Powered By InformationWeek Business Technology Network
 
Welcome Guest. | Log In| Register | Membership Benefits

Dark Reading's Database Security Tech Center is your portal to all the news, product information, technical data, and other information related to the topic of database security.  Written for database administrators and businesspeople as well as security and IT professionals, the Database Security Tech Center is a single community dedicated to protecting one of the most sensitive assets in cyberspace: the company database.

Breaking News

'Operation Aurora' Changing The Role Of The CISO
Targeted attacks out of China against Google and other U.S. firms have forced some chief information security officers to reach out to their counterparts in other organizations and share attack, forensics information

Product Watch: Kaspersky Lab Rolls Out Password Manager
Feature will also be bundled with upcoming all-in-one Internet security suite

Ex-TSA Employee Indicted For Tampering With Database Of Terrorist Suspects
Case serves as a wake-up call about the potential dangers of malicious insider access to sensitive data

More Stories:

MORE NEWS >>>

By The Numbers

Only about half of organizations today monitor new database accounts and privileged user access.

Chart

Blog

Author Photo Database Dangers In The Cloud
Posted by Adrian Lane
March 17, 2010

Moving to a cloud-based database and virtual environment comes with plenty of benefits, but there's also a potential price to pay for security.

read more >

Around The Web

ZDNET
Oracle Releases Out-Of-Band Patch For Server Hole
Oracle has issued an update that patchesr a server flaw that can be exploited over a network without the use of a username

EWEEK
IBM Defends DB2 Against Ellison's 'Ignorant' Remarks
Bernie Spang, IBM's director of product strategy, criticizes some of Oracle CEO Larry Ellison's remarks about IBM's DB2 database software

FINEXTRA
Finance Firms To Spend Bilions On Risk Management: Survey
The top 100 financial institutions will spend over $100 billion a year implementing risk governance frameworks by 2012, according to research from Deloitte

THE REGISTER
Google Doppelganger Casts Riddle Over Interwebs
Google in October silently launched a new net domain that is now the 44th most visited domain on the Internet -- Google says it's for identifying servers on its network

PENN STATE LIVE
Malware Continues To Be A Challenge To Computer Security
As identity theft continues to be a serious problem nationwide, Penn State has experienced computer breaches due to malware as well

GAINESVILLE.COM
AvMed: Data Of 208,000 At Risk After Gainesville Theft
Two company laptops were stolen from AvMed Health Plans' corporate offices in Gainesville, potentially compromising the personal information of more than 200,000 current and former subscribers, as well as their dependents

BANK INFOSECURITY
Payroll Processor Reveals Data Breach
Ceridian says 27,000 of its customers are at risk after an attacker breached the  company's payroll system last December

H ONLINE
Vulnerability In Samba Provides Access To Files
A flaw in the free Samba file and printer server can be exploited to attain access to files outside of predefined paths, and attackers can gain access to the system's root directory

MORE >>>



Database Security Reports

report Protecting Databases from Web Applications
Most external hacks of databases occur because of flaws in Web applications that link to those databases. Yet, enterprises are increasingly exposing their most valuable data to these outward-facing interfaces. In this Dark Reading Tech Center report, we'll discuss how security teams, database administrators and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding, and offer a look at the most frequent Web-borne database attacks.

report Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
You can read about the consequences of not protecting critical data in the daily headlines. In response, security-conscious organizations are tackling the complexities involved in effectively monitoring their databases for potential leaks and compromises. Fortunately, an emerging class of software is stepping up to help. Here’s what enterprises need to know about selecting, deploying, and managing DAM technology.

report SQL Injection: A Major Threat to Data Security
Of all the attacks taking place on Web sites across the Internet today, SQL injection is the most popular for cybercriminals trying to hack their way into corporate data stores. But for such a pervasive threat, there is still little understanding within the development and database communities about what constitutes a SQL injection vulnerability, how attacks against a SQL injection bug work, and how to mitigate the risk. We examine how these exploits work and what you can do to stop them.

report Protecting Your Databases From Careless End Users
While much attention is paid to outside attackers' efforts to crack enterprise databases, IT organizations often overlook an even greater threat: end users. Ignorance and disregard of company security policies may lead employees to expose their organizations' databases to compromise, often without even knowing that they’re doing so. In this report, we offer advice on how to educate users on database security, and some common-sense recommendations on how to limit the damage.

report A Database Administrator's Guide to Security
While most security pros have become painfully aware of the threats posed to their organizations' databases, many of those who create and maintain the databases still don't fully understand the danger.  This "security primer" is designed to open the eyes of the DBA to the risks posed by poor database security – and to current "best practices" that can help prevent those risks from becoming reality.

report Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Most of an enterprise’s most sensitive and valuable information resides in databases. Yet, in many organizations, database security is often neglected, misunderstood, or even ignored. In this report, we discover why databases have become one of the most popular targets for hackers - and how everyday mistakes in database administration contribute to these attacks. We also offer some advice on what your organization can do to protect your most critical data - and to stop hackers in their tracks.

Related Content

HOWTO Secure and Audit Oracle 10g and 11g
Read the "Hardening Your Database" chapter from the 454-page book "HOWTO Secure and Audit Oracle 10g and 11g" and learn how to navigate the many security options within Oracle (authored by database security expert and Guardium CTO, Ron Ben Natan, Ph.D.)

HOWTO Monitor Database Activity
Read the "Database Activity Monitoring (DAM)" chapter from "HOWTO Secure and Audit Oracle 10g and 11g" (CRC Press, 2009) and learn how to leverage DAM to prevent cyberattacks, monitor privileged users and track access to sensitive data.

8 Steps to Holistic Database Security
Get the 8 essential best practices for a holistic approach to both safeguarding databases and achieving compliance with key regulations such as SOX, PCI-DSS, NIST 800-53 and data protection laws.

Essential Steps to Implementing Database Security and Auditing
Learn best practices and specific tips for effectively securing Oracle, SQL Server, DB2, MySQL and Sybase environments, including tracking security vulnerabilities, the anatomy of buffer overflow vulnerabilities and database auditing.

Databases at Risk: Current State of Database Security (ESG Research)
This recently published ESG report analyzes the current state of database security -- concluding it depends upon too many manual processes -- and also offers concrete steps to improve database security across the enterprise.