|
Protecting the Crown Jewels - An Enterprise-Class
|
|
Hits: 2 |
|
Date added: 08/03/2007 |
|
Protecting the Crown Jewels
An Enterprise-Class Approach to Application-Level Security
Hackers tend to go where the targets are the most attractive,
and the defenses are the weakest. Therefore, it shouldn’t be
surprising that enterprise applications and databases are
increasingly coming under attack from the kind of threats
once associated mostly with operating systems and desktop
applications.
Most large organizations have already installed antivirus software,
firewalls and even intrusion detection systems (IDSs) to
protect their networks and host operating systems. But by
comparison, enterprise-class applications have received relatively
little attention, on the assumption that they are protected
by firewalls and other defenses at the network perimeter. Yet
these applications and databases are the major reason enterprises
invest in IT in the first place, and the data they contain
are often the enterprise’s most valuable assets. Indeed, an
enterprise without database security is like a bank with locks on
the doors and armed guards by every entrance, but no vault. |
|
|
|
|
|
|
Vulnerability Assessment - The Right Tools to Prot
|
|
Hits: 6 |
|
Date added: 08/02/2007 |
|
Vulnerability Assessment:
The Right Tools to Protect Your Critical Data
Over the last several years, Vulnerability Assessment (VA) has become one of the hottest fields within the computer security
market. VA tools are designed to detect and report on security holes within various software applications, allowing
organizations to take corrective actions before a devastating attack occurs. Due to the reduction in “time to exploit” once a
new vulnerability reaches the public domain, and the regulatory pressures imposed on businesses within a variety of verticals,
the need for reliable vulnerability assessment has never been greater. Unfortunately, the environment in which software
applications are developed today is largely driven by schedule and features, rather then stability or security. This situation has
led to corporate networking being ripe with vulnerabilities there for the picking, and the software vendors are doing very little
to remedy the situation. Risks to corporate applications are further exacerbated by overburdened and understaffed IT
departments. |
|
|
|
|
|
|
Security Auditing In Microsoft SQL Server
|
|
Hits: 2 |
|
Date added: 08/01/2007 |
|
The database community has begun to realize its role in a robust information security infrastructure. Traditionally there has
been little concern for the security of relational database systems, and for the vast amounts of data they house. In the early days
of relational databases, gaining access to a database was so difficult that the need for complex security features was irrelevant.
Databases were housed in mainframes not accessible directly from the network. Slowly they were ported to other networked
systems such as UNIX, Linux, and Windows, but even when this happened, the databases were kept far behind the firewall out
of the reach of the typical Black Hat surfing the Internet. |
|
|
|
|
|
|
Anti Forensics
|
|
Hits: 11 |
|
Date added: 07/30/2007 |
|
Anti Forensics: making computer forensics hard |
|
|
|
|
|
|
Intrusion Detection and Security Auditing In Oracl
|
|
Hits: 3 |
|
Date added: 07/29/2007 |
|
Intrusion Detection and Security Auditing In Oracle
At its core, security is all about risk reduction. One of the most effective security practices, defense-in-depth, employs multiple
layers of protection to reduce the risk of database intrusion. It’s analogous to the many defensive layers surrounding a medieval
castle: drawbridge, moat, the outer wall, the inner keep, archers manning the wall, soldiers stationed outside the wall, etc. No
single level of defense is infallible; all these layers can’t ensure the castle will be 100% impenetrable. Yet, these layers of
protection can make the castle (and its crown jewels) less vulnerable to the attackers. |
|
|
|
