Implementing Database Security and Auditing: Includes ... - ADReM

More documents

Recommendations

Info

4.3 Choose strong passwords 113 Figure 4.5 A good password gone bad. Don’t: Use the same password (even if it is strong) all over the place. At some point in time you will probably give it to someone, <strong>and</strong> if you use it in 50 different systems you have just given access to all 50 systems; you are also less likely to be willing to change all 50 passwords. Use the username as the password or any permutation of the login name (e.g., username spelled backward). Use words that can be looked up in a dictionary because they will appear in password cracker files. Use information that is easily obtained, such as your mother’s maiden name, your children’s names, or your pet’s name. Use dates (such as your hiring date). One other word of caution: you should strive for a strong password that you can remember. If you cannot remember your passwords, you will end up posting it on a sticky note or writing it down next to your computer, in which case you’re back to square one. Figure 4.5 is a photo I took showing a “strong” database password that a developer found difficult to remember (which I blurred <strong>and</strong> marked out for obvious reasons). This, of course, never happens in your environment. ☺ Chapter 4
Page 2:
Implementing Database Security and
Page 6:
Implementing Database Security and
Page 10:
To my angels—Dafne, Tamir, Ariell
Page 16:
viii Contents 2.2.2 Firewalls 39 2.
Page 20:
x Contents 5.3.1 Anatomy of the vul
Page 24:
xii Contents 9.5 Closely monitor de
Page 30:
Preface This book is a guide on imp
Page 34:
Preface xvii Stephen Chaung, Curt C
Page 40:
2 Getting Started More important, m
Page 44:
4 Getting Started while officials
Page 48:
6 1.1 Harden your database environm
Page 52:
8 1.1 Harden your da
Page 56:
10 1.1 Harden your database environ
Page 60:
Page 64:
Page 68:
Page 72:
Page 76:
20 1.2 Patch your database ler, you
Page 80:
22 1.2 Patch your database of the s
Page 84:
24 1.2 Patch your database 1.2.2 Ex
Page 88:
26 1.2 Patch your database Figure 1
Page 92:
28 1.2 Patch your database Figure 1
Page 96:
30 1.4 Define an access policy as t
Page 100:
32 1.5 Resources and Further Readin
Page 104:
34 1.A C2 Security and C2 Auditing
Page 108:
36 2.1 Defense-in-depth there is to
Page 112:
38 Figure 2.1 Defense-in-depth stra
Page 116:
40 2.2 The security software landsc
Page 120:
42 2.3 Perimeter security, firewall
Page 124:
Page 128:
Page 132:
48 2.4 Securing the core make it th
Page 136:
50 Figure 2.3 Web application reque
Page 140:
52 2.7 Vulnerability management and
Page 144:
54 2. 2.7 Vulnerability management
Page 148:
56 2.8 Patch management All of thes
Page 152:
58 2.9 Incident management Figure 2
Page 158:
The Database as a Networked Server
Page 162:
3.2 Understand the network access m
Page 166:
3.2 Understand the network access m
Page 170:
3.3 Track tools and applications 67
Page 174:
3.3 Track tools and applications 69
Page 178:
3.4 Remove unnecessary network libr
Page 182:
Page 186:
Page 190:
Page 194:
Page 198:
3.5 Use port scanners—so will the
Page 202:
3.5 Use port scanners—so will the
Page 206:
3.6 Secure services from known netw
Page 210: 3.8 Summary 87 3.8 Summary Traffic
Page 214: 3.A What is a VPN? 89 Figure 3.A In
Page 218: 3.B Named Pipes and SMB/CIFS 91 Tab
Page 222: 3.B Named Pipes and SMB/CIFS 93 Tab
Page 226: Authentication and Password Securit
Page 230: 4.1 Choose an appropriate authentic
Page 238: 4.1 SID Choose an appropriate authe
Page 254: 4.3 Choose strong passwords 109 gro
Page 258: 4.3 Choose strong passwords 111 It
Page 264: 114 4.3 Choose strong passwords Let
Page 268: 116 4.3 Choose strong passwords Fig
Page 272: 118 4.4 Implement account lockout a
Page 276: 120 4.6 Use passwords for all datab
Page 280: 122 4.7 Understand and secure authe
Page 284: 124 4.A A brief account of Kerberos
Page 290: Application Security 5 After many y
Page 294: 5.1 Reviewing where and how databas
Page 314:
5.2 Obfuscate application code 139
Page 318:
Page 322:
Page 326:
Page 330:
Page 334:
5.3 Secure the database from SQL in
Page 338:
Page 342:
Page 346:
Page 350:
Page 354:
Page 358:
Page 362:
Page 366:
Page 370:
Page 374:
5.4 Beware of double whammies: Comb
Page 378:
5.6 Address packaged application su
Page 382:
5.6 Address packaged application su
Page 386:
5.8 Summary 175 Create a baseline
Page 390:
Using Granular Access Control 6 Onc
Page 394:
6.1 Align user models by communicat
Page 398:
Page 402:
Page 406:
6.2 Use row-level security (fine-gr
Page 410:
6.2 Use row-level security (fine-gr
Page 414:
6.3 Use label security 189 The last
Page 418:
6.3 Use label security 191 Figure 6
Page 422:
6.4 Integrate with enteprise user r
Page 426:
Page 430:
Page 434:
6.5 Integrate with existing identit
Page 438:
6.6 Summary 201 more techniques are
Page 444:
204 7.1 Don’t use external proced
Page 448:
206 Table 7.1 7.1 Don’t use exter
Page 452:
Page 456:
Page 460:
Page 464:
214 7.2 Don’t make the database a
Page 468:
Page 472:
Page 476:
220 7.4 Understand Web services sec
Page 480:
Page 484:
Page 488:
Page 492:
228 7.A Cross-site scripting and co
Page 496:
230 7.B Web services 7.B Web servic
Page 502:
8 Securing database-to-database com
Page 506:
8.1 Monitor and limit outbound comm
Page 510:
8.2 Secure database links and watch
Page 514:
Page 518:
Page 522:
8.4 Monitor usage of database links
Page 526:
8.4 Monitor usage of database links
Page 530:
8.5 Secure replication mechanisms 2
Page 534:
Page 538:
Page 542:
Page 546:
Page 550:
Page 554:
8.6 Map and secure all data sources
Page 558:
Page 562:
Page 566:
Page 570:
Trojans 9 A Trojan is an unauthoriz
Page 574:
9.2 Baseline calls to stored proced
Page 578:
9.3 Control creation of and changes
Page 582:
9.3 Control creation of and changes
Page 586:
9.5 Closely monitor developer activ
Page 590:
9.5 Closely monitor developer activ
Page 594:
9.6 Monitor creation of traces and
Page 598:
9.6 25 26 27 28 33 34 35 36 37 38 3
Page 602:
Page 606:
Page 610:
Page 614:
Page 618:
9.7 Monitor and audit job creation
Page 622:
9.8 Be wary of SQL attachments in e
Page 626:
9.A Windows Trojans 295 [HKEY_LOCAL
Page 632:
298 Directive of Data Protection, t
Page 636:
300 10.1 Encrypting data-in-transit
Page 640:
Page 644:
Page 648:
Page 652:
Page 656:
310 Figure 10.3 No certificate erro
Page 660:
Page 664:
Page 668:
316 10.2 Encrypt data-at-rest Figur
Page 672:
318 10.2 Encrypt data-at-rest corpo
Page 676:
320 10.2 Encrypt data-at-rest DBMS_
Page 680:
322 10.2 Encrypt data-at-rest secur
Page 684:
324 10.A Tapping into a TCP/IP sess
Page 688:
326 10.A Tapping into a TCP/IP sess
Page 692:
328 11.1 The alphabet soup of regul
Page 696:
Page 700:
Page 704:
Page 708:
336 11.2 Understand business needs
Page 712:
338 11.2 Understand business needs
Page 716:
340 11.3 The role of auditing Figur
Page 720:
342 11.3 The role of auditing Figur
Page 724:
344 11.4 The importance of segregat
Page 728:
346 11.4 The importance of segregat
Page 732:
348 11.6 Summary 11.6 Summary logs
Page 736:
350 12.1 Audit logon/logoff into th
Page 740:
352 12.1 BEGIN insert into user_log
Page 744:
354 12.2 Audit sources of database
Page 748:
356 Figure 12.4 Viewing client sour
Page 752:
358 12.4 Audit DDL activity that ma
Page 756:
360 12.5 Audit database errors do n
Page 760:
362 12.6 Audit changes to sources o
Page 764:
364 12.7 Audit changes to privilege
Page 768:
Page 772:
Page 776:
370 12.9 Audit changes to sensitive
Page 780:
372 12.10 Audit SELECT statements f
Page 784:
374 12.12 Summary 12.12 Summary aud
Page 788:
376 13.2 Opt for an independent/bac
Page 792:
378 Figure 13.1 Auditing by inspect
Page 796:
380 Figure 13.3 Auditing by inspect
Page 800:
382 13.5 Secure auditing informati
Page 804:
384 13.6 Audit the audit system the
Page 808:
386 13.8 Thinks in terms of a data
Page 812:
388 13.10 Support changing audit re
Page 816:
390 13.11 Prefer an auditing archit
Page 820:
392 13.A PGP and GPG ing files and
Page 824:
394 13.A PGP and GPG After generati
Page 830:
Index Access administration errors,
Page 834:
proxy, 198 as security model basis,
Page 838:
See also Encryption Data mapping, 3
Page 842:
key pair creation, 392-94 popularit
Page 846:
Microsoft Data Engine (MSDE), 110,
Page 850:
Organization, this book, 6 Outbound
Page 854:
Sarbanes-Oxley Act (SOX). See SOX S
Page 858:
passwords, changing, 105 Query Anal
Page 862:
environment usage, 88 hardware, 89
show all

Implementing Database Security and Auditing: Includes ... - ADReM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?