Blog

SANS 20 Critical Controls #9: Controlled Access Based on Need to Know

April 1, 2011March 22, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard), Oracle database, Oracle: News You Can UseLeave a Comment

The first step you must take is to identify your sensitive data, by establishing a data identification scheme. A multi level data sensitivity classification based on the sensitive level of the data is especially useful.

EMC’s RSA Security Division a Victim of Hackers

March 30, 2011March 22, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard), Oracle database, Oracle: News You Can UseLeave a Comment

Another company suffered a security breach, according to the NYTimes today. What’s the big deal, you might say, because companies getting hacked into isn’t really news.

SANS 20 Critical IT Controls #8: Controlled Use of Administrative Privileges

March 25, 2011March 22, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard), Oracle database, Oracle: News You Can UseLeave a Comment

A common technique used b y hackers is to guess the passwords for administrative users to gain access to a server, and from there compromise vast swatches of a system. Hackers are constantly devising powerful password cracking tools to see if they could grab a system admin or network admin’s password.

SANS 20 Critical IT Controls #7: Application Software Security

March 23, 2011March 22, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard), Oracle database, Oracle: News You Can UseLeave a Comment

While strengthening your network and perimeter security does keep potential attackers away, you do want people to access your web sites and web application, of course. Unfortunately, while most users access your applications and web sites for legitimate purposes, you can’t control the user input.

SANS 20 Critical IT Security Controls #6: Maintaining and Monitoring Audit Logs

March 11, 2011March 8, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard)Leave a Comment

All network components log their activity, but most companies don’t have a formal policy of reviewing the logs on a daily basis.

SANS 20 Critical IT Security Controls #5: Boundary Defense

March 9, 2011March 8, 2011 Sam AlapatiCompliance, Database security, DSS (Data Security Standard), Oracle databaseLeave a Comment

Internet accessing client systems and network devices are always a potential source of threats from hackers.

SANS Critical IT Security Controls #4: Secure Configurations for Network Devices

March 1, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard), Oracle database, Oracle: News You Can UseLeave a Comment

Network configuration includes the configuration of all network devices such as firewalls, routers and switches. Often times, an initially secure network configuration becomes somewhat insecure over time, as occasional configuration changes are made to the network to accommodate temporary needs.

SANS 20 Critical IT Security Controls #3: Securely configuring hardware and Software

February 26, 2011February 25, 2011 Sam AlapatiDatabase security, DSS (Data Security Standard), Oracle database, Security Assessments, Security RiskLeave a Comment

The default configurations of many hardware and software products aren’t designed with security in mind, although that has been steadily changing over time.

Blog

In Archive