Monday, October 24, 2005

App IDS guards databases

NETWORK WORLD NEWSLETTER: NETWORKING TECHNOLOGY UPDATE
10/24/05

Dear security.world@gmail.com,

In this issue:

* How application security implements traditional network- and
OS-level IDS concepts at the database level
* Links related to Networking Technology Update
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Download this Network World Executive Guide: Storage Trends and
Strategies

From simplicity to complexity, Storage has taken on more
responsibility involving security and many other top demands.
Explore the hottest trends in Storage today written by the
editors of Network World for IT professionals, in the following
Executive Guide and examine extended case studies of users and
advice from storage specialists. Register now and get your free
copy of Network Word's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=117918
_______________________________________________________________
MANAGEMENT FRAMEWORKS ARE OUT - BUT WHAT'S IN?

Many vendors stopped using the term "frameworks" when they
became synonymous with endless deployment cycles. So, if
management frameworks are out, what is the alternative? Does a
series of multiple products from multiple vendors work? Will
Configuration Management Database (CMDB) emerge as the new
"framework" or "platform" for the enterprise? Click here for
more:
http://www.fattail.com/redir/redirect.asp?CID=118208
_______________________________________________________________

Today's focus:

App IDS guards databases

By Aaron Newman

Applications and their back-end databases are increasingly
exposed to application-level intrusions, such as SQL injection,
cross-site scripting attacks and access by unauthorized users -
all of which bypass front-end security systems and attack data
at its source.

What has emerged in response is a new level of security -
application security - that implements traditional network- and
operating system-level intrusion-detection system (IDS) concepts
at the database (that is, application) level. Unlike generic
network or operating system solutions, application IDS provides
active, SQL-specific protection and monitoring, protecting
thousands of prepackaged and homegrown Web applications.

For example, application IDSs monitor and defend critical data
against database-specific attacks such as buffer overflows and
Web application attacks, and will also audit these events.

Application security differs from network and host security. The
applications vary, but the attacker's goal is always the same -
to access the database. Since applications use SQL to
communicate with the database, a good application IDS parses
SQL, providing an objective layer of protection that understands
the traffic yet remains independent of the application.

Most application IDSs have three components: a network- or
host-based sensor, a console server and a Web browser. To read
about them, go to <http://www.networkworld.com/nltechupdate9510>

The top 5: Today's most-read stories

1. School traps infected PCs in its web
<http://www.networkworld.com/nltechupdate9511>
2. Cartoon of the Week
<http://www.networkworld.com/nltechupdate9512>
3. Cisco bets a billion dollars on India
<http://www.networkworld.com/nltechupdate9513>
4. Cisco finally brings security push to LAN
<http://www.networkworld.com/nltechupdate9190>
5. WiMAX just around the corner
<http://www.networkworld.com/nltechupdate9194>

_______________________________________________________________
To contact:

Newman is CTO and founder of Application Security, Inc. He can
be reached at anewman@appsecinc.com.
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Download this Network World Executive Guide: Storage Trends and
Strategies

From simplicity to complexity, Storage has taken on more
responsibility involving security and many other top demands.
Explore the hottest trends in Storage today written by the
editors of Network World for IT professionals, in the following
Executive Guide and examine extended case studies of users and
advice from storage specialists. Register now and get your free
copy of Network Word's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=117917
_______________________________________________________________
ARCHIVE LINKS

Technology Update archive:
http://www.networkworld.com/news/tech/index.html
_______________________________________________________________
FEATURED READER RESOURCE

Network World New Data Center: Spotlight on Advanced IP

Piecing Together the Next Generation IT Architecture. This 5th
installment in a 6 part series takes a look at at On-demand
services, automated management, and management technologies.
PLUS, see how two IT Execs are plotting their way to an all
IP-world. This NDC issue has it all, click here to read now:

<http://www.networkworld.com/supp/2005/ndc5/>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment