Lately, database security issues have been flooding the media and Internet news-wires. First with the Slammer worm and most recently criminals accessing over 8 million credit card numbers.
So [I] sit back and say to myself, "Did the sysadmins fall asleep behind the wheel?" As the internet has boomed and we've increased our reliance on the convenience and relative low cost of web-enabled information systems, we have become lazy in our implementation of basic security practices.
Now part of this problem is the pressure placed on today's system admin's by the upper-crust of corporate America. The first question to every sysadmin is, "How soon can this be up?" and not "How much of a security risk is this?". In light of current events it has become painfully obvious we need to re-adjust our thinking.
So, let [me] begin this article with a brief synopsis of how security policies should be implemented and then move into actual system configuration.