CPSC 420 Chapter Notes - Chapter 2: Data Masking, Email Filtering
Document Summary
Assume a general application as the basis of your analysis. Unpatched or outdated software, weak passwords, and insufficient authentication and authorization controls. These are exploited by attackers to gain access to information or take control of a system among other things. Viruses, malware, hackers, and unauthorized access affect a database. Encryption, data masking, and permissions management are good mitigation strategies for protecting data in a database while it is idle. User training and blocking outgoing calls are policies that can help prevent social engineering. Users must be taught, and outbound call blocking may intercept essential calls. Additionally, training costs time, money, and email filtering may eliminate legitimate mail. Both the network and the database are vulnerable to attack. However, due to the greater importance of the data stored in the database, it is more likely to be attacked than the network itself.