Beruflich Dokumente
Kultur Dokumente
11
There are many reasons: Understaffed Security Teams - Simply a lack of internal or third-party security professionals to bring visibility to the importance of database security. If there are no security professionals in the organization, or ones that lack the skills or resources to perform periodic security assessments of databases, database misconfigurations will often go undetected.
DBA's "don't do" security - The reality in many organizations is that DBAs are administrators that are focused on database availability and performance and not security. DBAs might be reluctant to implement secure configurations due to a lack of full understanding of the security risks- the vulnerability and exposure of not implementing the secure configuration, or due to fear that the secure configuration will unintentionally break some functionality. To boil it down, DBAs might have some fear, uncertainty, and doubt (FUD) about implementing secure database configurations.
6. Setup Database Triggers for Schema Auditing and Logon/Logoff Events Logon Trigger DDL_Trigger Error Trigger 7. Implement a Database Activity Monitoring (DAM) Solution
In general, the password verification function should ensure users passwords incorporate the following criteria:
Differs from their username Not a dictionary word At least 10 characters in length Include at least 1 alpha, 1 numeric, and 1 special character 9. Perform Regular Database Security Assessments
A. B. C. D. E. F. G.
Establish & maintain application-level security Manage privileges & attributes (system/object/user) Create, manage, and control roles (database, enterprise) Establish the granularity of access control desired Establish & manage the use of encryption Establish & maintain security in 3-tier applications Control query access, data misuse, and intrusions
24
Thank you!