Know your enemy

In The Art of War, Sun Tzu said, "If you know your enemy and know yourself, you need not fear the result of a hundred battles." But, he went on to warn, "If you know yourself but not the enemy, for every victory gained you will also suffer a defeat." 

It's for this reason that I recently picked up The Database Hacker's Handbook:  Defending Database Servers by David Litchfield and company.  I wanted to know more about these miscreants who target database servers with their hacks, trojan horses, viruses, and worms.  I worked a couple of 24-hour days during the Slammer debacle, so this hits particularly close to home.

Fortunately, the SQL Server vulnerabilities this book exposes have all been addressed through fixes to the product itself or widely-publicized best practice recommendations.  However, the book is still a must-read if you want to know your enemy.  If you want to know how they think, what they see as the weak spots in the product, what they view as your weaknesses as a DBA and database developer, this book is a great read.

Comments

• Anonymous
  November 07, 2005
  Thanks for the book recommendation on The Database Hacker's Handbook. I picked it up and am getting a lot of useful info from it. I intend to use this to help convince people at my company to implement better security practices.
• Anonymous
  June 09, 2009
  PingBack from http://greenteafatburner.info/story.php?id=3388