Securosis Blog | SQL Azure and 3 Pieces of Flair

Securosis Blog | SQL Azure and 3 Pieces of Flair.

Adrian Lane, the database security analyst at Securosis, points out the rather limited security controls Microsoft provides for SQL Azure.

Firewall, SSL, and user authentication are the totality of the technologies prescribed.

In other words, you are on your own. We recommend Sentrigo, an agent-based database intrusion prevention solution that sits right in the database VM.

Burning question: How can VM sprawl be prevented?

Burning question: How can VM sprawl be prevented?.

VM sprawl, or virtual machine sprawl, is just what it sounds like: too many VMs sprawled across a virtual infrastructure, taking up processing power and storage space even if they are rarely used. Since spinning up a new VM can be done in a matter of minutes, users come to expect a new machine, on-demand, whenever they want it.

The issue is not necessarily to prevent VM sprawl, assuming all these VMs are serving valid business purposes. The issue is managing them and providing security. We recommend the following solutions:

  • Management AccelOps automatically discovers new VM instances and new VMWare hosts. It then continues to monitor availability and performance and collect the appropriate logs and flows they generate.
  • Network and Server Security Altor Networks provides a VMSafe-certified firewall/IPS which is embedded in the VMWare hypervisor. It protects the hypervisor itself, controls and protects all communication into and out of the associated VMs, and monitors the services running in each VM.
  • Database Security – Specifically for virtualized database servers, we recommend Sentrigo. It runs in the database VM to (1) protect the database from targeted database attacks like SQL Injection and (2) provides complete user access monitoring and control including activity generated by privileged users, stored procedures and triggers.

Oracle fixes add to massive patch load expected Tuesday – SC Magazine US

Oracle fixes add to massive patch load expected Tuesday – SC Magazine US.

Of the 81 fixes in Oracle’s quarterly patch release, seven of them are for databases.

The question is how long will it take to test and install these patches? Experience says months. That means your systems will be exposed to these vulnerabilities for months.

I am by no means suggesting you should rush the deployment of these patches. Thorough testing is a must.

The answer is the virtual patching capability of Sentrigo, a database protection solution. In a matter of days, if not sooner, Sentrigo updates their agents protecting your databases with new “vulnerability signatures” that protect against threats looking to exploit the well documented vulnerabilities for which Oracle is providing patches.

In many cases, Sentrigo ships the “vPatches” before Oracle ships their patches.

We recommend Sentrigo as a core component of our next-generation defense-in-depth architecture.