Database Protection – SQL Injection Scenario
Unusual amount of Sensitive Data is Accessed.
Installation of the McAfee DAM Sensor at the Database.
Database monitoring configuration
Monitor SQL injection attack
Monitor every selected query that is going to the database and also the response of the query.
We need to simulate this scenario:
McAfee DAM monitors the SQL injection and sends an alert.
Note: If you want to monitor SQL injection attack you have to be able to monitor every selecting query that is going to the database and also the response of the query.
Note: It is highly recommended to create a correlation rule at the McAfee ESM to detect the SQL injection and if there is McAfee IPS behind the firewall we can also do automatic block for the attack immediately and add the IP address to the black list of the Sensor.