Ten Security Tips for SQL Server. Andy Warren
|
|
- Evelyn Washington
- 5 years ago
- Views:
Transcription
1 Ten Security Tips for SQL Server Andy Warren
2 Idera SQL Compliance Manager Improve any SQL Server Audit Audit Sensitive Data - see who did what, when, where, and how Track and Detect - monitor and alert on suspicious activity Satisfy Audits - for PCI, HIPAA, FERPA and SOX requirements Generate Reports - 25 built-in reports to validate SQL Server audit trails Minimize Overhead - light data collection agent minimizes server impact
3 About Me DBA, Consultant, Writer Served on the PASS Board Co-founder of SQLSaturday Former President of opass Founding principal in SQLServerCentral.com 3
4 Goals For Today Get you thinking about security! 4
5 Agenda Page What does compliance want and why? What about the DBA? And the hacker? What works and what is security theater? 10 security tips Additional ideas and reading Q&A 5
6 Understanding Compliance Technical, but not as technical as you Places high value on best practices Places high value on vulnerability scans Wants to make sure the obvious has been done Higher level, more holistic view 6
7 What Does Compliance Want? Least privilege Granular permissions Lots of logging/auditing Change control Usable alerts Process. Process. Process. Sustainability 7
8 What Does the DBA Want? Crisp and clear patterns for securing instances and databases Reasonable belief that they are doing enough Support from the business and compliance on enforcing the rules Not wind up on the evening news due to a breach 8
9 The hacker! Wants? Access of course Starts on tertiary systems that aren t important and works their way in to the core Looking for clues, exploits common gaps Tries hard to erase footprints 9
10 Good or Theater? In the SQL space most things we do are reasonable, but here is a test: Enable C2 Auditing Require Windows Authentication Only Disable xp_cmdshell 10
11 The Caution Statement! These are basic tips, but still worth doing and checking There are always exceptions Even a small change can break things (but are also easy to undo) 11
12 #1 Disable The Guest Account Start with something easy and obvious by making sure there is no anonymous access allowed in any of your user databases, plus model Not as easy as just removing it from the instance 12
13 #2 No Grants to Public Auditors want to see explicit grants to well defined roles (ideally that map to a business role or an application role) Our goal is to deny information by default, grant as requested/approved. Public = bad! 13
14 #3 Remove BuiltIn\Admins Not required for SQL to have this If admins require access, add a domain group as a login (even if it has to be a sysadmin member) Will require some testing, but it s not a major change 14
15 #4 Audit AND Alert on Login Failed Typically only audit failed logins Failures should be relatively rare Lots and lots of options for alerting Leverage SQL Agent, alerts, etc External monitor Nothing more important than to investigate these, this is your best chance to catch an attack in the early stages 15
16 #5 Rename the SA Login Obvious target for a hacker Rename, then create a fake SA that becomes the bait 16
17 #6 Disable The Browser Service Or at least disable advertising Denying knowledge slows the attack down Surprisingly effective 17
18 #7 Change the Default Port Hackers know to try 1433 Any other port takes longer to find, more chance we detect them looking Make sure your scanner knows the correct port to scan on! 18
19 #8 Grant Perms to Roles Only More secure? No. And Yes. Roles are packaging, they play a big part in managing effectively AND in the annual (or more) access recertification Adding someone to a role is a simple change with not much chance of error Arguably much riskier to do a bunch of grants for a new user 19
20 #9 Remove Unused Logins Ideally logins are groups or service accounts that require little maintenance Once a year (or more) review is required Check for orphaned users while you re at it! 20
21 #10 Vulnerability Scans Scanners (Rapid7, Qualys, etc) may not catch everything, but they catch a lot Run often! Especially after any patching, upgrade, deployment Not all issues can be fixed immediately prioritize Fix, then rescan to confirm 21
22 Summary Security is complicated Hardening is first (and evolving) step Process is incredibly important, one slip can let an attacker through Monitoring and alerting can be home grown, but easier with tools Easy to have a gap that gets overlooked (it s always been that way) 22
23 Resources Securing SQL Server by Denny Cherry Microsoft SQL Server 2012 Security Cookbook by Rudi Bruchez SQL Server Security Checklist by Tibor Nagy Nexpose 23
24 Questions and Wrap-up 24
SQL Server Solutions GETTING STARTED WITH. SQL Secure
SQL Server Solutions GETTING STARTED WITH SQL Secure Purpose of this document This document is intended to be a helpful guide to installing, using, and getting the most value from the Idera SQL Secure
More informationSERVER HARDENING CHECKLIST
SERVER HARDENING CHECKLIST WINDOWS 2003 SERVER CHECKLIST This checklist contains server hardening procedures for Windows 2003 Server. The procedures listed in this document are a balance of industry best
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2,
More informationSQL Server Security Whitepaper SQL SERVER SECURITY PRACTICES BY PINAL DAVE
SQL Server Security Whitepaper SQL SERVER SECURITY PRACTICES BY PINAL DAVE INTRODUCTION There are a number of examples where data theft has brought businesses to a halt or resulted in bad press that will
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationOracle Database Vault
by Craig Moir Of MyDBA November 2010 What Security problems do we face today? The most pressing security problems facing organizations today are : Protecting sensitive data against insider threats; Meeting
More informationmaxecurity Product Suite
maxecurity Product Suite Domain Administrator s Manual Firmware v2.2 ii Table of Contents BASICS... 1 Understanding how maxecurity products work in your company... 1 Getting started as a Domain Administrator...
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationDatabase Centric Information Security. Speaker Name / Title
Database Centric Information Security Speaker Name / Title The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationThe 3 Pillars of SharePoint Security
The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationSecurity Configuration Assessment (SCA)
Security Configuration Assessment (SCA) Getting Started Guide Security Configuration Assessment (SCA) is a lightweight cloud service which can quickly perform the configuration assessment of the IT assets,
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationOracle Database Auditing
By Craig Moir craig@mydba.co.za http://www.mydba.co.za August 2012 Version 1 WHY AUDIT? Allows organizations to enforce the trust-but-verify security principle. Satisfying compliance regulations. Enables
More informationIT infrastructure layers requiring Privileged Identity Management
White Paper IT infrastructure layers requiring Privileged Identity Management Abstract Much of today s IT infrastructure is structured as different layers of devices (virtual and physical) and applications.
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationOracle Database Security Assessment Tool
Oracle Database Security Assessment Tool With data breaches growing every day along with the evolving set of data protection and privacy regulations, protecting business sensitive and regulated data is
More informationADDRESSING TODAY S VULNERABILITIES
E-Guide ADDRESSING TODAY S VULNERABILITIES SearchSecurity E ven if your firm has no legal or contractual obligation to perform them, authenticated scans should be an essential part of your security program.
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCloud Transformation Program Cloud Change Champions June 20, 2018
Cloud Transformation Program Cloud Change Champions June 20, 2018 W June C Today s Agenda C C M! 1 Welcome and Agenda Overview Program Updates 2 Security Issues in the Cloud Presenter: Michael Timineri
More informationSQL Server Security. Marek
SQL Server Security Marek Chmel Lead Database Administrator @ AT&T MVP: Data Platform MCSE: Data Management and Analytics MCT: Regional Lead Certified Ethical Hacker CEHv8 marek.chmel@technet.ms @MarekChmel
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationIT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT
IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT AGENDA A high level overview of what to implement in your library to make it secure. With the rise of data breaches,
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationUNIFICATION OF TECHNOLOGIES
UNIFICATION OF TECHNOLOGIES SIEM Management Incident Management Risk Intelligence Storage Detection Prevention Awareness Security Technology IDS/IPS WIDS Vulnerability Assessment Identity Unified SIEM
More informationInsurance Industry - PCI DSS
Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services. Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance with the
More informationTHE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015
THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT 2 EXECUTIVE SUMMARY The growth of enterprise-developed applications has made it easier for businesses to use technology to work more efficiently and productively.
More informationVANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER
VANGUARD INSURANCE INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationWHITE PAPERS. INSURANCE INDUSTRY (White Paper)
(White Paper) Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance
More informationVANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER
VANGUARD GOVERNMENT INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationDatabase Attacks, How to protect the corporate assets. Presented by: James Bleecker
Database Attacks, How to protect the corporate assets Presented by: James Bleecker Agenda Introduction Network/Application Landscape Database Vulnerabilities Are The New Front-Lines Attacking Where the
More informationFireMon Security manager
FireMon Security manager Regain control of firewalls with comprehensive firewall management The enterprise network is a complex machine. New network segments, new hosts and zero-day vulnerabilities are
More informationSQL Server Hardening Considerations, on page 1 SQL Server 2014 Security Considerations, on page 3
Considerations, on page 1 SQL Server 2014 Security Considerations, on page 3 Considerations Top SQL Hardening Considerations Top SQL Hardening considerations: 1. Do not install SQL Server on an Active
More informationHacker Explains Privilege Escalation: How Hackers Get Elevated Permissions
Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation Agenda Elevation Escalation Prevention
More informationThe Problem with Privileged Users
Flash Point Paper Enforce Access Control The Problem with Privileged Users Four Steps to Reducing Breach Risk: What You Don t Know CAN Hurt You Today s users need easy anytime, anywhere access to information
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationAre You Avoiding These Top 10 File Transfer Risks?
Are You Avoiding These Top 10 File Transfer Risks? 1. 2. 3. 4. Today s Agenda Introduction 10 Common File Transfer Risks Brief GoAnywhere MFT Overview Question & Answer HelpSystems Corporate Overview.
More informationBest Practices for Deployment of SQL Compliance Manager
Best Practices for Deployment of SQL Compliance Manager Table of Contents OVERVIEW/PURPOSE...2 REQUIRED LEVEL OF AUDITING...2 SQL COMPLIANCE REPOSITORY SQL SETTINGS...2 CONFIGURATION SETTINGS...3 CAPTURED
More informationHackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm
whitepaper Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm When your company s infrastructure was built on the model of a traditional on-premise data center, security was pretty
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationBUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE:
BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE: 15 Questions to Ask Yourself and Your DAST Vendor > An Introduction to the AppSec Market Page 3 Dynamic Application Security Testing Requirements Page
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationCyber Security Awareness for SmallSat Ground Networks
Cyber Security Awareness for SmallSat Ground Networks SSC16-IX-02 SmallSat 2016 Ted Vera Colorado Springs, CO (719) 598-2801 Denver, CO (303) 703-3834 Chantilly, VA (703) 488-2500 http://www.rtlogic.com
More informationWelcome to IBM Security Guardium Analyzer!
Welcome to IBM Security Guardium Analyzer! To help you get started with IBM Security Guardium Analyzer, please refer to these frequently asked questions: What is IBM Security Guardium Analyzer? Guardium
More informationCyber Security Audit & Roadmap Business Process and
Cyber Security Audit & Roadmap Business Process and Organizations planning for a security assessment have to juggle many competing priorities. They are struggling to become compliant, and stay compliant,
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationSO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY www.securelink.net BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationWebLogic Security Top Ten
WebLogic Security Top Ten June 2014 Michael Miller Chief Security Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Stephen Kost Chief Technology Officer
More information2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet OSIsoft, LLC. OSIsoft vcampus Live! 2009 where PI geeks meet
2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet 1 Considerations of the new PI Security Model Bryan S. Owen OSIsoft Cyber Security Manager 2 Security Roadmap 3 Security Reality Today State
More informationEvolution Of The Need For IAM. Securing connections between people, applications, and networks
Evolution Of The Need For IAM December 2006 Evolution Of The Need For IAM Identity issues are nothing new Who steals my purse steals trash / But he that filches from me my good name / Robs me of that which
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationBEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION
GUIDE BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION CONTINUOUS SECURITY With attackers getting more sophisticated every day, manual methods of locating and testing web-based apps
More informationHost. Computer system #1. Host Hardening
Host Hardening Series of actions to be taken in order to make it hard for an attacker to successfully attack computers in a network environment (March 28, 2016) Abdou Illia Spring 2016 Host In network
More informationSponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam
Sponsored by Oracle SANS Institute Product Review: Oracle Audit Vault March 2012 A SANS Whitepaper Written by: Tanya Baccam Product Review: Oracle Audit Vault Page 2 Auditing Page 2 Reporting Page 4 Alerting
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationsecurity mindfulness dwayne.
security mindfulness dwayne. foley@eagledream.com security mindfulness defined - the quality or state of being aware that you need to build security into your daily practice -the secure state achieved
More informationBest Practices (PDshop Security Tips)
Best Practices (PDshop Security Tips) For use with all versions of PDshop Revised: 12/29/17 PDshop.com / Copyright 2002-2018 All Rights Reserved. 1 Table of Contents Table of Contents... 2 Best Practices...
More informationCreate, protect, and manage databases for compliant DevOps
Create, protect, and manage databases for compliant DevOps 26 years SQL Server data experience DBA, developer, manager, writer, speaker in a variety of companies and industries Founder, SQLServerCentral
More informationIBM Internet Security Systems Proventia Management SiteProtector
Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and
More informationSANS AppSec AppSec what can you learn from small companies? What Works and What Doesn t
SANS AppSec 2012 AppSec what can you learn from small companies? What Works and What Doesn t About Me 25 years experience in software development and Ops Mostly in small companies designing and building
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationThink Like an Attacker
Think Like an Attacker Using Attack Intelligence to Ensure the Security of Critical Business Assets Current State of Information Security Focused on detection and response Desire to reduce detection to
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationHIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department
HIPAA Assessment Prepared For: ABC Medical Center Prepared By: Compliance Department Agenda Environment Assessment Overview Risk and Issue Score Next Steps Environment NETWORK ASSESSMENT (changes) Domain
More informationSONICWALL SECURITY HEALTH CHECK PSO 2017
SONICWALL SECURITY HEALTH CHECK PSO 2017 Get help in fully utilizing your investment to protect your network Overview SonicWALL Security Health Check provides a customer with a comprehensive review of
More informationUsing imis Security for Access Control
Using imis Security for Access Control Friday, April 6, 2018 11:15 AM 12:15 PM Bruce Wilson, Senior Director, Technology and Management Consulting RSM US LLP About me Senior Director, Technology and Management
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationGoing Without CPU Patches on Oracle E-Business Suite 11i?
Going Without CPU Patches on E-Business Suite 11i? September 17, 2013 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation About
More informationPrivate Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy
Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy Private Clouds: Opportunity to Improve Data Security and
More informationThe tale of one thousand and one ADSL modems
The tale of one thousand and one ADSL modems Fabio Assolini, Malware Researcher, twitter.com/assolini Virus Bulletin 2012 Dallas, USA PAGE 2 If we can t attack a computer or a server, we ll attack a router
More informationGDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018
GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine
More informationVulnerability Assessment with Application Security
Vulnerability Assessment with Application Security Targeted attacks are growing and companies are scrambling to protect critical web applications. Both a vulnerability scanner and a web application firewall
More informationGrant permissions sql server Grant permissions sql server 2008.zip
Grant permissions sql server 2008 Grant permissions sql server 2008.zip 12/01/2011 I am trying to set column level permissions on a table in SQL Server 2008. These are the steps I took: Right-click on
More informationEvents Management or How to Survive Security Incidents. Belnet Security Conference May 2010
Events Management or How to Survive Security Incidents Belnet Security Conference May 2010 Agenda Today's Situation How to implement a solution How to handle security incidents Examples & tools Q & A About
More informationCrash course in Azure Active Directory
Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.
More informationSANS Institute Product Review: Oracle Database Vault
Sponsored by Oracle SANS Institute Product Review: August 2011 A SANS Whitepaper Written by: Tanya Baccam Overview and Setup PAge 2 Creating and Testing Realms PAge 3 Rules, Roles and Factors for Granular
More informationLEARN READ ON TO MORE ABOUT:
For a complete picture of what s going on in your network, look beyond the network itself to correlate events in applications, databases, and middleware. READ ON TO LEARN MORE ABOUT: The larger and more
More informationOracle Database Vault
Oracle Database Vault Best Practices ORACLE WHITE PAPER MAY 2015 Table of Contents Executive Overview 2 Installation 3 Pre-Installation Notes 3 Separation of Duty 3 Separation of Duty Matrix 4 Oracle Database
More informationClosing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft
Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies Ronit Reger, Senior Program Manager at Microsoft Session goals 1. Data Privacy and the GDPR - Data privacy as a
More informationSimplifying Security for IBM i and IBM Security QRadar
White Paper Simplifying Security for IBM i and IBM Security QRadar www.townsendsecurity.com 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 800.357.1019 fax 360.357.9047 www.townsendsecurity.com
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationA QUICK PRIMER ON PCI DSS VERSION 3.0
1 A QUICK PRIMER ON PCI DSS VERSION 3.0 This white paper shows you how to use the PCI 3 compliance process to help avoid costly data security breaches, using various service provider tools or on your own.
More informationSecuring Your Company s Web Presence
Securing Your Company s Web Presence Russ McRee Microsoft Holisticinfosec.org Common security threats to your web presence & what you can do about it ISACA Puget Sound Meeting 3/16/2010 Securing your company
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More information