Final Thoughts on Data Shoplifting
Karen: "First–let me start by saying that most contractors I propose are like myself, honest to a fault and extremely careful to not do anything that would even appear to be dishonest or cause any problem at the workplace. We respect and admire the people with whom we work and generally work harder and longer than many.
But – I have been the one to replace more than one of those other kind of contractor. The ones who build back doors, siphon information or better yet as one contractor I replaced, remoted in to use server time and space for his thesis on one of the network servers!! That guy had managed to create a password that even the IT department didn’t know and we ended up having to simply wipe out the OS and start over to get him out!
For some of the people hired for their skills, locking them out, may be impossible, but I suggest that at least they be monitored by recording everything that is done by any contractor with IT skills and reviewing these movements on at least a weekly basis by someone who understands forensic IT."
Gary: "What I have done in the past – which is more re-active and prosecutorial than preventative, is to set flag record in the data, for later theft identification.
You will never stop theft completely, especially with the easy to use technologies like flash sticks, high bandwidth speeds, etc. Along with the general access a DB person must have to simply do their work, the opportunities and temptations are often too great for DB people to maintain their integrity.
So the goal is to know when it has happened.
No-one bothers to steal a list of the 50 states. Its small enough it can be recreated.
Its the lists for millions of people and their information, millions of businesses and their info, etc. that are the targets. With that in mind, we also need to recognize that if you are stealing millions of rows of data, you are not going to review each one for accuracy.
So I ‘Plant’ a few knowingly false records, that will have different results.
– I plant records that point to my own address, a friends address, or some other place that I can expect correspondence or calls if the names have been stolen
– I plant records with SSNs that Identity theft organizations have set up so they can monitor activity against them, and determine the source, allowing a backward path to the source of the theft
– I have even planted records that will go directly back to law enforcement personnel who will work with you to receive and address the issues if you suspect theft might occur
– Corporate Legal departments are also good silent partners to have flag records feed back to, since they know exactly what to do and who to contact if the path closes back to them.
Basically, its like putting blue dye in a bag of money. If it gets stolen, eventually it will show up and can be traced back to the source."
SQL Server 2005 Tuning Tools and Approaches
We’ll look into the tools and techniques you have available to you in SQL Server 2005 for investigating performance issues, understanding what your server is doing and how you can use this information to tune your system. From Performance Monitor to watching queries that are executing we’ll show you some of the tools at your disposal for diagnosing server issues of performance and possible tuning targets.
> Register Now
> Live date: 6/11/2008
Featured White Paper(s)
7 Ways to Improve Your Database Server’s Performance by 60%-80%
Sql Power Tools White Paper reviews 7 steps you can take to improve your database server’s performance. With production datab… (read more)
MS SQL Server – An Overview
Whether you’re running a small business that’s ready to take the next step in its growth or an SMB that’s ready to “grow into… (read more)