|
Exactly in the period of this world crisis you should study to get your Certification, in order to be much more competitive in the job market. If employers or employees, for a wide vision please see the link Benefits in the right column. Low Cost!
Only US$
99.00! Certify your
Abilities business administration | executive mba | e-government | | international marketing | finance management | project management | human resources | hospital_management | hotel_management | internet marketing Our Information Technology Fields: chief information officer | customer relationship management | enterprise resources planning | supply chain management | virtualization| |business-automation-workflow-management | business intelligence | |computer_security | voice over ip Optional: If you want one of the 19 Low Cost (only US$ 590.00/490.00 in the total) MBA courses from our Academic Sponsor Fast-Track MBA programs (courses) please access his main page , at: http://mba-open-university.net To
Certify your Abilities If you want to Certify your Abilities in other Business & Information Technology fields, please consult us. Examples: Certified Information Systems Security Professional, Project Management Professional, ITIL, Virtualization, Windows Server Virtualization Configuring, Help Desk certification, SQL, etc. Please suggest the certification your need, we will examine the possibility to certify or not. |
jcmelo INSTITUTE
|
Keywords: certification certificate certificates online certify certifications low cost computer security network courses course online systems system software management training criptography certification specialist
Brief Facts on Information Technology Security Management
S. Maurer,
Academic Director
Other typės of attacks can be launched after abusing vulnerabilities in the internal auditing mechanism. In this example an attacker was able to connect to a MS SQL Server database without his account name being registered by the audit mechanism.
Privileges at this level in the database would allow the perpetrator to gain virtually unlimited access to any information stored within the database server, and worse, total control over the server itself.
Many database servers and applications deployed over them come bundled with default accounts configured with default passwords. Unless all of the defaults are changed by the administrator upon installation, these accounts provide an easy access point for uninvited guests.
Remove or block default accounts.
In actuality, there are many control mechanisms that do not exist on the server. One example is the lack of restriction on the amount of records that can be retrieved using a single database query. Another is a lack of limits on the criteria that can be used for extracting records.
The credentials are either supplied by the end-user when running the software or more commonly embedded within the application code or in a local configuration file. In either case, an attacker with a text editor can easily get hold of this set of credentials.
As is turns out, most types of attacks [SQL related] can be executed through standard database client software such as the one provided by default from the database vendor [e.g. Query Analyzer, SQL Plus, etc.]. This software is usually part of the basic installation for any workstation in the enterprise.
Apply proper password policy to database accounts. Enforce strong password policies.
For instance, the account John might have passwords JohnJohn, nohj, John1234 and so on. In a large user base, password rules greatly reduce the number of guesses necessary for an account/password match.
Other types of attacks [such as network protocol related attacks] can be constructed using a easy text editor such as Notepad, WordPad or a Telnet client.
A thick-client application that is installed on a workstation communicates directly with the database server. In order for the application to communicate with the database server IT¹ must have a set of valid credentials.
Some threats are easily prevented or contained; while others more elusive. Fortunately, many of the security mechanisms and tools required to protect databases are readily available.
Given the wealth of information stored in databases and its value on the open market, IT¹ is no surprise that databases are a primary target of criminals.
Security officers often underestimate internal threats by making the following assumptions: * Internal users are not hackers with hacking tools and they are not equipped to produce hacking tools themselves. * Security policies on internal workstations will deny software installation by end-users.
The most notorious [yet the toughest to exploit] is the use of the buffer overflow attack. Server software is not designed to handle long user input. When used naively, the buffer overflow vulnerability can be exploited to quickly bring down a server.
