Security Management Strategies for the CIO
Email Alerts
-
Security School: Database security issues
Michael Cobb examines the top database security flaws and how to monitor database access to detect potential security incidents. Security School
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Quiz: Database defenses for a new era of threats
Take this five-question quiz to evaluate your knowledge of the material presented by expert Rich Mogull in this Data Protection Security School lesson. Quiz
-
Information theft and cryptographic attacks
The third tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by R... Book Chapter
-
Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," pu... Book Chapter
-
PING with Suzanne Hall
In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure. Information Security maga
-
Implementing Database Security and Auditing: Trojans
An excerpt from Chapter 9 of "Implementing Database Security and Auditing," by Ron Ben Natan. Book Chapter
-
More from SearchSecurity -- October 2005
Highlights from the October 2005 issue of Information Security magazine. Monthly Magazine Highligh
-
SAP Security Learning Guide
This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system bulletproof. Learning Guide
-
Lesson/Domain 6 -- Security School: Training for CISSP Certification
Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
- See more Essential Knowledge on Database Security Management
-
Privileged user management a must for DBAs
Trust, but verify. Ronald Reagan made it popular, and it's certainly relevant for DBAs in today's consolidated, virtualized IT world. Oracle Revelations | 15 May 2013
-
Oracle security advisory addresses Black Hat database flaw disclosure
A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges. News | 13 Aug 2012
-
Black Hat 2012: David Litchfield slams Oracle database indexing
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities. News | 26 Jul 2012
-
Password database inventory required following LinkedIn breach
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert. News | 25 Jun 2012
-
Database security assessment vital to password protection, experts say
Hashing and salting passwords help deter cybercriminals from cracking them, but the goal should be to keep attackers out of the database, say security experts. News | 12 Jun 2012
-
Analysis: Oracle trips on TNS zero-day workaround
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk. News | 02 May 2012
-
Oracle won’t patch four-year-old zero-day in TNS listener
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.” News | 01 May 2012
-
McAfee strikes first deal under Intel for database monitoring software
The security giant is expanding into the database security market, announcing its intention to acquire Sentrigo. The terms of the deal were not released. Article | 23 Mar 2011
-
Database security: Top 10 database vulnerabilities list
New vulnerabilities list outlines the most common database problems that could lead to a costly data breach. News | 03 Jun 2010
-
Oracle buys database firewall vendor Secerno
Oracle said the deal adds the Secerno database activity monitoring functionality to its line of database server security technologies. Article | 20 May 2010
- See more News on Database Security Management
-
Oracle security patches, InfoSec World 2012 controversy offer important lessons
Editor Eric B. Parizo says controversies involving Oracle security patches and InfoSec World 2012 prove the importance of differing opinions. Opinion
-
Database security tools for preventing SQL injection attacks
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection. Column
-
NoSQL security: Do NoSQL database security features stack up to RDBMS?
With NoSQL databases increasingly being used to tackle big data challenges, expert Michael Cobb examines NoSQL security in comparison to RDBMS. Tip
-
MySQL security analysis: Mitigating MySQL zero-day flaws
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed? Tip
-
Windows Server 2012 security: Is it time to upgrade?
Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release. Tip
-
SAP security overview: Server-side request forgery attack mitigation
Expert Michael Cobb provides an SAP security overview, including steps enterprises can take to defend against server-side request forgery attacks. Tip
-
Using the network to prevent an Oracle TNS Listener poison attack
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications. Tip
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management. Tip
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials. Tip
-
Database security best practices: Tuning database audit tools
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip. Tip
-
Database application security: Balancing encryption, access control
Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andreas Antonopoulos discusses encryption strategies for da... Tip
-
Content-aware IAM: Uniting user access and data rights
In the world of IT security, IAM and data protection have generally kept to their separate corners. That trend, however, may be shifting with the onset of content-aware IAM that merges granular user access with advanced data protection. Tip
- See more Tips on Database Security Management
-
The Narilam malware: How to protect SQL databases, corporate records
Expert Nick Lewis explains how the Narilam malware infects SQL databases and destroys corporate records, and offers advice on mitigation. Answer
-
What to look for in full-packet-capture and network forensic tools
Matt Pascucci explains what to look for in full-packet-capture network logging and network forensic tools, and areas to focus on during the search. Answer
-
Mitigations for an Oracle database authentication vulnerability
A patch for an Oracle database authentication vulnerability was only released for version 12. Expert Nick Lewis discusses mitigations for 11.1 users. Answer
-
Cleaning a compromised server: How to detect booter shells, remnants
Expert Nick Lewis discusses the importance of fully cleaning a compromised server and how to detect and remove booter shells and other remnants. Answer
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
OpenStack security analysis: Pros and cons of open source cloud software
Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues. Answer
-
Comparing relational database security and NoSQL security
In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
-
What is SQL Server Atlanta?
Have you heard about Microsoft’s cloud-based SQL Server Atlanta service? Expert Michael Cobb discusses how Atlanta can help improve performance and security. Answer
-
Prevent a privilege escalation attack with database security policy
Privilege escalation attacks are dangerous wherever they occur, but can be particularly harmful if run in a database. Learn more from threats expert Nick Lewis. Ask the Expert
- See more Expert Advice on Database Security Management
-
MyDiamo
MyDiamo is database encryption software for MySQL that runs on virtually all platforms that MySQL supports, including Linux, UNIX and Windows. Definition
-
column-level encryption
Column-level encryption is a method of database encryption in which the information in every cell (or data field) in a particular column has the same password for access, reading, and writing purposes. Definition
-
data encryption/decryption IC
A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data... Definition
-
link encryption (link level or link layer encryption)
Link encryption (sometimes called link level or link layer encryption) is the data security process of encrypting information at the data link level as it is transmitted between two points within a network. Definition
-
MD4
MD4 is an earlier version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprin... Definition
-
MD5
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specifi... Definition
-
MD2
MD2 is an earlier, 8-bit version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fin... Definition
-
International Data Encryption Algorithm (IDEA)
IDEA (International Data Encryption Algorithm) is an encryption algorithm developed at ETH in Zurich, Switzerland. Definition
-
Countdown: The top 5 things you can do to lock down your database right now
Implementing security measures to secure database installations is an important, but overwhelming task. This expert podcast will provide you with a practical guide of immediate steps that you can take to eliminate common vulnerabilities found in data... Podcast
-
Fact or fiction: Pros and cons of database encryption
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ne... Podcast
-
Countdown: Plugging the dam -- Understanding where and how content leaks
This expert Podcast counts down the top 5 different use cases in which data can leak as a result of outdated data handling policies, and what you can do to make sure these situations don't put your organization in an exposed position. Podcast
-
Security School: Database security issues
Michael Cobb examines the top database security flaws and how to monitor database access to detect potential security incidents. Security School
-
MyDiamo
MyDiamo is database encryption software for MySQL that runs on virtually all platforms that MySQL supports, including Linux, UNIX and Windows. Definition
-
Privileged user management a must for DBAs
Trust, but verify. Ronald Reagan made it popular, and it's certainly relevant for DBAs in today's consolidated, virtualized IT world. Oracle Revelations
-
The Narilam malware: How to protect SQL databases, corporate records
Expert Nick Lewis explains how the Narilam malware infects SQL databases and destroys corporate records, and offers advice on mitigation. Answer
-
NoSQL security: Do NoSQL database security features stack up to RDBMS?
With NoSQL databases increasingly being used to tackle big data challenges, expert Michael Cobb examines NoSQL security in comparison to RDBMS. Tip
-
What to look for in full-packet-capture and network forensic tools
Matt Pascucci explains what to look for in full-packet-capture network logging and network forensic tools, and areas to focus on during the search. Answer
-
column-level encryption
Column-level encryption is a method of database encryption in which the information in every cell (or data field) in a particular column has the same password for access, reading, and writing purposes. Definition
-
MySQL security analysis: Mitigating MySQL zero-day flaws
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed? Tip
-
Mitigations for an Oracle database authentication vulnerability
A patch for an Oracle database authentication vulnerability was only released for version 12. Expert Nick Lewis discusses mitigations for 11.1 users. Answer
-
Windows Server 2012 security: Is it time to upgrade?
Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release. Tip
- See more All on Database Security Management
About Database Security Management
Get the latest database security news, tips and information about Oracle, IBM DB2, and Microsoft's SQL Server and more. Get information about database security gateways. Understand database encryption and learn about the simple steps that can eradicate database vulnerabilities.