"Securing the Data Castle"
CSO interviews security expert David Litchfield. An excerpt:
You've seen your share of database deployments. What would you say is one of the most important things organizations can do today to keep their databases secure?
Litchfield: The first is to change all default and simple-to-guess passwords. The major database vendors have recently become better at helping with this issue. In the past few years they've stopped shipping database servers with default user IDs and passwords. But for a very, very long time they were shipping all of their databases with default userIDs and passwords. Certainly for older systems, default passwords are still a major issue. Many times, while conducting security assessments, it was -- and still is -- incredibly shocking to see how many organizations run default access credentials. Another simple yet often overlooked area is keeping software patches up to date. While it can be very difficult with production database systems, given that they are in use, there are ways to make sure you keep the software up to date during scheduled maintenance.