In today’s cyber security, landscape database is considered to be the most important asset of an organization, which holds sensitive information about the business and employees . Having installed and configured firewalls, IDS and end point security, one should not expect that the database is secure and there is no way anyone can breach data. Most of the major data breach incidents of the last few years indicates that despite having installed the state of the art firewalls and other security appliances, the database got breached. [Read more…]
One of the least prioritize part in data base security is not taking countermeasures against database access. Some solid measures that you can take to secure the access methods in your database are:
- Whether you use Oracle database or Microsoft SQL database, both the organization releases their security patch almost regular basis. So, make sure that you visit the security patch pages of your vendor’s website and apply the recommended patch as soon as they are released. Remember to test the patch in a test environment before applying in the production environment. [Read more…]
An auditor needs to check the Oracle database in order to gather some useful and important information to conduct his audit. In fact, an auditor will ask the system administrator to run the commands and collect the information on behalf of him. The following are the basic commands that you need to know before starting the proper audit of the audit trail.
To get a list of all users in the database:
SQL. Select *from all_users;
Another useful command is to check the list of privileges assigned to a user. You have to run this command after logging in with the user that you want to audit for privileges.
SQL> select username, privilege from user_sys_privs;
Note: all the commands used in this article works with Oracle 10g.
Normally, you need to enable oracle audit in order to audit an Oracle object (e.g. table, users). Here, the term “audit” means to generate logs for users’ activities such as running a query or creating a table. So, to get audit data you need to enable it at the first hand. But, there are some activities that generate log files regardless of you have enabled the audit or not and those activities are:
When an administrator log in to the database
When Oracle starts up
When oracle shutdown.
Popularity has a price to pay since everything on this world has its face value. And Oracle database software is no different than that. In this post, you may expect to have some basic idea on Oracle security and its risks. The features of Oracle that has security risks are:
- System tables
- Oracle Listener
Securing MySQL requires not only hardening the security configuration of your database itself but also the web server along with the operating system. As you know that most of the web hosting provider love Linux and Apache as part of their web-hosting solution, you need to make sure that your host is taking proper security measures to ensure tighter control of Apache and OS. Your main task will be to perform a few simple tasks or test on your MySQL to remove all the known and easy-to-solve security vulnerabilities of your database. And the good news is that if you are new website owner and reluctant to learn some basic SQL tricks to, then also you can fix the basic security settings of your database from PhPMySQLadmin interface of your Cpanel.
Unless you are hosting your website on your own server in your own premise, you should let the task of Apache and OS security setting to your hosting provider. Now, checkout the following steps required for MySQL security: [Read more…]
There are thousands of wordpress experts who will suggest the beginners to take regular backup of their websites. If you are just learning how to make wordpress blog, then you may not pay attention to the importance of taking backup and restoration. Think about this you have a blog of 50 articles and getting 1000 organic traffic and one day morning when you logon to your website, you find that for some reason you cannot log on or your site has been hacked. In the following few paragraphs I will show you how you can take a full backup for your site and restore it at your will whenever you need it.
Why wordpress backup? – There are a number of reasons why your wordpress blog codes can get corrupted. The reasons are as follows:
1. due to accidental deletion of codes or a portion of codes
2. WordPress may dis-funciton due to installation of new plug-in that you never tested with your blog
3. Updating to a new version of wordpress might cause problems.
4. your hosting providers’ server got crashed, though it is one of the least probable and it might never happen if your host has redundant servers, but you never know what lies ahead
5 your site might get hacked and the level of damage might be beyond repair.