Are we focusing on the wrong issues as technology workers that must defend systems against hacking attacks? This blog seems to think so, and it makes some good arguments. There is a rise of attacks on old versions of software like Adobe Reader, Quicktime, etc. that tend to exist on many desktops. This when security professionals often still worry about Microsoft patches and web attacks.
As SQL Server professionals should we care? I think we ought to be aware of these issues because you never know when some of this software might be in use on a server. What if you have old versions of Quicktime or Adobe PDFs that you generate in one of your servers. An attack on that software could be aimed to move against the database supplying the information.
We all should know security is a multi-layered defense mechanism that is constantly evolving to handle new attacks and new threats. I would argue that means being aware of what types of attacks are being made, even if they aren't specifically against our database software. You never know when one of those techniques will be modified to work against SQL Server.
We also ought to be sure that we are being very careful about the rights we assign and about SQL Injection vulnerabilities. Just because your server is behind a firewall and not supporting an Internet website doesn't mean that an attack against some worker's desktop won't aim for your server.
Practice good security everywhere, whether the system is on the DMZ or not.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
