DBA Security

This is a collection of references like internet materials and books about database security. Not only SQL Server security, but database security in general.

US Department of Defence (DoD), Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) on database:
iase.disa.mil/stigs/app-security/database
Very detailed and in high quality.

Payment Card Industry Data Security Standard (PCI DSS):
www.pcisecuritystandards.org/security_standards

SANS Institute (SANS)
www.sans.org

Federal Information Security Management (FISMA):
www.dhs.gov/federal-information-security-management-act-fisma

Bundesamt für Sicherheit in der Informationstechnik (BIS)
Federal Office for Information Security
www.bsi.bund.de/EN

ISO 27001:
www.iso.org/iso/home/standards/management-standards/iso27001.htm

ISO 27002

Common Criteria - ISO 15408
www.commoncriteriaportal.org
Microsoft SQL Server Certification Reports and other CC documentation.

National Institute of Standards and Technology (NIST), National Checklist Program (NCP):
http://web.nvd.nist.gov/view/ncp/repository
National Vulnerability Database (NVD) Common Vulnerability Scoring System (CVSS) Support:
nvd.nist.gov/cvss.cfm
Common Vulnerability Scoring System (CVSS):
www.first.org/cvss

Federal Information Processing Standards Publication (FIPS): Security Requirements for Cryptographic Modules
FIPS 140-2 (PDF)
Usage of compliant certified algorithm instances.

Open Web Application Security Project (OWASP):
www.owasp.org

European Union Agency for Network and Information Security (enisa)
www.enisa.europa.eu

EU GDPR: General Data Protection Regulation (Regulation 2016/679)
"Regulation (EU) 2016/679 of the European Parliament and of the Council"
www.eugdpr.org
EU regulation on data protection for all people in EU. As a regulation it does not require national legislation.

Center for Internet Security (CIS), Security Configuration Benchmarks on Database Servers
benchmarks.cisecurity.org/downloads/benchmarks.servers.database
These guidelines are of a very varying quality.

Litterature

Denny Cherry: Securing SQL Server, 2nd Edition
2012, Syngress, Elsevier (ISBN 978-1-59749-947-7)
Many great details and experiences.

Justin Clarke: SQL Injection Attacks and Defence, 2nd Edition
2012, Syngress, Elsevier (ISBN 978-1-59749-963-7)
Great in many aspects.

Rudi Bruchez: Microsoft SQL Server 2012 Security Cookbook
2012, Packt Publishing (ISBN 978-1-84968-588-7)

No comments: