http://www.knowledgestorm.com/collateral/WTP/50209_58306_99422_QualysYankee.pdf
Static security planning simply is not adequate to today's level of threats, as the 'Sasser' worm so brutally highlights. The indexed white paper "Dynamic Best Practices of Vulnerability Management" explains that such planning has become an operational necessity, and gives some hints and tips on how to proceed. This is useful practical advice, as well as serving as a good base for security teaching.
An extensive white paper on "Protecting Databases" is available here:
http://www.knowledgestorm.com/collateral/WTP/48986_84494_44122_Protecting_Databases.pdf
making the crucial point that it is not enough to protect the security perimeter -- protecting data at the source also has to be implemented, and the paper shows how to get started at this.
Posted by jho at May 5, 2004 11:37 AM