Database Security Books

With the onslaught of increasing governmental regulations and never-ending news stories on data breaches, securing corporate data is indeed a hot topic these days. You can also see just how hot by taking a look at the recent books published on database security issues.

At the top of the list is Rob Ben-Natan’s Implementing Database Security and Auditing (Elsevier Digital Press, ISBN: 1-55558-334-2). Ron’s book is a nice guide to database security issues written from a non-proprietary, heterogeneous perspective. The book, published in 2005, manages to quite thoroughly cover a wide variety of database security topics in just about 400 pages. The book addresses the important database security issues including encryption, authentication and password control, access control, SQL injection, and data access auditing. Whether you use DB2 on AIX, MySQL on Linux, Oracle on Unix, or SQL Server on Windows, Ben Natan’s book provides useful guidance.

Of course, you may have more in-depth database security questions and needs, such as how best to implement specific security requirements using a particular DBMS, or which features are actually implemented in your DBMS of choice. That means you’ll need a book that specializes, but no need to worry as books have recently been published for each of the big three DBMSs (DB2, Oracle, and SQL Server).

For Microsoft SQL Server admins, there is How to Cheat at Securing SQL Server 2005 by Timothy Blum, et al (Syngress). Interesting title, isn’t it? It made me wonder: “is this something I really would want to cheat at?” Well, title aside, the book emphasizes best-practice security measures. It offers guidance for maintaining SQL Server security in an enterprise environment, covering topics such as roles and password protection, SQL Server authentication modes, auditing using triggers, and  information on encrypting data “at rest” or “in flight.”

If you are charged with securing a Microsoft SQL Server environment the advice in this book could help to save you from a lot of worry and trouble. After all, SQL Server databases are a favorite target for Internet hackers.

For Oracle admins, there is Practical Oracle Security by Aaron Ingram and Josh Saul (Syngress). The book is billed as being designed to help you to establish procedures for protecting your Oracle database environment. It covers a plethora of topics including managing default accounts, TNS, password controls, administration of PUBLIC privileges, and advice on developing a sustainable security plan. And there is a companion web site which contains dozens of scripts for automating Oracle security tasks.

Word of caution, though, check out this review of the book (http://blog.red-database-security.com/2007/11/26/review-practical-oracle-security/) before relying too heavily on the advice within. You might want to consider an alternate Oracle security written by Ron Ben Natan call HOWTO Secure and Audit Oracle 10g and 11g (Auerbach Publications, ISBN: 978-1420084122). This book is a little fresher (published in 2009) and has great reviews on Amazon.

Note: Both of the Syngress titles offer purchasers a free downloadable e-book (PDF) version of the hard copy book at no additional charge.

And finally, for DB2 admins, we have Understanding DB2 9 Security by Rebecca Bond, et al (IBM Press). This book offers quite a comprehensive guide to securing DB2 and leveraging the powerful new security features of DB2 9. This book is well-organized and offer in-depth coverage of DB2 security issues such as identification and authentication controls, label based access control (LBAC), encryption (“at rest” and “in flight”), auditing and intrusion detection, using SSH, and managing patches and fixes.

The book is written for users of DB2 on Linux, Unix, and Windows platforms, and not for the z/OS flavor of DB2. But since there are many similar issues, DB2 for z/OS admins will find much to interest them, too. (And while you’re at it, check out the IBM Press book Mainframe Basics for Security Professionals – not about database security, but interesting for mainframers concerned about security and RACF nonetheless).

If you are looking for additional information on securing your operational databases, there are indeed, many book choices out there that may be able to help you out. Other database security books you might want to check out include:

Advertisements

About craig@craigsmullins.com

I'm a strategist, researcher, and consultant with nearly three decades of experience in all facets of database systems development.
This entry was posted in book review, books, data breach. Bookmark the permalink.

4 Responses to Database Security Books

  1. Philomena Stoviak says:

    Hey there! This is my first visit to your blog! We are a team of volunteers and starting a new initiative in a community in the same niche. Your blog provided us useful information to work on. You have done a extraordinary job!

  2. Sale UGGs Boots free shipping says:

    There are two ways to write error-free computer programs. Only the third one works.

  3. Pingback: Learning Oracle : questions list (1)

  4. Angla Laranjo says:

    Excellent write-up. Thanx for posting this insightful information and giving us your perspective.

    Please keep up the good work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s