- Limit DBA team access only from localhost.
- Limit application account privilege to lowest possible.
- Limit access to database from necessary entries. Database is always behind application, internal only.
- Have some monitoring on both logs and resource usage. SQL injection usually increases resource usage.
- Encrypt data communication and backups.
- …
- RedHat 5 puppet module: http://web.nvd.nist.gov/view/ncp/repository/checklist/download?id=493
- RHEL6 and JBOSS: https://fedorahosted.org/scap-security-guide/