myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron at myITforum.com

Sharing Security Developments, and Best Practices for corporate and home users

Two-thirds of Oracle DBAs don't apply security patches

The alarming statistics noted in this article may be true unfortunately. Some system administrators or DBAs may favor application stability over security risks.  These security fixes may seem remote as the firewall or other controls help keep many external risks contained.  Still, what if an relational data base attack could trigged from the inside, by a malicious agent found in an email message or by visiting a malicious website. This was highlighted in today's SSWUG newsletter and the good advice offered by the editor is also included below.

Two-thirds of Oracle DBAs don't apply security patches
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9057226

QUOTE: Complexity of task makes admins not want to bother -- Oracle Corp. issues dozens of security patches every quarter, but that doesn't mean database administrators are necessarily implementing them. In fact, a good two-thirds of all Oracle DBAs appear not to be installing Oracle's security patches at all, no matter how critical the vulnerabilities may be, according to survey results from Sentrigo Inc., a Woburn, Mass.-based vendor of database security products.


SSWUG Newsletter - Two-Thirds Do Not Apply Service Packs... WHAT?!

QUOTE: I don't know if you saw it, but there is a study out in Computer World that says that 66% of Oracle DBAs don't apply service packs to their systems. I'm not about to suggest that the percentage is different for SQL Server DBAs, but if it is, or isn't - what's up with that?!

If it's true, it means that DBAs have a short attention span when it comes to remembering slammer and other issues with SQL Server that should never really have happened - things prevented by service packs, but that flourished because service packs weren't installed.

At the time, the issues revolved around the fact that testing and making sure service packs were ready for installation took a long time to deploy. Now, though, things are much better - perhaps not completely a non-issue, but better. Are we still faced with not installing service packs and updates until a system breaks? I hope this isn't the case, but I have a feeling it probably is. I think once systems go behind firewalls, get stable and function that many avoid touching them. It's the old "if it ain't broke, don't fix it."

But... it's not "right." If this is you - perhaps set up a schedule to review and deploy updates - just pick a period of time, like every 6 months, that you can use. Then, you know when that reminder comes up that you need to review the updates, get them tested and applied. Don't just ignore until it breaks, I think we're just collectively asking for trouble if we take that approach.

Published Jan 16 2008, 06:46 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems