The pieces by Bruce Schneier related to security are fascinating. One of his latest posts looks at potential coming attacks to our Internet infrastructure, which could potentially take down parts of the worldwide network. Whether you think this is a valid concern or not, it bears thinking through the issue a bit. If something did happen, your organization could be affected.
Imagine what would happen to your production sites if they, or their clients, couldn’t resolve a DNS address. Or if there was a DDOS against your domain, perhaps just as a test by attackers to see where you might be vulnerable. What would be your response? For most of us, there isn’t much we could do, but I’m sure your management would want some answer, so do you have a way to respond? Would you worry if there were a targeted attack against your database servers using SQL Injection, cross site scripting, or some other technique?
What about your development efforts? So many people have started to use services like Slack, Trello, cloud hosting of repositories and more. Could you continue to develop software if the Internet went down for your company? I’ve certainly thought about this for my work, and some things would be off-line, and I could have potential scheduling issues. However, I don’t work on mission critical systems, so I could work on something off-line and push production schedules by a day or two.
Certainly control systems, embedded systems, and more are vulnerable to these types of attacks. If they depend on data, could they be attacked with fake or compromised data? I hope that some of these companies that have critical system, get serious about security in the event that an attack is targeted at their infrastructure. I don’t know if that will happen, and I really hope not. The Internet is a wonderful, collaborative resource, and will be for a long time if the criminals don’t fundamentally ruin our trust in it.
The Voice of the DBA Podcast