Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Earthquake Disrupts Internet in Asia: Risk Management Goes Only So Far | Main | Next Year's Focus in Messaging and Web Security »

Locking Down Databases: The Basics You Need to Know

It's clear that attackers are going where the money is and that means to the databases. Credit card numbers, names, addresses, bank accounts, you name it, if it's useful to identity thieves, it's in a database. When the databases are accessible from the Internet, they can become the target of attacks. Techniques range from SQL injection attacks, to exploiting database listener vulnerabilities (that's the program that takes request for database services and returns results), to hacking application specific vulnerabilities. Here is a short list of resources that can help quickly lock down the most vulnerable aspects of database systems.

Locking Down Oracle
http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf
http://www.sans.org/score/checklists/Oracle_Database_Checklist.pdf

Locking Down MySQL
http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html
http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html

Locking Down MS SQL
http://www.windowsecurity.com/articles/Secure_SQL_Server.html
https://www.microsoft.com/sql/prodinfo/previousversions/securingsqlserver.mspx
http://vyaskn.tripod.com/sql_server_security_best_practices.htm

When you have time for a longer read, see the military's recommendations for database security at http://iase.disa.mil/stigs/stig/database-stig-v7r2.pdf.

Tags:  
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on December 28, 2006 2:43 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/164

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net