I was passed a link to a blog entry by Jason on the Juxtaposition blog. The entry is titled "More from Oracle's CSO". The writer suggests that Mary Ann in an article titled http://www.fcw.com/article91127-10-17-05-Web - (broken link) Davidson: Lessons of warfare for IT security - To best apply limited resources to maximize defense success, carefully select your turf is looking too deeply into security techniques and should be taking a higher level position. To be honest after reading Mary Ann's article I am quite impressed. Read it again now. I liked the sentence:
"The network perimeter has disappeared as ubiquitous computing and extranet access have surged. The model of hardened perimeters and wide-open interiors is no longer adequate."
This is what I have been saying for a long time. The old model of securing the network or even hardening the servers and leaving the database wide open is not an option in today’s world. The data is what runs businesses and provides profit and jobs, it has to be protected. Access to the database needs to be controlled and the database itself has to be hardened. Patches for all of the bugs are also needed but we are talking about multi-layer security. It is quite heartening to hear Mary Ann agree with my sentiments.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Oracle Express - will we get security patches? - I truly hope so"] [Next entry: "Oracle has released a new security vulnerability fixing policy and process"]
November 2005
- UKOUG so far - 11/01/2005 by 11/01/2005
- Oracle Express - will we get security patches? - I truly hope so - 11/02/2005 by 11/02/2005
- Oracle has released a new security vulnerability fixing policy and process - 11/03/2005 by 11/03/2005
- Why Protect Fort Knox Borders But Ignore The Gold? - 11/04/2005 by 11/04/2005
- Oracle alerts customers to the so called voyager worm - 11/06/2005 by 11/06/2005
- Oracle adds fine-grain features to ID security - 11/07/2005 by 11/07/2005
- Bruce Schneier blogs about the Oracle password weakness paper - 11/08/2005 by 11/08/2005
- More than 275 new security bugs found last week in the Oracle 10g database - 11/09/2005 by 11/09/2005
- Commercial rainbow cracking - 11/11/2005 by 11/11/2005
- DBMS_ASSERT can be used to protect against SQL Injection - 11/12/2005 by 11/12/2005
- Problems with the October CPU discovered - 11/14/2005 by 11/14/2005
- Oracle responds to the password algorithm weakness paper - 11/15/2005 by 11/15/2005
- OracleXE beta 2 released - 11/17/2005 by 11/17/2005
- Listener password management features - 11/18/2005 by 11/18/2005
- A new Oracle security checklist paper from Oracle - 11/19/2005 by 11/19/2005
- Two new speaking events added to my site - 11/20/2005 by 11/20/2005
- Happy 20th birthday Windows - 11/22/2005 by 11/22/2005
- Oracle Database security checklist from Oracle - 11/24/2005 by 11/24/2005
- 0rm has updated orabf the Oracle password cracker - 11/25/2005 by 11/25/2005
Archives
Syndication
Powered by gm-rss 2.0.0
