- Page 2:
Implementing Database Security and
- Page 6:
Implementing Database Security and
- Page 10:
To my angels—Dafne, Tamir, Ariell
- Page 16:
viii Contents 2.2.2 Firewalls 39 2.
- Page 20:
x Contents 5.3.1 Anatomy of the vul
- Page 24:
xii Contents 9.5 Closely monitor de
- Page 30:
Preface This book is a guide on imp
- Page 34:
Preface xvii Stephen Chaung, Curt C
- Page 40:
2 Getting Started More important, m
- Page 44:
4 Getting Started while officials
- Page 48:
6 1.1 Harden your database environm
- Page 52:
8 1.1 Harden your da
- Page 56:
10 1.1 Harden your database environ
- Page 60:
12 1.1 Harden your database environ
- Page 64:
14 1.1 Harden your database environ
- Page 68:
16 1.1 Harden your database environ
- Page 72:
18 1.1 Harden your database environ
- Page 76:
20 1.2 Patch your database ler, you
- Page 80:
22 1.2 Patch your database of the s
- Page 84:
24 1.2 Patch your database 1.2.2 Ex
- Page 88:
26 1.2 Patch your database Figure 1
- Page 92:
28 1.2 Patch your database Figure 1
- Page 96:
30 1.4 Define an access policy as t
- Page 100:
32 1.5 Resources and Further Readin
- Page 104:
34 1.A C2 Security and C2 Auditing
- Page 108:
36 2.1 Defense-in-depth there is to
- Page 112:
38 Figure 2.1 Defense-in-depth stra
- Page 116:
40 2.2 The security software landsc
- Page 120:
42 2.3 Perimeter security, firewall
- Page 124:
44 2.3 Perimeter security, firewall
- Page 128:
46 2.3 Perimeter security, firewall
- Page 132:
48 2.4 Securing the core make it th
- Page 136:
50 Figure 2.3 Web application reque
- Page 140:
52 2.7 Vulnerability management and
- Page 144:
54 2. 2.7 Vulnerability management
- Page 148:
56 2.8 Patch management All of thes
- Page 152:
58 2.9 Incident management Figure 2
- Page 158:
The Database as a Networked Server
- Page 162:
3.2 Understand the network access m
- Page 166:
3.2 Understand the network access m
- Page 170:
3.3 Track tools and applications 67
- Page 174:
3.3 Track tools and applications 69
- Page 178:
3.4 Remove unnecessary network libr
- Page 182:
3.4 Remove unnecessary network libr
- Page 186:
3.4 Remove unnecessary network libr
- Page 190:
3.4 Remove unnecessary network libr
- Page 194:
3.4 Remove unnecessary network libr
- Page 198:
3.5 Use port scanners—so will the
- Page 202:
3.5 Use port scanners—so will the
- Page 206:
3.6 Secure services from known netw
- Page 210: 3.8 Summary 87 3.8 Summary Traffic
- Page 214: 3.A What is a VPN? 89 Figure 3.A In
- Page 218: 3.B Named Pipes and SMB/CIFS 91 Tab
- Page 222: 3.B Named Pipes and SMB/CIFS 93 Tab
- Page 226: Authentication and Password Securit
- Page 230: 4.1 Choose an appropriate authentic
- Page 234: 4.1 Choose an appropriate authentic
- Page 238: 4.1 SID Choose an appropriate authe
- Page 242: 4.1 Choose an appropriate authentic
- Page 246: 4.1 Choose an appropriate authentic
- Page 250: 4.1 Choose an appropriate authentic
- Page 254: 4.3 Choose strong passwords 109 gro
- Page 258: 4.3 Choose strong passwords 111 It
- Page 264: 114 4.3 Choose strong passwords Let
- Page 268: 116 4.3 Choose strong passwords Fig
- Page 272: 118 4.4 Implement account lockout a
- Page 276: 120 4.6 Use passwords for all datab
- Page 280: 122 4.7 Understand and secure authe
- Page 284: 124 4.A A brief account of Kerberos
- Page 290: Application Security 5 After many y
- Page 294: 5.1 Reviewing where and how databas
- Page 298: 5.1 Reviewing where and how databas
- Page 302: 5.1 Reviewing where and how databas
- Page 306: 5.1 Reviewing where and how databas
- Page 310: 5.1 Reviewing where and how databas
- Page 314:
5.2 Obfuscate application code 139
- Page 318:
5.2 Obfuscate application code 141
- Page 322:
5.2 Obfuscate application code 143
- Page 326:
5.2 Obfuscate application code 145
- Page 330:
5.2 Obfuscate application code 147
- Page 334:
5.3 Secure the database from SQL in
- Page 338:
5.3 Secure the database from SQL in
- Page 342:
5.3 Secure the database from SQL in
- Page 346:
5.3 Secure the database from SQL in
- Page 350:
5.3 Secure the database from SQL in
- Page 354:
5.3 Secure the database from SQL in
- Page 358:
5.3 Secure the database from SQL in
- Page 362:
5.3 Secure the database from SQL in
- Page 366:
5.3 Secure the database from SQL in
- Page 370:
5.3 Secure the database from SQL in
- Page 374:
5.4 Beware of double whammies: Comb
- Page 378:
5.6 Address packaged application su
- Page 382:
5.6 Address packaged application su
- Page 386:
5.8 Summary 175 Create a baseline
- Page 390:
Using Granular Access Control 6 Onc
- Page 394:
6.1 Align user models by communicat
- Page 398:
6.1 Align user models by communicat
- Page 402:
6.1 Align user models by communicat
- Page 406:
6.2 Use row-level security (fine-gr
- Page 410:
6.2 Use row-level security (fine-gr
- Page 414:
6.3 Use label security 189 The last
- Page 418:
6.3 Use label security 191 Figure 6
- Page 422:
6.4 Integrate with enteprise user r
- Page 426:
6.4 Integrate with enteprise user r
- Page 430:
6.4 Integrate with enteprise user r
- Page 434:
6.5 Integrate with existing identit
- Page 438:
6.6 Summary 201 more techniques are
- Page 444:
204 7.1 Don’t use external proced
- Page 448:
206 Table 7.1 7.1 Don’t use exter
- Page 452:
208 7.1 Don’t use external proced
- Page 456:
210 7.1 Don’t use external proced
- Page 460:
212 7.1 Don’t use external proced
- Page 464:
214 7.2 Don’t make the database a
- Page 468:
216 7.2 Don’t make the database a
- Page 472:
218 7.2 Don’t make the database a
- Page 476:
220 7.4 Understand Web services sec
- Page 480:
222 7.4 Understand Web services sec
- Page 484:
224 7.4 Understand Web services sec
- Page 488:
226 7.4 Understand Web services sec
- Page 492:
228 7.A Cross-site scripting and co
- Page 496:
230 7.B Web services 7.B Web servic
- Page 502:
8 Securing database-to-database com
- Page 506:
8.1 Monitor and limit outbound comm
- Page 510:
8.2 Secure database links and watch
- Page 514:
8.2 Secure database links and watch
- Page 518:
8.2 Secure database links and watch
- Page 522:
8.4 Monitor usage of database links
- Page 526:
8.4 Monitor usage of database links
- Page 530:
8.5 Secure replication mechanisms 2
- Page 534:
8.5 Secure replication mechanisms 2
- Page 538:
8.5 Secure replication mechanisms 2
- Page 542:
8.5 Secure replication mechanisms 2
- Page 546:
8.5 Secure replication mechanisms 2
- Page 550:
8.5 Secure replication mechanisms 2
- Page 554:
8.6 Map and secure all data sources
- Page 558:
8.6 Map and secure all data sources
- Page 562:
8.6 Map and secure all data sources
- Page 566:
8.6 Map and secure all data sources
- Page 570:
Trojans 9 A Trojan is an unauthoriz
- Page 574:
9.2 Baseline calls to stored proced
- Page 578:
9.3 Control creation of and changes
- Page 582:
9.3 Control creation of and changes
- Page 586:
9.5 Closely monitor developer activ
- Page 590:
9.5 Closely monitor developer activ
- Page 594:
9.6 Monitor creation of traces and
- Page 598:
9.6 25 26 27 28 33 34 35 36 37 38 3
- Page 602:
9.6 Monitor creation of traces and
- Page 606:
9.6 Monitor creation of traces and
- Page 610:
9.6 Monitor creation of traces and
- Page 614:
9.6 Monitor creation of traces and
- Page 618:
9.7 Monitor and audit job creation
- Page 622:
9.8 Be wary of SQL attachments in e
- Page 626:
9.A Windows Trojans 295 [HKEY_LOCAL
- Page 632:
298 Directive of Data Protection, t
- Page 636:
300 10.1 Encrypting data-in-transit
- Page 640:
302 10.1 Encrypting data-in-transit
- Page 644:
304 10.1 Encrypting data-in-transit
- Page 648:
306 10.1 Encrypting data-in-transit
- Page 652:
308 10.1 Encrypting data-in-transit
- Page 656:
310 Figure 10.3 No certificate erro
- Page 660:
312 10.1 Encrypting data-in-transit
- Page 664:
314 10.1 Encrypting data-in-transit
- Page 668:
316 10.2 Encrypt data-at-rest Figur
- Page 672:
318 10.2 Encrypt data-at-rest corpo
- Page 676:
320 10.2 Encrypt data-at-rest DBMS_
- Page 680:
322 10.2 Encrypt data-at-rest secur
- Page 684:
324 10.A Tapping into a TCP/IP sess
- Page 688:
326 10.A Tapping into a TCP/IP sess
- Page 692:
328 11.1 The alphabet soup of regul
- Page 696:
330 11.1 The alphabet soup of regul
- Page 700:
332 11.1 The alphabet soup of regul
- Page 704:
334 11.1 The alphabet soup of regul
- Page 708:
336 11.2 Understand business needs
- Page 712:
338 11.2 Understand business needs
- Page 716:
340 11.3 The role of auditing Figur
- Page 720:
342 11.3 The role of auditing Figur
- Page 724:
344 11.4 The importance of segregat
- Page 728:
346 11.4 The importance of segregat
- Page 732:
348 11.6 Summary 11.6 Summary logs
- Page 736:
350 12.1 Audit logon/logoff into th
- Page 740:
352 12.1 BEGIN insert into user_log
- Page 744:
354 12.2 Audit sources of database
- Page 748:
356 Figure 12.4 Viewing client sour
- Page 752:
358 12.4 Audit DDL activity that ma
- Page 756:
360 12.5 Audit database errors do n
- Page 760:
362 12.6 Audit changes to sources o
- Page 764:
364 12.7 Audit changes to privilege
- Page 768:
366 12.7 Audit changes to privilege
- Page 772:
368 12.7 Audit changes to privilege
- Page 776:
370 12.9 Audit changes to sensitive
- Page 780:
372 12.10 Audit SELECT statements f
- Page 784:
374 12.12 Summary 12.12 Summary aud
- Page 788:
376 13.2 Opt for an independent/bac
- Page 792:
378 Figure 13.1 Auditing by inspect
- Page 796:
380 Figure 13.3 Auditing by inspect
- Page 800:
382 13.5 Secure auditing informati
- Page 804:
384 13.6 Audit the audit system the
- Page 808:
386 13.8 Thinks in terms of a data
- Page 812:
388 13.10 Support changing audit re
- Page 816:
390 13.11 Prefer an auditing archit
- Page 820:
392 13.A PGP and GPG ing files and
- Page 824:
394 13.A PGP and GPG After generati
- Page 830:
Index Access administration errors,
- Page 834:
proxy, 198 as security model basis,
- Page 838:
See also Encryption Data mapping, 3
- Page 842:
key pair creation, 392-94 popularit
- Page 846:
Microsoft Data Engine (MSDE), 110,
- Page 850:
Organization, this book, 6 Outbound
- Page 854:
Sarbanes-Oxley Act (SOX). See SOX S
- Page 858:
passwords, changing, 105 Query Anal
- Page 862:
environment usage, 88 hardware, 89