Re: Fw: OT - Getting fired for database oops

  • From: Nuno Souto <dbvision@xxxxxxxxxxxx>
  • Date: Thu, 28 May 2009 22:55:26 +1000

Frits Hoogland wrote,on my timestamp of 28/05/2009 5:37 AM:
But even if it's done in the most perfect way, if not *all* components involved (network, operating system, database, applications) are tightly secured, a mistake in another layer could easily lead to compromise. Also, in the cases I encountered, the security auditor has no/little technical knowledge, which means that with some suggesting and some omitting of details it's quite easy to pass the audit.

It reminds me of a saying in the network world about firewalls: 'the harder on the outside, the softer on the inside'. At least until two years ago, the default operator interface of networking components like switches and routers, but disturbingly even firewalls is telnet. SSH (encrypted) access is an option...



Good points. It's always surprised me in some sites to see intranet security trusted almost exclusively to the firewall.
Then when asked about intruder detection, the reply is "uh?".
Many others as well trust monitoring/management to SNMP over UDP...

Then again, how far does one take the paranoia?
("paranoia" in the sense of obsession over security, not the clinical one)
Like someone else said: the biggest danger is often internal!

--
Cheers
Nuno Souto
in sunny Sydney, Australia
dbvision@xxxxxxxxxxxx
--
//www.freelists.org/webpage/oracle-l


Other related posts: