What is a Database Firewall, and why should it be your first line of defense?

  • Posted on: 18 November 2011
  • By: milina.ristic
Author/Owner: 
James Sadler
The 2010 IOUG Data Security Survey indicated only 35%25; of respondents said they have taken steps to prevent SQL injection attacks. In 2011 a high profile SQL-injection attack compromised the records of tens of millions Sony customers. With these two events in mind this presentation discusses what a SQL-injection attack is, and why they are so effective in their abilitiy to compromise databases. It will then look at how the concept of a firewall can be applied to protect databases from SQL-injection attacks, how it fits into a broader defense in depth strategy, and finally what other benefits does it bring in terms of audit compliance.
AttachmentSize
PDF icon NZOUG 2011 Database Firewall.pdf1.88 MB
Version: 
1
Publish Date: 
18 Nov 2011
Organization: 
Oracle
Presenter Biography: 
James was bought on board Oracle New Zealand when Oracle established an identity management business in New Zealand in 2008. As a sales consultant James provided not only the link between Oracle product and customer requirements, but also advice relating to best practices around security generally. Prior to Oracle James was a security consultant with CA Technologies for about 7 years during which time he represented wide range of security areas from network forensics to identity management. He has had a a varied background that ranges from product management for mobile telephony billing mediation systems to pre-sales specialist for emergency services dispatch systems James is a Certified Information Systems Auditor (CISA), and a Certified Information System Security Professional (CISSP).
field_vote: