"Implementing Database Security and Auditing" - A Useful, Timely Book
, attacks the subject with a vengenance.
In just over 400 pages the author manages to quite thoroughly cover a wide variety of database security topics. Whether you want to learn more about encryption, authentication and password control, or access control, this book provides help.
The book is useful for both DBAs and security administrators, giving each a better view of the world where the disciplines of database management and security management meet. Even better, the book offers many examples and guidelines for multiple environments. Whether you use DB2 on AIX, MySQL on Linux, Oracle on Unix, or SQL Server on Windows, Ben Natan's book provides useful guidance.
Are you curious to know more about SQL injection attacks? Learn what they are and why they are dangerous in this book. What about buffer overflows? Maybe you've read about them in the IT press, but those "newsy" pieces rarely delve into the depth required to understand and prevent attacks using these methods. This book offers that depth.
Chapter 7, "Using the Database to do Too Much," is particularly useful. In this chapter the author discusses some of the things not to do if you want to properly secure your database environment. You can save yourself a lot of trouble by reading and following these useful suggestions.
I think my favorite section of the book is the final three chapters. Here is where the author tackles the meaty topics of regulatory compliance and database auditing. New governmental rules and regulations are being introduced constantly and their impact on database administration is not clearly understood by many heads-down, techies. This book will give you a clearer understanding of laws such as GLB, Sarbanes-Oxley, and HIPAA -- and lend guidance on how to adapt your database environment in order to comply with these laws.
All-in-all Implementing Database Security and Auditing
© 2005, Mullins Consulting, Inc.
