fbpx
 

Category: Center of Internet Security (CIS)

Using Oracle Database Firewall

We’re all familiar with network firewalls, which prevent unauthorized access to your network from external sources. However, network firewalls don’t protect your databases from malicious attacks, which sometimes come disguised as privileged internal users. Web applications are a major source of data attacks, through stratagems such as SQL Injection, for example. Oracle’s Database Firewall (a product Oracle gained through its acquisition of Secerno, a British firm, in 2010) offers a solid defensive perimeter to monitor and enforce accepted behavior on […]

What is Oracle Data Masking?

Oracle Data Masking is an Option offered for use with Oracle’s databases. Data masking provides a way to de-identify data. When might a company need to de-identify its data? Well, companies service their customers through data stored in their production databases. However, the production database isn’t the only place that sensitive data is stored. Almost every company supports its production databases with various data stores called testing, development or staging databases. Privacy and regulatory mandates call for securing and protecting […]

Web Application Vulnerabilities – way too common!

Web applications are common to practically every company that uses the internet. Even if a company uses the well-known Secure Sockets Layer (SSL) and utilizes sophisticated firewall protection, the very fact that it can’t control what users can input into their web forms, introduces several avenues that a malicious person can use to attack the company’s data. Top web application researcher and practitioner Dafydd Studdard and his colleagues have tested thousands of web applications for security assessments over the years. […]

The Recent attacks on PayPal, Visa and MasterCard

One of the interesting fallouts from the Wikileaks revelations about U.S. and international diplomatic cables that revealed the inner machinations of foreign policy operatives, secrets is the attacks by Wikileaks supporters on various financial institutions that shut off the processing of monetary contributions to the Wikileaks organization. Of the three major financial giants impacted by the mass internet attacks, PayPal, Visa and MasterCard were the most affected entities. PayPal seems to have weathered the storm pretty well, but Visa and […]

CIS and Oracle Database Security Benchmarks

Most Oracle (as well as DB2, MySQL and MS SQL Server) DBA’s are aware of the existence of Oracle database and application security benchmarks, but tend to treat the benchmarks, which are a type of best practice lists, with somewhat of a benignly neglectful attitude. This attitude is attributable to the lack of time on behalf of the harried DBAs, who are tasked with numerous critical functions, including the ensuring of high performance and continuous availability of their systems.

In Archive