DAM Use case 3: Database Protection – SQL Injection Scenario
Database Protection – SQL Injection Scenario
Unusual amount of Sensitive Data is Accessed.
Installation of the McAfee DAM Sensor at the Database.
Database monitoring configuration
Monitor SQL injection attack
Monitor every selected query that is going to the database and also the response of the query.
We need to simulate this scenario:
External Hacker spider the web application using well known easy hacking tools, when he succeeds to get in then.
Finds a SQL injection flaw and injects code (malicious data) in the database
Waits for legitimate user select through the application certain records in his database, now has abnormal link back to a malicious website, when he clicking on the website he is clicking on his own data which has been manipulated and it is good to make harmful things.
Now the legitimate user access code using browser
Browser executes malicious code.
McAfee DAM monitors the SQL injection and sends an alert.
Note: If you want to monitor SQL injection attack you have to be able to monitor every selecting query that is going to the database and also the response of the query.
Note: It is highly recommended to create a correlation rule at the McAfee ESM to detect the SQL injection and if there is McAfee IPS behind the firewall we can also do automatic block for the attack immediately and add the IP address to the black list of the Sensor.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.