Data Loss Prevention

Data Attack Prevention

Willie Kinney

CMGT/441

University of Phoenix

April, 2011

Facilitator Dr. Shivie Bhagan

Prevention of attacks to a data system is a very important issue that will either make or destroy a company main structure. The creator of threats to a company’s network or operation mainframe is looking to get into financial information or client information to steal their personal data. It is up to companies to know the best way to have a means of prevention of these threats to the success of their operations network functionality. Attack prevention is somewhat as a full time job for any companie’s IT department. The question is will most companies be a victim of their vulnerabilities or will they be champions through their prevention measures.

SQL Injection attack prevention

The attack is SQL injection attacks, being one of the most likely strike hackers use towards Internet-facing SQL Servers databases. This attack is a very strong threat in which companies are better off having the prevention measures in place before it has chance to latch onto network systems. One problem is if the system that is in place uses dynamic SQL and allows for users unchecked input to be passed to the database, will more than likely put it at risk. This could also turn into data loss, data theft, and in more recent strings of injections attacks that were automated, customers had Java script codes served to them by way of a compromised databases. This particular attack infiltration causes Web servers to infect the client computer with another virus (Cherry, 2008). Even the United Nations site is not immune to its attack.

The SQL injection works by allowing the attacker basically to escape out from existing command by putting single quote in a string value or by use of a semicolon being placed at the end of numeric value and by putting a SQL command after the escaped character. Clever hackers will use this technique to reveal the name of tables in a database....