| | |  | Microsoft | Home » » Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase | | | | | | | Description: | | This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an "internals" level. There are many sections which outline the "anatomy of an attack" - before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape - both from a business and regulatory requirements perspective as well as from a technical implementation perspective.
* Useful to the database administrator and/or security administrator - regardless of the precise database vendor (or vendors) that you are using within your organization.
* Has a large number of examples - examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL..
* Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product.
* Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment - which is not dependent on the database platform - a view that is important to ensure good database security. | | | Product Details: | | | Author:
| Ron Ben Natan | | Paperback:
| 432 pages | | Publisher:
| Digital Press | | Publication Date:
| May 02, 2005 | | Language:
| English | | ISBN:
| 1555583342 | | Package Length:
| 9.06 inches | | Package Width:
| 7.4 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 1.94 pounds | | Average Customer Rating:
|  based on 11 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
Write an online review and share your thoughts with other customers.
3 of 3 found the following review helpful:
The Best Resource Available on Database and Data Access AuditingJun 10, 2009
If compliance and auditing are on your agenda, then Ron Ben Natan's book on database security and auditing merits your attention. In this day-and-age of computer viruses, hacking, and governmental regulations, database security and auditing is a subject of paramount importance. And Implementing Database Security and Auditing attacks the subject with a vengenance.
In just over 400 pages the author manages to quite thoroughly cover a wide variety of database security topics. Whether you want to learn more about encryption, authentication and password control, or access control, this book provides help.
The book is useful for both DBAs and security administrators, giving each a better view of the world where the disciplines of database management and security management meet. Even better, the book offers many examples and guidelines for multiple environments. Whether you use DB2 on AIX, MySQL on Linux, Oracle on Unix, or SQL Server on Windows, Ben Natan's book provides useful guidance.
Are you curious to know more about SQL injection attacks? Learn what they are and why they are dangerous in this book. What about buffer overflows? Maybe you've read about them in the IT press, but those "newsy" pieces rarely delve into the depth required to understand and prevent attacks using these methods. This book offers that depth.
Chapter 7, "Using the Database to do Too Much," is particularly useful. In this chapter the author discusses some of the things not to do if you want to properly secure your database environment. You can save yourself a lot of trouble by reading and following these useful suggestions.
I think my favorite section of the book is the final three chapters. Here is where the author tackles the meaty topics of regulatory compliance and database auditing. New governmental rules and regulations are being introduced constantly and their impact on database administration is not clearly understood by many heads-down, techies. This book will give you a clearer understanding of laws such as GLB, Sarbanes-Oxley, and HIPAA -- and lend guidance on how to adapt your database environment in order to comply with these laws.
All-in-all Implementing Database Security and Auditing is a useful and timely publication that most DBAs would do well to read and embrace.
2 of 4 found the following review helpful:
A Well-Rounded Textbook for DBAs, Auditors and InfoSecMar 23, 2007
I'm rarely moved to write a review on a technical book, perhaps because I read so many of them. However, this text is truly outstanding, due to it's breadth of coverage, i.e., Oracle, SQL Server, DB2, UBD and Sybase AND well written descriptions of problems and solutions.
If you are seeking to secure your databases AND/OR audit them, this book contains both suggestions for scripting, triggers etc as well as where to look for vulnerabilities.
Bravo to the author, and THANKS, I'm using regularly, the best compliment of all.
0 of 2 found the following review helpful:
Very useful and timely bookJun 24, 2006
The book is very practical and timely; it contains the complex of useful rules either dispersed in many different sources or not published at all. For example my colleague who is a DB Oracle administrator in Sony Computer Entertainment distinguished the following recommendations:
· Hardening Oracle environment
· Avoiding the use of mod_plsql
· Not making a database a web server and not store HTML pages in the database
From my perspective the rules concerning Web services and cross-site scripting are the most valuable. Working on these applications I see how vulnerable is a database server due to some security holes; therefore avoiding the holes is important.
0 of 8 found the following review helpful:
This is a very good bookNov 23, 2005
This is a very good book. It is very readable and very informative. It has a lot of useful stuff. I recommend it highly.
1 of 8 found the following review helpful:
Very good bookSep 23, 2005
Really good book. Easy to read and good content. I recommend it to anyone doing db work.
| | |
|
