SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Global Insecurities

By Steve Jones,

Reading this article about the insecurities found from various scan in 2012 is a little scary. I wonder how many of my former employers have videoconferencing systems, remote control/access systems, or some commercial software with a default password connected to the Internet and unsecured? Reading the article I'd bet at least one of them does.

I also wonder how many of them have old versions of software with known vulnerabilities that can be exploited, not just by dedicated hackers, but by script kiddies. Lots of people have excess time available, powerful computing resources, and mischief in their hearts.

This is slightly maddening to those concerned about the security of computer systems. How hard is it to change the default passwords on the installation of an application? How much more time does it take to configure a system properly? It doesn't' take much at the moment, but it does take time in advance. Proper security requires knowledge, which means that an administrator much have spent time learning how to properly configure a system, or getting a comprehensive list of vulnerabilities and their patches.

I'd love to see vendors publish a best practices document, or a couple of them, for each version of software they release. Give people specific steps to follow on the installation of the software to ensure it is securely configured as well as known vulnerabilities and the patches available. I can publish information, and there are likely any number of blogs out there that my give some best practices, but for new users, the vendor's site is the only resource that many people will follow.

I know I'd be willing to allow vendors to link to any best practices I published, or republish the information on their own site if they wanted to. I'm sure others would feel the same way. Now if only the vendors would agree to use the information.

Steve Jones

The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Total article views: 64 | Views in the last 30 days: 1
Related Articles

Software Vendor Security

This week Steve Jones finds some issues with the security of third party vendor software.


Vendor Management Systems

A vendor management system (VMS) is a web-based application that acts as a mechanism for businesses ...


Vendor Value

Software maintenance is often required when purchasing software packages. But do the vendors deliver...


Learn How Vendors Price Their Software

As DBAs, we are often put in the position of purchasing software from third-party vendors. If you ...


Vendor Selection

Today's editorial was originally published on Apr 29, 2007. It is being re-run as Steve is at SQL Se...