| :: « Return
to Solutions Page
8 Steps to Holistic Database Security
SQL injection attacks, insider threats and regulations are driving organizations
to find new ways to secure sensitive data stored in databases such as
Oracle, SQL Server, DB2, Sybase and MySQL. Most of the world’s sensitive
data is stored in commercial database systems such as Oracle, Microsoft
SQL Server, IBM DB2 and Sybase – making databases an increasingly
favorite target for criminals. This may explain why SQL injection attacks
jumped 134 percent in 2008, increasing from an average of a few thousand
per day to several hundred thousand per day according to a recently-published
report by IBM.
To make matters worse, Forrester reports that 60 percent of enterprises
are behind in applying database security patches, while 74 percent of
all Web application vulnerabilities – which are predominantly SQL
Injection vulnerabilities – disclosed in 2008 did not even have
an available patch by the end of 2008, according to IBM.
Whereas most attention has previously been focused on securing network
perimeters and client systems (firewalls, IDS/IPS, anti-virus, etc.),
we are now entering a new phase where information security professionals
are now being tasked with ensuring that corporate databases are secure
from breaches and unauthorized changes.
Authored by Ron Ben Natan, Ph.D., author of “HOWTO Secure and Audit
Oracle 10g and 11g” (CRC Press, 2009), this white paper describes
8 best practices that provide a holistic approach to safeguarding databases
and achieving compliance, including:
• Discovering sensitive data in your environment
• Hack-proofing DBMS environments with vulnerability & configuration
assessment
• The role of database activity monitoring (DAM) & change auditing
• Compliance requirements for SOX, PCI-DSS, GLBA and data protection
laws.
|
