- Page 4: Related Titles from Digital Press O
- Page 8: Elsevier Digital Press 30 Corporate
- Page 14: Contents Preface xv 1 Getting Start
- Page 18: Contents ix 3.B Named Pipes and SMB
- Page 22: Contents xi 7.3 Don’t generate HT
- Page 26: Contents xiii 11.5 Implement a sust
- Page 32: xvi Preface ers and other clients (
- Page 38: Getting Started Getting Started 1 T
- Page 42: Getting Started 3 In Decembe
- Page 46: Getting Started 5 While e-commerce
- Page 50: 1.1 Harden your database environmen
- Page 54:
1.1 Harden your database environmen
- Page 58:
1.1 Harden your database environmen
- Page 62:
1.1 Harden your database environmen
- Page 66:
1.1 Harden your database environmen
- Page 70:
1.1 Harden your database environmen
- Page 74:
1.1 Harden your database environmen
- Page 78:
1.2 Patch your database 21 1.2.1 Tr
- Page 82:
1.2 Patch your database 23 fies the
- Page 86:
1.2 Patch your database 25 1.2.3 An
- Page 90:
1.2 Patch your database 27 Figure 1
- Page 94:
1.3 Audit the database 29 The resul
- Page 98:
1.5 Resources and Further Reading 3
- Page 102:
1.A C2 Security and C2 Auditing 33
- Page 106:
2 Database Security within the Gene
- Page 110:
2.1 Defense-in-depth 37 ing) one wa
- Page 114:
2.2 The security software landscape
- Page 118:
2.2 The security software landscape
- Page 122:
2.3 Perimeter security, firewalls,
- Page 126:
2.3 Perimeter security, firewalls,
- Page 130:
2.3 Perimeter security, firewalls,
- Page 134:
2.5 Application security 49 importa
- Page 138:
2.6 Public key infrastructure (PKI)
- Page 142:
2.7 Vulnerability management 53 Fig
- Page 146:
2.8 Patch management 55 tems, and o
- Page 150:
2.9 Incident management 57 3. Harde
- Page 154:
2.10 Summary 59 2.10 Summary Don
- Page 160:
62 3.1 Leave your database in the c
- Page 164:
64 Figure 3.2 Data access diagram s
- Page 168:
66 Figure 3.4 Using tabular reports
- Page 172:
68 3.3 Track tools and applications
- Page 176:
70 3.3 Track tools and applications
- Page 180:
72 3.4 Remove unnecessary network l
- Page 184:
74 Figure 3.7 Using the SQL Server
- Page 188:
76 3.4 Remove unnecessary network l
- Page 192:
78 3.4 Remove unnecessary network l
- Page 196:
80 3.4 Remove unnecessary network l
- Page 200:
82 3.5 Use port scanners—so will
- Page 204:
84 3.6 Secure services from known n
- Page 208:
86 3.7 Use firewalls tion service.
- Page 212:
88 3.A What is a VPN? 3.A What is a
- Page 216:
90 3.B Named Pipes and SMB/CIFS 3.B
- Page 220:
92 3.B Named Pipes and SMB/CIFS Tab
- Page 224:
94 3.B Named Pipes and SMB/CIFS Tab
- Page 228:
96 Figure 4.1 Authentication as the
- Page 232:
98 Figure 4.2 A Windows user is cre
- Page 236:
100 @Spy 4.1 Choose an appropria
- Page 240:
102 SID 4.1 Choose an appropriate a
- Page 244:
104 4.1 Choose an appropriate authe
- Page 248:
106 4.1 Choose an appropriate authe
- Page 252:
108 4.2 Understand who gets system
- Page 256:
110 4.3 Choose strong passwords 5.
- Page 260:
112 4.3 Choose strong passwords Fig
- Page 264:
114 4.3 Choose strong passwords Let
- Page 268:
116 4.3 Choose strong passwords Fig
- Page 272:
118 4.4 Implement account lockout a
- Page 276:
120 4.6 Use passwords for all datab
- Page 280:
122 4.7 Understand and secure authe
- Page 284:
124 4.A A brief account of Kerberos
- Page 290:
Application Security 5 After many y
- Page 294:
5.1 Reviewing where and how databas
- Page 298:
5.1 Reviewing where and how databas
- Page 302:
5.1 Reviewing where and how databas
- Page 306:
5.1 Reviewing where and how databas
- Page 310:
5.1 Reviewing where and how databas
- Page 314:
5.2 Obfuscate application code 139
- Page 318:
5.2 Obfuscate application code 141
- Page 322:
5.2 Obfuscate application code 143
- Page 326:
5.2 Obfuscate application code 145
- Page 330:
5.2 Obfuscate application code 147
- Page 334:
5.3 Secure the database from SQL in
- Page 338:
5.3 Secure the database from SQL in
- Page 342:
5.3 Secure the database from SQL in
- Page 346:
5.3 Secure the database from SQL in
- Page 350:
5.3 Secure the database from SQL in
- Page 354:
5.3 Secure the database from SQL in
- Page 358:
5.3 Secure the database from SQL in
- Page 362:
5.3 Secure the database from SQL in
- Page 366:
5.3 Secure the database from SQL in
- Page 370:
5.3 Secure the database from SQL in
- Page 374:
5.4 Beware of double whammies: Comb
- Page 378:
5.6 Address packaged application su
- Page 382:
5.6 Address packaged application su
- Page 386:
5.8 Summary 175 Create a baseline
- Page 390:
Using Granular Access Control 6 Onc
- Page 394:
6.1 Align user models by communicat
- Page 398:
6.1 Align user models by communicat
- Page 402:
6.1 Align user models by communicat
- Page 406:
6.2 Use row-level security (fine-gr
- Page 410:
6.2 Use row-level security (fine-gr
- Page 414:
6.3 Use label security 189 The last
- Page 418:
6.3 Use label security 191 Figure 6
- Page 422:
6.4 Integrate with enteprise user r
- Page 426:
6.4 Integrate with enteprise user r
- Page 430:
6.4 Integrate with enteprise user r
- Page 434:
6.5 Integrate with existing identit
- Page 438:
6.6 Summary 201 more techniques are
- Page 444:
204 7.1 Don’t use external proced
- Page 448:
206 Table 7.1 7.1 Don’t use exter
- Page 452:
208 7.1 Don’t use external proced
- Page 456:
210 7.1 Don’t use external proced
- Page 460:
212 7.1 Don’t use external proced
- Page 464:
214 7.2 Don’t make the database a
- Page 468:
216 7.2 Don’t make the database a
- Page 472:
218 7.2 Don’t make the database a
- Page 476:
220 7.4 Understand Web services sec
- Page 480:
222 7.4 Understand Web services sec
- Page 484:
224 7.4 Understand Web services sec
- Page 488:
226 7.4 Understand Web services sec
- Page 492:
228 7.A Cross-site scripting and co
- Page 496:
230 7.B Web services 7.B Web servic
- Page 502:
8 Securing database-to-database com
- Page 506:
8.1 Monitor and limit outbound comm
- Page 510:
8.2 Secure database links and watch
- Page 514:
8.2 Secure database links and watch
- Page 518:
8.2 Secure database links and watch
- Page 522:
8.4 Monitor usage of database links
- Page 526:
8.4 Monitor usage of database links
- Page 530:
8.5 Secure replication mechanisms 2
- Page 534:
8.5 Secure replication mechanisms 2
- Page 538:
8.5 Secure replication mechanisms 2
- Page 542:
8.5 Secure replication mechanisms 2
- Page 546:
8.5 Secure replication mechanisms 2
- Page 550:
8.5 Secure replication mechanisms 2
- Page 554:
8.6 Map and secure all data sources
- Page 558:
8.6 Map and secure all data sources
- Page 562:
8.6 Map and secure all data sources
- Page 566:
8.6 Map and secure all data sources
- Page 570:
Trojans 9 A Trojan is an unauthoriz
- Page 574:
9.2 Baseline calls to stored proced
- Page 578:
9.3 Control creation of and changes
- Page 582:
9.3 Control creation of and changes
- Page 586:
9.5 Closely monitor developer activ
- Page 590:
9.5 Closely monitor developer activ
- Page 594:
9.6 Monitor creation of traces and
- Page 598:
9.6 25 26 27 28 33 34 35 36 37 38 3
- Page 602:
9.6 Monitor creation of traces and
- Page 606:
9.6 Monitor creation of traces and
- Page 610:
9.6 Monitor creation of traces and
- Page 614:
9.6 Monitor creation of traces and
- Page 618:
9.7 Monitor and audit job creation
- Page 622:
9.8 Be wary of SQL attachments in e
- Page 626:
9.A Windows Trojans 295 [HKEY_LOCAL
- Page 632:
298 Directive of Data Protection, t
- Page 636:
300 10.1 Encrypting data-in-transit
- Page 640:
302 10.1 Encrypting data-in-transit
- Page 644:
304 10.1 Encrypting data-in-transit
- Page 648:
306 10.1 Encrypting data-in-transit
- Page 652:
308 10.1 Encrypting data-in-transit
- Page 656:
310 Figure 10.3 No certificate erro
- Page 660:
312 10.1 Encrypting data-in-transit
- Page 664:
314 10.1 Encrypting data-in-transit
- Page 668:
316 10.2 Encrypt data-at-rest Figur
- Page 672:
318 10.2 Encrypt data-at-rest corpo
- Page 676:
320 10.2 Encrypt data-at-rest DBMS_
- Page 680:
322 10.2 Encrypt data-at-rest secur
- Page 684:
324 10.A Tapping into a TCP/IP sess
- Page 688:
326 10.A Tapping into a TCP/IP sess
- Page 692:
328 11.1 The alphabet soup of regul
- Page 696:
330 11.1 The alphabet soup of regul
- Page 700:
332 11.1 The alphabet soup of regul
- Page 704:
334 11.1 The alphabet soup of regul
- Page 708:
336 11.2 Understand business needs
- Page 712:
338 11.2 Understand business needs
- Page 716:
340 11.3 The role of auditing Figur
- Page 720:
342 11.3 The role of auditing Figur
- Page 724:
344 11.4 The importance of segregat
- Page 728:
346 11.4 The importance of segregat
- Page 732:
348 11.6 Summary 11.6 Summary logs
- Page 736:
350 12.1 Audit logon/logoff into th
- Page 740:
352 12.1 BEGIN insert into user_log
- Page 744:
354 12.2 Audit sources of database
- Page 748:
356 Figure 12.4 Viewing client sour
- Page 752:
358 12.4 Audit DDL activity that ma
- Page 756:
360 12.5 Audit database errors do n
- Page 760:
362 12.6 Audit changes to sources o
- Page 764:
364 12.7 Audit changes to privilege
- Page 768:
366 12.7 Audit changes to privilege
- Page 772:
368 12.7 Audit changes to privilege
- Page 776:
370 12.9 Audit changes to sensitive
- Page 780:
372 12.10 Audit SELECT statements f
- Page 784:
374 12.12 Summary 12.12 Summary aud
- Page 788:
376 13.2 Opt for an independent/bac
- Page 792:
378 Figure 13.1 Auditing by inspect
- Page 796:
380 Figure 13.3 Auditing by inspect
- Page 800:
382 13.5 Secure auditing informati
- Page 804:
384 13.6 Audit the audit system the
- Page 808:
386 13.8 Thinks in terms of a data
- Page 812:
388 13.10 Support changing audit re
- Page 816:
390 13.11 Prefer an auditing archit
- Page 820:
392 13.A PGP and GPG ing files and
- Page 824:
394 13.A PGP and GPG After generati
- Page 830:
Index Access administration errors,
- Page 834:
proxy, 198 as security model basis,
- Page 838:
See also Encryption Data mapping, 3
- Page 842:
key pair creation, 392-94 popularit
- Page 846:
Microsoft Data Engine (MSDE), 110,
- Page 850:
Organization, this book, 6 Outbound
- Page 854:
Sarbanes-Oxley Act (SOX). See SOX S
- Page 858:
passwords, changing, 105 Query Anal
- Page 862:
environment usage, 88 hardware, 89