Are Thai Data bases safe from hackers ?

[SpaceKadet]

only database that is disconnected is safe....and even this not 100 %

Best possible response. I worked IT for 15 years.

I worked for IT for 35 years, and let me expand on that. No database, no matter connected or disconnected, if accessible by any appware or wetware, is safe from hacking. Internally or externally. Anybody that tells you otherwise is just full of BS and has no experience in IT security. I will even go further and state that there is currently no firewall that cannot be penetrated. In fact, firewall penetration is the first step in gaining a hold of an internal server that will allow you to hack the database systems externally. However, it is all the question of cost and gain. If the cost of the hack, timewise, resource wise or exposure wise is more than the data gain, it is really not worth doing.

For every hack the general populace read about there are thousand that are not advertised, unless you work in the security area and know where to look for info. Big and small corporations are not very keen to tell the world that their IT systems have been penetrated, no matter how small the hack was. Especially if they provide outside services.

In fact, most IT services, even in the big corporation are very badly protected, and most rely on automated tools provided by the network appliance manufacturers.

As far as Thailand is concerned, I know for sure that there has been several successful hacks on the government databases, but then again, who would really benefit from that data...

Pentagon on the other hand.... is another story.

[beerzy]

only database that is disconnected is safe....and even this not 100 %

Best possible response. I worked IT for 15 years.

I worked for IT for 35 years, and let me expand on that. No database, no matter connected or disconnected, if accessible by any appware or wetware, is safe from hacking. Internally or externally. Anybody that tells you otherwise is just full of BS and has no experience in IT security. I will even go further and state that there is currently no firewall that cannot be penetrated. In fact, firewall penetration is the first step in gaining a hold of an internal server that will allow you to hack the database systems externally. However, it is all the question of cost and gain. If the cost of the hack, timewise, resource wise or exposure wise is more than the data gain, it is really not worth doing.

For every hack the general populace read about there are thousand that are not advertised, unless you work in the security area and know where to look for info. Big and small corporations are not very keen to tell the world that their IT systems have been penetrated, no matter how small the hack was. Especially if they provide outside services.

In fact, most IT services, even in the big corporation are very badly protected, and most rely on automated tools provided by the network appliance manufacturers.

As far as Thailand is concerned, I know for sure that there has been several successful hacks on the government databases, but then again, who would really benefit from that data...

Pentagon on the other hand.... is another story.

I totally agree with you 5 or 6 govt sites were hacked in Thailand in last week of August. but if you pay peanuts you get monkeys

Edited September 13, 2015 by beerzy

[maidee]

is there any thai database that is worth to be hacked????

[SpaceKadet]

Apart from Immigration Police for the sake of leaving a rootkit and modifying it to your benefit, probably not. But generally, Thai corporations and government do not protect their IT assets very well. Makes it a great training ground for the up and budding hacker generation.

Most will rely on network appliance suppliers and trust them 100%.

And like beerzy just said; if you pay peanuts....

[manarak]

as a rule, the bigger and more complex a system becomes, the more vulnerabilities it will have.

Webservers don't have much else to defend against than brute force and script kiddies (automated attacks).

Runnng linux, there are some popular tools I use:

- mod_security2

- mod_dosevasive

- rkhunter, chrootkit

- fail2ban

The above of course in conjunction with sensible server configuration and intelligent application design.

I often spot in the logs the tracks of people who manually practice their "hacking" skills on the webserver, mostly trying sql injections or poisoned payloads.

Usually they abandon after 1 to 3 hours of trying, mod_security2 does a good job stopping this kind of attacks.

I got hit in the past months with one annoying exploit which overloads saslauthd with bogus mailbox logins.

saslauthd has a bug which causes a memory leak, which prompts the "OOM killer" to kill off some services on the server to free memory. as saslauthd is then one of the most memory intensive services, it gets killed first with the result of interrupting mail service.

reconfiguration of salsauthd solved that problem.

Edited September 16, 2015 by manarak

[innerspace]

I have interviewed an amazing amount of fresh grad programmers here who have government sites on their portfolio.

Some may be fake but many verified and most didnt even consider hiring.

Most were regional or departmental rather than major sites, but still official gov.th

On almost all of those can be sure that neither the developers or commisioning team have any clue about security and doubt any safeguards in place.