Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL Server Security: Why Security Is Important Expand / Collapse
Author
Message
Posted Sunday, July 13, 2003 12:00 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Friday, September 26, 2014 7:52 AM
Points: 6,624, Visits: 1,873
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/bkelley/sqlserversecuritywhysecurityisimportant.asp

K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #14122
Posted Thursday, July 31, 2003 5:42 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Tuesday, August 13, 2013 1:18 AM
Points: 5,956, Visits: 285
Hi Brian,

very good research work!

What I like is your fine, yet true distinction between hackers and crackers
From my point of view, a hacker has not malicious intent, but wants to show his ability to do it, while a cracker starts with this malicious intent.

As you've mentioned http://www.sqlsecurity.com , the slogan on their homepage has become you of my all time favorites.

"There is no 'patch' for stupidity."

But not so long ago, somewhere I've read, that attacks on windows system have begun to decline, while attacks on *nix systems are growing in number. Hope I find the link again, so I can post

Cheers,
Frank

P.S.: Is the link to the 'Lifecycle' book valid ???

Edited by - a5xo3z1 on 07/31/2003 05:44:10 AM


--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/
Post #70386
Posted Thursday, July 31, 2003 6:39 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Friday, September 26, 2014 7:52 AM
Points: 6,624, Visits: 1,873
The old link just recently died. The new link doesn't paste correctly into the forum. I'll see about doing some sort of redirect myself from my web site.

K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1



Edited by - bkelley on 07/31/2003 06:45:06 AM


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #70387
Posted Thursday, July 31, 2003 10:57 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:42 AM
Points: 31,084, Visits: 15,532
Excellent case for patching systems. It's amazing to me that people still don't take this seriously. I'm struggling with hundreds of MSDE installations that have sa/blank hardcoded into the app.

Why?

The developers didn't think it was a big deal.

Steve Jones
sjones@sqlservercentral.com
http://www.sqlservercentral.com/columnists/sjones
www.dkranch.net







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #70388
Posted Thursday, July 31, 2003 10:58 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:42 AM
Points: 31,084, Visits: 15,532
One more note:

Commentary: People, process secure the enterprise
By Forrester Research
Special to CNET News.com
July 31, 2003, 4:30 AM PT


Michael Rasmussen, Director, Forrester Research

Last week, Microsoft and Cisco Systems announced two major vulnerabilities.

Organizations need an action plan to respond to vulnerabilities and exposures, and should not rely on products alone for protection.

This is a people and process problem that works with technology. The Microsoft vulnerability is a significant exposure into every operating system running the NT code base from NT to 2003.




Related story
Security pros talk,
but can they walk?
A new national policy and
months of Microsoft initiative
haven't shown a significant
improvement in security.





The Cisco vulnerability is an exposure that can crash every router. Both can be devastating to enterprises if used by the miscreants of the world. Additionally, we have seen exploit code in the wild for both. Jumping on the bandwagon, as usual, are myriad security vendors claiming they have the solution to protect the enterprise.

Vendor claims are far-fetched and provide a false sense of security. No vendor today resolves these vulnerabilities, except Microsoft and Cisco with the patches they implement. Security vendor solutions may hold back the evil hordes of hackers should they come knocking, but the deviant will break through given enough time and motive.

The only true answer is to patch systems. Organizations should focus on the process and policy portion of security as much or more than the technology aspect. Do not put blind trust into security vendor claims of protection, rather, honestly evaluate how the product works and the time it potentially buys you.

Develop a patch management process based on business risk so the critical business applications and support systems (e.g., network, desktop) are expedited and patched in accordance with the risk the organization faces.




Steve Jones
sjones@sqlservercentral.com
http://www.sqlservercentral.com/columnists/sjones
www.dkranch.net







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #70389
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse