Background

Read the Sybase security documentation.

The most comprehensive source of information about Sybase is, somewhat unsurprisingly, Sybase itself. The full set of manuals is available online at http://manuals.sybase.com and a large amount of configuration information is available.

Regularly check the Sybase update page.

It's always wise to check the Sybase update page for new releases, patches, and so on because Sybase tends to patch security issues promptly: http://www.sybase.com .

Periodically search for alternative security documentation.

It can be hard to find alternative sources of information about Sybase security; there aren't that many lockdown guides available outside of the Sybase site.

Nilesh Burghate of Network Intelligence India wrote a short paper that covers the basics: http://www.nii.co.in/resources/Sybase.pdf .

The Sybase FAQ page at ISUG (the International Sybase User Group) is extremely informative: http://www.isug.com/Sybase_FAQ/ .

Periodically search vulnerability databases.

Several free, searchable online databases are available that list security vulnerabilities. The ICAT Metabase is a database created by the National Institute of Standards and Technology in the United States. It is probably the most authoritative source of vulnerability information available: http://icat.nist.gov/ .

Security Focus also has an online vulnerability database: http://www.securityfocus.com/bid .

It's a good idea to periodically search these databases for Sybase security issues; just to be sure you're up to date.