Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase - Softcover

Securing application environments and databases is the major focus of information security – this book will show you how to do it.

"Today, databases house our 'information crown jewels', but database security is one of the weakest areas of most information security programs. With this excellent book, Ben-Natan empowers you to close this database security gap and raise your database security bar!" Bruce W. Moulton. CISO/VP, Fidelity Investments (1995 - 2001)

"Let's start with a simple truth about today's world: If you have a database and you make it available to customers, employees, or whomever over a network, that database will be attacked by hackers -- probably sooner rather than later. If you are responsible for that database's security, then you need to read this book. No other single source covers all of the many disciplines and layers involved in protecting exposed databases, and it especially shines in synthesizing all of its concepts and strategies into very practical and specific checklists of things you need to do. I've been an Oracle DBA for 15 years, but I'm not embarrassed to admit that five minutes into Chapter One I was making notes on simple measures I had overlooked." -- Charles McClain, Senior Oracle DBA, North River Consulting, Inc.

This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an “internals? level. There are many sections which outline the “anatomy of an attack? – before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape – both from a business and regulatory requirements perspective as well as from a technical implementation perspective.

Features:
* Useful to the database administrator and/or security administrator – regardless of the precise database vendor (or vendors) that you are using within your organization.
* Has a large number of examples – examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL..
* Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product.
* Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment – which is not dependent on the database platform – a view that is important to ensure good database security.

Ron Ben Natan Ron Ben Natan is CTO at Guardium Inc., a leader in database security and auditing. Prior to Guardium Ron worked for companies such as Intel, AT&T Bell Laboratories, Merrill Lynch, J.P. Morgan and ViryaNet. He holds a Ph.D. in the field of distributed computing from the University of Jerusalem. Ron is an expert on the subject of distributed application environments, application security and database security and has authored nine technical books and numerous articles on these topics.|"Today, databases house our 'information crown jewels', but database security is one of the weakest areas of most information security programs. With this excellent book, Ben-Natan empowers you to close this database security gap and raise your database security bar!" Bruce W. Moulton. CISO/VP, Fidelity Investments (1995 - 2001)

"Let's start with a simple truth about today's world: If you have a database and you make it available to customers, employees, or whomever over a network, that database will be attacked by hackers -- probably sooner rather than later. If you are responsible for that database's security, then you need to read this book. No other single source covers all of the many disciplines and layers involved in protecting exposed databases, and it especially shines in synthesizing all of its concepts and strategies into very practical and specific checklists of things you need to do. I've been an Oracle DBA for 15 years, but I'm not embarrassed to admit that five minutes into Chapter One I was making notes on simple measures I had overlooked." -- Charles McClain, Senior Oracle DBA, North River Consulting, Inc.

This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an “internals level. There are many sections which outline the “anatomy of an attack – before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape – both from a business and regulatory requirements perspective as well as from a technical implementation perspective.

Features:
* Useful to the database administrator and/or security administrator – regardless of the precise database vendor (or vendors) that you are using within your organization.
* Has a large number of examples – examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL..
* Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product.
* Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment – which is not dependent on the database platform – a view that is important to ensure good database security.

Ron Ben Natan Ron Ben Natan is CTO at Guardium Inc., a leader in database security and auditing. Prior to Guardium Ron worked for companies such as Intel, AT&T Bell Laboratories, Merrill Lynch, J.P. Morgan and ViryaNet. He holds a Ph.D. in the field of distributed computing from the University of Jerusalem. Ron is an expert on the subject of distributed application environments, application security and database security and has authored nine technical books and numerous articles on these topics.