Implementing Database Security and Auditing

Front Cover
Elsevier, May 20, 2005 - Computers - 432 pages
This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an “internals level. There are many sections which outline the “anatomy of an attack – before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape – both from a business and regulatory requirements perspective as well as from a technical implementation perspective.

* Useful to the database administrator and/or security administrator - regardless of the precise database vendor (or vendors) that you are using within your organization.
* Has a large number of examples - examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL..
* Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product.
* Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment - which is not dependent on the database platform - a view that is important to ensure good database security.
 

What people are saying - Write a review

User Review - Flag as inappropriate

Base de Dados Protecção

Contents

body
1
2 Database Security within the General Security Landscape and a Defense in Depth Strategy
35
3 The Database as a Networked Server
61
4 Authentication and Password Security
95
5 Application Security
127
6 Using Granular Access Control
177
7 Using the Database To Do Too Much
203
8 Securing database to database communications
233
9 Trojans
267
10 Encryption
297
11 Regulations and Compliance
327
12 Auditing Categories
349
13 Auditing Architectures
375
Index
397
Copyright

Other editions - View all

Common terms and phrases

Popular passages

Page 21 - CERT Coordination Center (CERT/CC) is a center of Internet security expertise located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
Page 21 - Mitre to come up with a list of standardized names for vulnerabilities and other information security exposures. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.

About the author (2005)

Ron Ben-Natan is Chief Technical Officer at Guardium, a leader in database and application security. Ron is an expert in the field of application security, database security and enterprise applications. He is also an expert in distributed computing, J2EE applications, and Web services. He has published 9 technical books

including several best-selling WebSphere application server books and over 40 technical articles.

Books published:

CORBA, McGraw Hill, 353pp, 0070054274

Objects on the Web, McGraw Hill, 488pp, 0070062811

CORBA on the Web, McGraw Hill, 432pp, 0070067244

IBM San Francisco Developer’s Guide, McGraw Hill, co-authored with Ori Sasson, 928pp, 0071351779

IBM WebSphere Starter Kit, Osborne/McGraw Hill, co-authored with Ori Sasson, 720pp, 0072124075

Web Applications - Published in Japanese for the Japanese market, co-authored with Ori Sasson

Integrating Service Level Agreements, John Wiley & Sons, co-authored with John Lee, 352pp, 0471210129

IBM WebSphere Application Server - the Complete Reference, Osborne/McGraw Hill, co-authored with Ori Sasson, 997pp, 0072223944

Mastering WebSphere Portal, John Wiley & Sons, co-authored with Richard Gornitsky, Tim Hannis, and Ori Sasson, 552pp, 0764539914

Bibliographic information