Securing enterprise business-critical data is as important for DBAs as database tuning and data protection. Oracle provides comprehensive and powerful security controls/solutions to ensure data privacy and data security which will help with meeting regulatory compliance. Oracle supports the following security controls: Data Masking Advance Security (TDE, Data Redaction) Label security Virtual Private Database (VPD) Fine Grained Auditing (FGA) Data… Read more
It is only a matter of time in developing most websites that you'll need to implement a way of restricting access to parts of the site. In MVC, the 'Authorize' attribute handles both authentication and authorization. In general, it works well, with the help of extension to handle AJAX calls elegantly, and to distinguish between unauthorized users and those who are not logged in.… Read more
The default trace is still the best way of getting important information to provide a security audit of SQL Server, since it records such information as logins, changes to users and roles, changes in object permissions, error events and changes to both database settings and schemas. The only trouble is that the information is volatile. Feodor shows how to squirrel the information away to provide reports, check for unauthorised changes and provide forensic evidence.… Read more
Often, an existing database application must evolve quickly by incremental steps. Alex describes a tried and tested system to provide an automated approach to deploying both new and existing database systems, whilst dealing with common security and configuration issues. … Read more
With each revision, SharePoint becomes more a SQL Server Database application, with everything that implies for planning and deployment. There are advantages to this: SharePoint can make use of mirroring, data-compression and remote BLOB storage. It can employ advanced tools such as data file compression, and object-level restore. DBAs can employ familiar techniques to speed SharePoint applications. Bert explains the way that SharePoint and SQL Server interact. … Read more
So much has been written about SQL Injection, yet such attacks continue to succeed, even against security consultants' websites. The problem is often that only part of the solution is described, whereas the best practice requires the use of defense in depth.
… Read more
Security requires defense in depth. The cleverest intrusion detection system, combined with the best antivirus, won't help you if a malicious person can gain physical access to your PC or server. A routine job, helping to remove a malware infection, brings it home to Wesley just how easy it is to get a command prompt with SYSTEM access on any PC, and inspires him to give a warning about the consequences.… Read more
Since the introduction of SQL Server 2005, there is a simple lightweight trace that is left running by default on every SQL Server. This provides some very valuable information for the DBA about the running server, but it isn't well-documented. Feodor reveals many of the secrets of this facility and shows how to get reports from it.
… Read more
In the third, and final article that introduces Code Access Security in .NET Framework 4.0, Matteo explains, with examples, how the Level2 Security Transparent Model works within a hosted ASP.NET environment.… Read more
Having introduced us to the basics of the new Code Access Security Model available in .NET Framework 4.0, Matteo Slaviero explains how to use this powerful new system to implement fine-grained code security in ways where have never before been possible.… Read more
The Code Access Security model has been completely redesigned in the .NET Framework 4.0, to the point where CAS policies have been completely removed, and everything now works through Level2 Security Transparency. Confused? Not for long. Matteo Slaviero, a .NET security expert, brings us up to speed.… Read more
If you're a Systems Administrator concerned about information security, you could do worse than implementing Microsoft's Information Rights Management system; especially if you already have Active Directory Rights Management Services in place. Elie Bou Issa talks Hub Servers, Transport Protection Rules and Outlook integration in this excellent guide to getting started with IRM.… Read more
With security concerns being a constant litany, it's worth considering Active Directory Rights Management Services as a powerful tool in your access-control arsenal, particularly when it integrates so neatly with Exchange 2010. Elie Bou Issa kindly takes us, step by step, through everything we need to know to install and start using this versatile technology like a pro.… Read more
If one were to close one's eyes and imagine a BT Executive, one would never conjure up Bruce Schneier. He is one of the greatest experts in cryptography, and a well-known mathematician. He even got a brief mention in thebook 'The Da Vinci Code'. He also remains an outspoken and articulate critic of the way that security is actually implemented in applications, as Richard Morris found out when we dispatched him to interview him.… Read more
It has never been so important to enhance your employability as it is today. Job security can never be taken for granted. Employability, increasing your professional value, means far more than just collecting qualifications, as Dr Masha Petrova explains: It also involves communicating, writing, and participating in communities.… Read more
Luca Cardelli is probably best known for Polyphonic C# and Biocomputing, but he has designed a number of experimental languages and published a variety of papers on Theoretical Computing subjects such as type theory and operational semantics. He is now Principal Researcher at Microsoft Research in Cambridge, and head of the Programming Principles and Tools and Security groups. We sent a slightly apprehensive Richard Morris to ask him about DNA Computing… Read more
The trouble with making general rules about programming practices is that one can miss out on many benefits of of a framework by following them too literally in every context. Everyone knows that one should watch for performance problems and security issues with reflection. It doesn't mean you shouldn't it, it just means you must test carefully, monitor performance, and assess risks. Nick Harrison illustrates the theme with a practical example.… Read more
There are good reasons for preventing old versions of Outlook from connecting to Exchange Server. You'll probably, at least, want to do it for security. Before you do so, you'll also need know what versions are out there being used so you can make sure that blocking of legitimate users is prevented. Ben Lye explains how it is done. explains … Read more
We asked Brian for a description of the Help System for the software he's working on and ends up quoting Blake's poetry, discussing town criers, Ziggurats, security guards and the BRAD signal.… Read more
Professor Ross Anderson is one of the foremost experts in Computer Security in the world. He has published widely on the economics of security. cryptology, formal methods, hardware design, and the robustness of distributed systems in general. He is best known for his book 'Security Engineering: A Guide to Building Dependable Distributed Systems'. He has never been shy of controversy, and we were intrigued by the influence he wields at Cambridge University; so intrigued were we that we sent the taciturn Richard Morris to find out more from him… Read more