+ Reply to Thread
Results 1 to 4 of 4
  1. Senior Member
    Join Date
    Nov 2011
    Posts
    810
    #1

    Default File integrity monitoring and SQL injection prevention?

    Is anyone here familiar with File Integrity monitoring and SQL Injection prevention on Databases using HIDS?

    So, if you need to detect and possibly prevent, how would differentiate between legitimate behavior? For example: We have DevOps that create modifications to databases on the fly when building instances in AWS and use scripts to auto login and make modifications.

    How would we differentiate the difference between this activity? Session_Id with Src_IP with a whitelist?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Sep 2015
    Posts
    482

    Certifications
    MCITP, MCSA, CCNA, VCA, ACA
    #2
    What HIDS are you using? It would depend on the activity and the engine being used.

    Quote Originally Posted by Remedymp View Post
    Is anyone here familiar with File Integrity monitoring and SQL Injection prevention on Databases using HIDS?

    So, if you need to detect and possibly prevent, how would differentiate between legitimate behavior? For example: We have DevOps that create modifications to databases on the fly when building instances in AWS and use scripts to auto login and make modifications.

    How would we differentiate the difference between this activity? Session_Id with Src_IP with a whitelist?
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Nov 2011
    Posts
    810
    #3
    Quote Originally Posted by TacoRocket View Post
    What HIDS are you using? It would depend on the activity and the engine being used.
    Right now it's OSSEC.
    Reply With Quote Quote  

  5. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #4
    yes I would whitelist the developers IPs.

    I don't use HIDS or DB firewalls, but the IPS and WAF detects SQL Injections and drops the packets
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks