SecurityRatty: tag: separation

SQL Injection and separation of duties

2008-06-22 14:42:49 by Slavik in Musings on Database Security

Adrian Lane writes in his blog entry about separation of duties on the application level. While I agree with his sentiments I also know how hard it is to do so from the application development side. In most applications , database connections are using connection pooling. Creating such a separation makes the development process a

Tags: separation, adrian lane writes, development process, duties, application development, blog entry, database connections, application level, connection

The key to data security: Separation of duties

2008-08-27 13:00:00 by Editor in Computerworld Security News

Separation of duties is a key control in finance, and it should be required in information security, too. It requires that no one person is able to compromise information

Tags: compromise information, duties, key control, information security, separation, person, requires, finance

Issue That Virtually Everybody and Their Dog Is Confused About

2008-07-10 12:34:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...separation is required VM IS a different machine, might be different OS, etc" - thus it IS sufficient separation VM is like a VLAN" - thus VM separation IS adequate separation. Then again: some say VLANs are not sufficient separation either. I hereby call upon the unholy wisdom of Hoff to answer this little bugger About me:...

Tags: separation, physical separation, sufficient separation, database servers, servers, server, primary function, function, physical server

Software and Security Separateness - You're Doing It Wrong

2008-05-30 08:55:19 by Gunnar Peterson in 1 Raindrop

...separation - instead a profound connection - between that center and other centers which surround it, so that the various centers melt into one another and become inseparable. It is that quality which comes about from each center, to the degree it is connected to the whole world Now, let's re-examine infosec and software- we have separate...

Tags: software, software-, software security, software security architectures, security, architectures, security properties, centers, strong centers

Mashup of the Titans

2008-06-25 17:29:25 by Gunnar Peterson in 1 Raindrop

...Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. The relevance of this observation to computer systems was pointed out by R. Needham in 1973. The reason is that, once the mechanism is locked, the...

Tags: protection mechanisms, protection mechanisms correctly, information security, information, implements protection mechanisms, information travels, information security people, protection, potential information path

Wakeup Call for Risk Management

2008-09-19 10:11:09 by Burton Group in Security and Risk Management Strategies Blog

...separation in your separation of duty (SoD) for real? Sure the SOX auditors are looking for SoD, and maybe you have different administrators with different accounts maintaining different systems or functions. But when they say Western civilization may be but one weak password from collapse theyre not lying. Look what happened to Sarah Palins...

Tags: risk management, risk management debacle, risk management failure, failure, risk management realistic, business risk management, risk management models, risk, risk management situations

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper

...separation of interconnected single-role computers. Prior work on the remaining network covert channels has been solely based on protocol specifications. I examine some protocol implementations and show how the use of several covert channels can be detected and how channels can be modified to resist detection I show how side channels...

Tags: covert, covert channel vulnerabilities, vulnerabilities, network covert channels, covert channels, channels, covert channel, anonymity systems, systems

How to Do Database Logging/Monitoring "Right"?

2007-12-13 11:26:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...separation Better for DBA monitoring No agents No database configuration changes Extra device needs to be purchased, deployed and managed Doesn't work with encryption No local access monitoring Collect and analyze database logs No extra $$$ - use your existing logging tool Can user review activity across log sources, from databases to...

Tags: database, analyze database logs, database logs, database log review, database performance impact, database configuration, performance impact, database log management, log management

Geeks sharing recipes

2008-01-29 09:17:00 by Keith Brown in Security Briefs

...separation, I've been spending much more time with my kids than I ever did before, and I'm loving it. But I'm still a geek at heart, and I hate doing clerk-like work to figure out what to buy at the grocery store. I'd rather automate much of this menial work so that I have more time to spend with my kids or with my work My first step in my...

Tags: acceptable data model, xml, data model, recipebook xml, xml schema recipe, recipes, data, recipe, xml format

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo