Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Security Focus

By Steve Jones,

http://www.techcentral.ie/img/categoryPage%5Chome_pc%5CHackerHandKeyboard.jpgAre we focusing on the wrong issues as technology workers that must defend systems against hacking attacks? This blog seems to think so, and it makes some good arguments. There is a rise of attacks on old versions of software like Adobe Reader, Quicktime, etc. that tend to exist on many desktops. This when security professionals often still worry about Microsoft patches and web attacks.

As SQL Server professionals should we care? I think we ought to be aware of these issues because you never know when some of this software might be in use on a server. What if you have old versions of Quicktime or Adobe PDFs that you generate in one of your servers. An attack on that software could be aimed to move against the database supplying the information.

We all should know security is a multi-layered defense mechanism that is constantly evolving to handle new attacks and new threats. I would argue that means being aware of what types of attacks are being made, even if they aren't specifically against our database software. You never know when one of those techniques will be modified to work against SQL Server.

We also ought to be sure that we are being very careful about the rights we assign and about SQL Injection vulnerabilities. Just because your server is behind a firewall and not supporting an Internet website doesn't mean that an attack against some worker's desktop won't aim for your server.

Practice good security everywhere, whether the system is on the DMZ or not.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 90 | Views in the last 30 days: 1
 
Related Articles
BLOG

Recent slate of IIS attacks - more info

The recent slate of attacks on IIS servers don't seem to be an attack directly against IIS or agains...

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

FORUM

Effect of denying system table SELECT privileges in protecting against sql injection attacks

Effect of denying system table SELECT privileges in protecting against sql injection attacks

ARTICLE

Podcast Announcements

Podcast Feeds

ARTICLE

An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.

Tags
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones