I just saw a post from Frank Nimphius on http://www.orablogs.com - (broken link) the orablogs site about his reading of Bruce Schneier's book "Beyond Fear" over the Christmas period. Franks post is titled http://www.orablogs.com/fnimphius/archives/000782.html - (broken link) Security: "Beyond Fear" by Bruce Schneier.
Frank has given a good insight into security in this short review - he talks about the need to plan for security not to just use the features of the software or language being used at the time. This is a key concept and should be obvious. You should always design security solutions based on the need to secure and what needs to be secured. I guess its like saying - I have added a great password policy to the database and audited all of he passwords, they are all strong and now no one can break in and steal the data. But the server is not secured and anyone can get access to the file system and read the raw data files. OK, it's not a very good example but the point is a security solution needs to be designed from he ground up and ideally from day one of a project design not tacked on after project completion. The book talks about threat and counter measure, another angle that most implementers of security do not always consider.
Frank gives some great quotes from the book that he wrote down as he read it. http://www.orablogs.com/fnimphius/archives/000782.html - (broken link) His post again is here.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Nice article on SQL Injection"] [Next entry: "Frank has an interesting post about the movie Troy"]
January 2005
- Oracle security and content management - 01/01/2005 by 01/01/2005
- Some updates to the Oracle default password list - 01/02/2005 by 01/02/2005
- Nice article on SQL Injection - 01/03/2005 by 01/03/2005
- Frank has a review of Bruce Schneier book Beyond Fear - 01/04/2005 by 01/04/2005
- We have moved - 01/05/2005 by 01/05/2005
- Schema difference tool - 01/07/2005 by 01/07/2005
- CREATE SCHEMA - does it do what it says on the tin? - 01/08/2005 by 01/08/2005
- Becoming another user - 01/09/2005 by 01/09/2005
- A nice simple DBMS_OBFUSCATION_TOOLKIT example by Nimzo Benoni - 01/10/2005 by 01/10/2005
- Howard Rogers has a good article about database links - 01/11/2005 by 01/11/2005
- Amis blog has an entry all about OpenVPN - 01/12/2005 by 01/12/2005
- Sarbanes Oxley and Oracle - 01/13/2005 by 01/13/2005
- Adam Martins Oracle password cracker seems to not be available - 01/14/2005 by 01/14/2005
- Great tool for security checking a PC - 01/15/2005 by 01/15/2005
- Penetration testing research and cost effective security - 01/16/2005 by 01/16/2005
- HTML Kit - 01/17/2005 by 01/17/2005
- Security alert released by Pete Finnigan - 01/18/2005 by 01/18/2005
- Alexander Kornbrust has an advisory for CPU - January 2005 - 01/19/2005 by 01/19/2005
- Search Oracle talks about the Critical Patch Update - 01/20/2005 by 01/20/2005
- Translation of www.Heise.de German news article - 01/21/2005 by 01/21/2005
- oops missed off the link - 01/22/2005 by 01/22/2005
- Steve Kost has released an Integrigy advisory for CPU - January 2005 - 01/23/2005 by 01/23/2005
- Tom talks about proxy users - 01/24/2005 by 01/24/2005
- Updated internals and Oracle applications security page - 01/25/2005 by 01/25/2005
- default passwords and Oracle default passwords - 01/26/2005 by 01/26/2005
- Frank has a great blog entry about web application security - 01/27/2005 by 01/27/2005
- Interesting thread on Oracle-l about ftp'ing data into the database - 01/28/2005 by 01/28/2005
- Some interesting comments about CPU - Jan 2005 on c.d.o.s - 01/29/2005 by 01/29/2005
- Andrej Koelewijn talks about google stopping comment spam - 01/30/2005 by 01/30/2005
- Happy birthday to orablogs.com - 01/31/2005 by 01/31/2005
Archives
Syndication
Powered by gm-rss 2.0.0
