Is it possible to hack a database inside of local network by external attacker?
Demir last edited by
Can an attacker from global network hack a database located on office machine inside of local office network? For example after hacking a router, a gateway or the very machine? Or maybe there is another way for him? Is it possible to make local network with database absolutely secure? Maybe to turn the database on just when it's needed and turn off the connection to global network at such time?
If there was a standard, easily answerable way to make a local network "absolutely secure", most of the community here would not have jobs. It's not nearly that simple. Network security is incredibly complex. And the environment, the people using it, and the people attacking it are constantly changing, adapting, and evolving.
Can an attacker from global network hack a ... machine inside of local office network?
Of course. This happens all the time.
maybe there is another way...?
The answer to that is "how many paths could there be?" The more direct route is to infect the machine's administrator's PC with malware and use that to access the machine. That's just one "hop" to the target. But one could use whatever means necessary to create one's own "network" to reach the target. And this happens all the time, too.
turn the database on just when it's needed
This is a form of "air gapping" and this, in a crude way, implements a security principle that things should only be accessible when they are needed. But the costs and inconvenience tend to be very high for this approach, and it is still vulnerable once it turns on.
If you are looking for an approach to start designing security for this machine, there are multiple frameworks that you can use as a guide. At a high level, and broadly applicable, the NIST CSF provides practical, actionable factors to consider. But nothing will make it "absolutely secure". You only increase the chances for the machine to remain in a secure state.