Database (in)Security – GhostShell hackers release Govt Records – is Ryu the Answer?
The Hacktivist group GhostShell released 1.6 million records that it claimed were lifted from government (and some corporate) sites including the Pentagon, NASA, European Space Agency and the Federal Reserve.
A quick look at the files and you can see right away that the website data breach was most likely caused by SQL injection. The data dump is separated into numerous parts, but several start with the complete Database structure pulled from individual websites.
A mix-match combination of communications, individual project statuses, business communications, space rocket information, directory data dumps and user accounts and records are included.
With most of these systems from major government entities the question becomes, if these sites aren’t protected against remote hacker SQL injection type attacks, what chance does smaller businesses and corporations that have a fraction of the security budget?
Obviously SQL security is a major concern for companies. What is needed is a new security module to place in front of application servers to protect databases from external attacks, or more secure database programs.
I have been reading a lot about Trustifier’s Ryu recently and it seems that they are on the right track. Most Intrusion Detection Systems and Web Application Firewall (WAF) security programs are signature based. They are looking for patterns or common attack strings. But someone utilizing advanced or uncommon SQL queries can bypass even the best WAF.
Trustifier’s uses a unique approach with Ryu. Incoming commands are analyzed in a secure environment before they are allowed to execute. A complex mathematical engine determines if the command is a legitimate command or one that has possible security risks.
Early testing has shown that it is very good at stopping SQL based attacks, surpassing many of the top WAFs currently on the market.
The manufacturer also claims that the cloud based Ryu solution is effective against many other common internet threats including:
I am spoken with Trustifier and am still going over some of the technical material provided on Ryu, but at an early glance it looks VERY good. Hopefully we will take a much closer look at it very soon.
Check it out!