File integrity monitoring and SQL injection prevention?

RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
Is anyone here familiar with File Integrity monitoring and SQL Injection prevention on Databases using HIDS?

So, if you need to detect and possibly prevent, how would differentiate between legitimate behavior? For example: We have DevOps that create modifications to databases on the fly when building instances in AWS and use scripts to auto login and make modifications.

How would we differentiate the difference between this activity? Session_Id with Src_IP with a whitelist?icon_confused.gif:

Comments

  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    What HIDS are you using? It would depend on the activity and the engine being used.
    Remedymp wrote: »
    Is anyone here familiar with File Integrity monitoring and SQL Injection prevention on Databases using HIDS?

    So, if you need to detect and possibly prevent, how would differentiate between legitimate behavior? For example: We have DevOps that create modifications to databases on the fly when building instances in AWS and use scripts to auto login and make modifications.

    How would we differentiate the difference between this activity? Session_Id with Src_IP with a whitelist?icon_confused.gif:
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    TacoRocket wrote: »
    What HIDS are you using? It would depend on the activity and the engine being used.

    Right now it's OSSEC.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    yes I would whitelist the developers IPs.

    I don't use HIDS or DB firewalls, but the IPS and WAF detects SQL Injections and drops the packets
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.