EBay did not initially realise customer data compromised in breach
PUBLISHED ON MAY 24, 2014 4:43 AM 1 35 0 0

This seems to be a network design problem because a good network design will not allowed Internet users from accessing the database directly from the public web front to steal the data enmass from the whole raw database.

For eg.

(1) Hackers from Internet will need to be authenticated as root admin users to be able to steal the data enmass. With good network, apps and db design, inband data from database can only be retrieved for authorised transation by authorised legitimate apps transaction but not allowing root admin access to copied the data from database enmass.

(2) Access by root admin to access data through raw database can only be access out-of-band that public hackers will have no means of access. Also machine that allowed such privileged access should be locked down and there are no way for public hackers from Internet to have access to this machine.

(3) Also wonder whether public domain segment share the same logical trunk with database segment - this is the most deadly flaw that are used as design by many professionally trained network engineer - that is guaranteed to be exploited by skilled public hackers.

There are far too many more ways to ensure a secured network design - but unfortunately, many production networks out there have been falling for easy to implement design without understanding the security flaw the network are exposed to - resulting in so many network breaches.