Add to del.icio.us     Digg this

November 16, 2007

In today's busy Internet age, it's difficult to imagine that there are still business people who don't take the topic of Internet security seriously. Database security specialist NGS Software says there could be close to half a million databases on the Internet today with no kind of firewall protection at all.

What's more, an NGS survey performed a few days ago reveals that 368,000 Microsoft SQL Server and 124,000 Oracle databases are specifically vulnerable to various levels of attack by any potential hacker.

NGS's survey utilized specialized software to randomly sample almost 1.2 million IP addresses, and then test whether there were directly accessible (read: unprotected) database servers present. If it found one, the software checked the type and version and recorded the data.

The survey found no less than 157 SQL Servers and 53 Oracle servers. The final figures were arrived at through a process of extrapolation based on the total number of IP addresses (2.71 billion).

Survey author David Litchfield acknowledges that the approach may not be accurate, but says that it is accurate enough.

Litchfield said the results of this 2007 survey are compared with a similar survey performed two years ago. However, it used a different SQL data sampling approach so it's rather difficult to draw any real conclusions.

At full face value, the number of "at risk" Microsoft SQL Servers has increased - from 210,000 in 2005, while the number of vulnerable Oracle servers has decreased from 140,000.

This suggests SQL Server users are becoming more lax about security and Oracle users are showing some signs of improvement.

Additionally, SQL Server users tend to wait for service pack (SP) fixes rather than use "hot" fixes to patch their IT systems. A little over 6 percent (6.2 percent) showed evidence of interim fixes with the rest on RTM or versions of SP 3 to 4.

Another important revelation of the survey is that those running vulnerable versions of Oracle were evenly divided between Windows and Linux/Solaris - suggesting Windows installations are no worse at security than those using other operating systems.

Despite the apparent risks highlighted by NGS, a majority of companies are apparently happy about their level of protection (or lack thereof).

Another database security survey, this time sponsored by Application Security was conducted by Ponemon and published in June found that about 68 percent of respondents feel that they are managing their database security effectively.

Overall, only 15 percent of IT managers saw upgrading database security as a real priority.

Add to del.icio.us     Digg this

Source: Reg Developer

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.