the internal operating system will protect them against possible breaches. However, the problem is that most hackers have figured out how to overcome these defenses. As a result, firms must require employees to install and update a secondary firewall from one of the well-known security providers (i.e. McAfee, AVG or Symantec). This will prevent hackers from being able to access critical prices of data. As these kinds of firewalls are serving as secondary barrier that will make it difficult for them to overcome the security provisions. Once this takes place, it means that criminals will have to try numerous tactics in overcoming these barriers. This is the point that they will move on to other targets with greater vulnerabilities. (Olzak, 2008)

Encrypting Sensitive Information

Another avenue that must be taken is all organizations need to be encrypting sensitive information. This is accomplished by requiring employees to access sites from URL addresses that have SSL certificates. At the same time, the individual must not be allowed to store any kind of end data that they are receiving. If this kind of approach can be taken, it will ensure that an organization will not have some kind of security breach when an employee is accessing sensitive information when they are on the go. (Olzak, 2008) (Navathe, 2007, pp. 616 -- 627)

Utilizing Mandatory Access Control

A mandatory access control is when administrators are focused on establishing different kinds of security protocols for the database. The way that this is accomplished is through implementing various levels that will allow employees and managers admittance to certain areas such as: top secret, secret, confidential and unclassified. These elements are important, because the combination of them will serve as way of limiting who is able to go to specific areas of the database and what information they are looking at. Once this occurs, is when IT personnel can implement a series of procedures that can be used to help deal with possible challenges that the organization is facing surrounding the kinds of access that is available. For example using the mandatory access control panel, the overall amounts of information can be restricted with someone going into the database from outside locations (who are looking for documents that are considered to top secret or secret). In the event that there is some kind of security breach, hackers would only be able to have access to select amounts of information. Once this occurs is when they are able to reduce the chances that this could have an adverse impact on the organization from these kinds of security breaches. (Navathe, 2007, pp. 616 -- 627)