Ships from and sold by Amazon. Customers who viewed this item also viewed. Page 1 of 1 Start over Page 1 of 1. Database Security and Auditing: Protecting Data Integrity and Accessibility. The Hacker Playbook 3: Practical Guide To Penetration Testing. Oracle Database 12c Security.
Sponsored products related to this item What's this? Hacking with Kali Linux: Want to learn how to Hack? This book will guide you through the Hacking process. No prior experience needed. From Dummy To Geek. A complete user guide for understanding computers and software. Comprehensive and easy to use.
Now you can learn in this short guide how to do it. No prior experience required. Cyber Security in Organizations. Learn from scratch how to apply routing protocols in real life scenarios. Perfect for the CCNA exam. The premier guide to learning SQL. Learn the basics and more with multiple examples. Follow along and master SQL in no time. This is SQL simplified! Review "It's been said that everyone has their 15 minutes of fame.
Digital Press; 1 edition May 2, Language: Related Video Shorts 0 Upload your video. Share your thoughts with other customers. Write a customer review. There was a problem filtering reviews right now. Please try again later.
Customers who viewed this item also viewed
It's is compact; not a huge tome which could be off-putting. Loves the fact that examples are included for the various DBs that are out there: Also like the way the points are bulletted, the summary at the end of each chapter as well as an explanation of a relevant topic mentioned in the chapter e.
One person found this helpful. If compliance and auditing are on your agenda, then Ron Ben Natan's book on database security and auditing merits your attention. In this day-and-age of computer viruses, hacking, and governmental regulations, database security and auditing is a subject of paramount importance. And Implementing Database Security and Auditing attacks the subject with a vengenance.
In just over pages the author manages to quite thoroughly cover a wide variety of database security topics. The book is useful for both DBAs and security administrators, giving each a better view of the world where the disciplines of database management and security management meet. Even better, the book offers many examples and guidelines for multiple environments.
Are you curious to know more about SQL injection attacks? Learn what they are and why they are dangerous in this book. What about buffer overflows? Maybe you've read about them in the IT press, but those "newsy" pieces rarely delve into the depth required to understand and prevent attacks using these methods. This book offers that depth. Chapter 7, "Using the Database to do Too Much," is particularly useful. In this chapter the author discusses some of the things not to do if you want to properly secure your database environment.
You can save yourself a lot of trouble by reading and following these useful suggestions. I think my favorite section of the book is the final three chapters. Here is where the author tackles the meaty topics of regulatory compliance and database auditing. New governmental rules and regulations are being introduced constantly and their impact on database administration is not clearly understood by many heads-down, techies.
This book will give you a clearer understanding of laws such as GLB, Sarbanes-Oxley, and HIPAA -- and lend guidance on how to adapt your database environment in order to comply with these laws. All-in-all Implementing Database Security and Auditing is a useful and timely publication that most DBAs would do well to read and embrace. I'm rarely moved to write a review on a technical book, perhaps because I read so many of them.
However, this text is truly outstanding, due to it's breadth of coverage, i. Very good content and clearly explained. Or you can selectively go to specific chapters.
Implementing Database Security and Auditing: Trojans
My favorite are the ones about encryption and auditing. An updated edition would be good, but even so the concepts and strategies are definitely a must read for anyone involved in DB administration or in Data Security. The preface clearly states that this book is a guide on implementing security and auditing for database environments Lays out who should read the book, basically administrators, auditors, security professionals, or any one involved with operational ownership of databases.
After reading the book I actually felt that there are so many vulnerabilities that effect every part of an IT shop that this book is a must read for developers, architects, and management as well. Trojans of Implementing Database Security and Auditing, author Ron Ben Natan explains what database Trojans are, reviews the four main attack types and reveals why they differ from other sophisticated attacks. Database Trojans represent a sophisticated attack because the attack is separated into two parts: One of the main advantages of Trojan attacks is that they are more difficult to track because of this separation into two phases.
The difficulty is in associating the two events and understanding that the two events, which occur at different times, using different connections, possibly with different user IDs, are really a single attack. Learn how to detect and prevent Trojans. An example of using an oblivious user or process to inject a Trojan is a scenario in which a junior developer gets some procedural code from someone he or she doesn't know perhaps from a question posted in a newsgroup and then uses this code within a stored procedure without fully understanding what it is doing.
An example of using an oblivious user or process to call the Trojan is a stored procedure that runs every month as part of a General Ledger calculation performed when closing the books.
Implementing Database Security and Auditing: Trojans
An attacker who has this insight can try to inject a Trojan into this procedure, knowing that it will be run at the end of the month automatically. The options are listed in increasing degree of sophistication, complexity, and quality. The first category is the least sophisticated because actions can be traced back to the attacker. The only advantage over a direct attack using a single connection is that the attack occurs at two distinct times, and it certainly requires more work from an investigation unit to be able to identify the two events as being related and as forming a single attack.
The fourth category is extremely sophisticated and difficult to track back to the attacker—sometimes impossible. Because both the injection an investigation well beyond what happened at the database to figure out who the attacker is and what methods were used to coerce the injection.
The second and third types are somewhat comparable in terms of sophistication, but a type 3 Trojan is usually easier to carry out. In terms of what you need to monitor, for type 1 and type 2 the focus is on monitoring execution of stored procedures, whereas for type 3 and type 4 the focus is on monitoring creation and modification of procedural objects.
To learn how to detect and prevent database Trojans. Printed with permission from Digital Press, a division of Elsevier. For more information about this book and other similar titles, please visit www. Please check the box if you want to proceed. Organizations have the necessary tools to protect data stored and processed in IaaS platforms. Learn why SaaS platform security Learn how to detect cloud After years of stagnation, the access-layer network is in need of a makeover. Implementing software-defined configurations is Networking analysts and engineers examine SD-WAN security concerns, the importance of cabling in wireless environments and a new The Verizon 5G rollout could give the company an edge against The gathering at EmTech explored whether blockchain solutions could give the world a new model of trust.
The Apple event may not have wowed on the smartphone front, but the new Watch Series 4, with a built-in ECG, could be a hit Andrew Larkin, from the Cloud Academy, explains why successful cloud migration strategies require more than just a 'lift and Windows 10 updates are a necessary evil, as they add new features and improve security, but also cause downtime for users.