Database Security within the General Security Landscape and a Defense-in-Depth Strategy - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

3.

Harden your environment. Many default configurations are vul-

nerable and can be easily hardened. You should run vulnerability

scans to see what services you can remove and what hotfixes need

to be applied.

4.

Build and maintain a test environment that mirrors the produc-

tion environment as much as possible.

5.

Before patches are installed, make sure you have a back-out plan

that you can activate in case something goes wrong in the process.

6.

Automate the tracking and classification of patches and fixes so

that you can quickly evaluate the relative importance to your

environment. This tool should also maintain prerequisite and

dependency information between the patches.

7.

Automate the process of patch distribution and installation.

8.

Create detailed project plans for implementing patches. Patching

(and configuration management in general) is a process that may

need to involve many people. You may need to have experts on

standby in case something goes wrong. You may need to schedule

downtime. You may need to notify help desk personnel of the

work, and you may need to notify people at the operations center

in case you have automated monitoring tools in place.

9.

Finally, all of these tasks and steps need to be formally docu-

mented and defined as a set of procedures and policies so that the

process becomes repeatable and sustainable.

2.9

Incident management

Incident management (sometimes called incident handling or incident

response) is the part of the security management process responsible for the

investigation and resolution of security incidents that occur or that are

detected. Incident management is a critical component, because without it,

all of the technologies that flag incidents are worthless; there is no point in

being able to uncover problems and attacks if you do nothing about them.

Incident handling is also one of the most expensive parts, because the

resource costs for this part of the security process tend to be high. It is typi-

cally difficult to staff a good incident handling team because the team needs

to include experts in almost every IT discipline, needs to intimately under-

stand the systems (including internals), and needs to be able to think both

like an investigator and like an attacker.

Implementing Database Security and Auditing

Search WWH ::

Custom Search

Home