Fix the standby database.

This has happened in the past. A data file get corrupted, or there is a gap in the archive logs. How do you fix it? In the past I would put the tablespace into backup mode, backup of the datafile, flush the archive logs then SCP the current archive log files and the datafile over to the standby database.

Once over at the standby database; shutdown the standby database, copy the datafile and archive log files to their proper place, recover the standby database then put the standby database back into managed recovery.

But things have changed. Port 22 is closed between the primary database and the standby database. File replication is done through the SAN. Sadly that complicates things. So instead of a simple copy, I now have to engage two SAN engineers to break the replication, one on the primary side and a second on the standby side. I then need to engage the Unix admin to mount the LUN on the standby database server.

The SAN engineers require change control to break the replication, the Unix admin requires change control to mount the LUN. Do you see how what is a quick simple fix can become a problem?

What about NULL?

What is NULL?  Is NULL a space? Is NULL a NULL string?

NULL is unknown. If null is unknown then you can not do anything with null. 
You can not perform any operation on null: Y := 5+UNKNOWN then Y=UNKNOWN
You can not compare null to anything: IF 5>UNKNOWN THEN … END IF. Well that will never evaluate to true because just don’t know.

This is part of what makes NULL so difficult to work with.  NULL complicates logic. So just say no to null.

Social engineering does happen.

There have been a few times where social engineering was attempted with one of my customers.  Sometimes I wind up taking the phone call after someone calls the help desk looking for some information we would not normally give out.  On one occasion someone from the help desk walked back to my office and asked me to take a call because a customer was upset about our security configuration.  The help desk person did what all help desk people do, help the customer with a problem.

Someone doing social engineering may try to make it sound like the information they want is critical and resort to threats and intimidation. Always stop and ask yourself, would I give this information to a bad actor?  What can be done with the information if it fell into the wrong hands.  Was the person who called vetted?

The call went something like this.

Customer: “We are setting up a new account.  I have our security person on the line and he wants to ask you a few questions.  Can you help us out?”

Me: “Sure, whats the problem?”

Security person. “Hi my name is Jim and I am responsible for the security of our information that we send you.  I have to approve sending sensitive information and have a couple of questions.”

Me: “Shoot.”

Jim: “What types of firewalls do you use? What is their patch level? What is the web server?  What is it’s patch level?  What is the database?  What is the patch level? Is the database encrypted? What encryption are you using? Do you encrypt the backups? How do you enforce password security?  How complex are your passwords? How can I extract information for the database once I send it to you?”

Me: “I”m sorry Jim, but I can not give out that information.  If you are setting up an account please read the FAQ. That will answer all the question you need to setup an account.”

Jim: in a stern voice “Listen, if I don’t get this information then I will not approve sending you the data you require.”

Me: “Jim, if you decide not to send the data that is your decision, but I will not be telling you anything about our security, period, end of story.”

Customer: “Please we just need to know how you secure the data so we can send you the data you require.”

Me: interrupting “Madam your security person can explain to you why you do not tell anyone how you secure information. I am going to instruct the help desk that all questions that deal with security be directed to me or security.”

Jim: “Listen I will call the director and have you fired if you don’t give me the information.”

Me: “Really, good by.”

PII is valuable to criminals

The theft of PII is no longer relegated to petty criminals and hackers; it is now organized crime rings that are targeting PII and selling it on the back market. Some nations even tolerate criminal hacking to steel PII as long as the criminals only steal outside of their nations borders. The buyers of PII are interested in steeling an identity for financial fraud and leaving a person or company to clean up the mess, often to the tune of thousands of dollars in legal fees and hundreds of hours working to explain “It was not me!” The criminals don’t care what damage they do to your customers, business partners and you.

The sad part is, the technologies to protect PII and sensitive data are readily available and mature but many organizations have not implemented these technologies. Is it because of the cost associated with implementing the technologies?

Cost of breaches

What is to cost of information security? On the surface there is the cost of additional hardware, software and people to manage and run the systems. But really there is another side of the equation that we get to read about in the papers. TJ Maxx lost data on 45.7 Million credit and debit cards. Forrester Research estimated that the final cost to TJ Maxx at $500 Million dollars and could approach $1 billion. Now I don’t want to be the person explaining to the CEO, we could have prevented that. How many years will pass before people stop associating TJ Maxx with data breech?

Just so you don’t think I’m picking on TJ Maxx: here are other data breaches that have hit the papers. Citibank lost PII on 200 Thousand card holders. CardSystems lost data on 40 Million cards even though a prior audit stated they were compliant with Payment Card Industry Data Security Standard (PCI). A subsequent audit found CardSystems was no longer compliant with PCI. Health Hospitals Corp lost PII and medical data on 1.7 million patients by losing a unencrypted backup tape that was left in a car.

All of these breaches have a few things in common. Business partners were hit financially by having to cover the cost of financial fraud. Consumers were hit with added stress because their information was available to criminals. Many consumers also had to spend hundreds of hours and thousands of dollars cleaning up the mess left by criminals.

Organizations spend millions of dollars branding their reputation. All it takes is one of these events to tarnish the reputation of any organization; creating the need to spend millions on damage control and litigation or go out of business.

If you don’t measure it, you can’t protect it

 have always felt safe in my home until a few days ago I had locked myself out of my house. I spent about 30 minutes looking for a spare house key my wife may have left in a car that did not exists. Finally I made the decision I was going to have to break into my own house. Once I made that decision, two minutes later I was standing in my living room. Sense then, I had a security assessment, changed locks and added some features to make my home safer. The security assessment was a key part of securing my house and telling me where I needed to put better locks and improve sensor placement.

Step one: to do a risk assessment of your environment. With this risk assessment you can make intelligent decisions on the mitigation’s you need to put in place to protect your database.

I always start with this simple template.  First name the high level risk element: Backup tape. Then name the risk: Lose . Then measure the likelihood of a tape being lost from 1 – 10. If you score it a 10 then you are saying the risk event is about to happen if you score the likelihood a 0 then you are saying this is not going to happen. Once you have measured the likelihood of the event then measure the impact from 1 – 10. A score of 10 is saying this will put you out of business and a score of 0 is we can ignore this risk. Now that you know what the risk is, the likelihood and the impact you will may hold off on mitigation and strength. But lets fill in mitigation for now. Encrypt backups and we will give that a strength of 8. I rarely give a score of 10 on mitigation because “stuff happens.” We can add other mitigation’s to the same risk event. All backup tapes will be transferred by bonded courier. Strength 7. By combining the two mitigation’s you have decreased both the likelihood or impact of the risk event.

Identify Confidential Data

The risk assessment should identify sensitive information and how the information moves through your systems. Your database has information that your organization would consider sensitive. This can be PII, Financial Data, Sales data and the list goes on. When locking down information you want to place some focus on confidential information. The likelihood of confidential data leakage may not be greater then other information in your database but the impact of the data leaking or getting corrupted would greater.