Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Update Your Audit Queries for SQL Server

I was working with an auditor today who is working through a system with an external audit agency. The external agency handed us scripts to run across SQL Server, Active Directory, etc. I took on the SQL Server scripts. Then I refused to run them. The main reason I pushed… Read more

Personally Identifiable Information (PII) and Data Encryption

Hitting close to home, SC Governor Nikki Haley noted that after the SC Department of Revenue breach was reported, that the IRS didn't require the data to be encrypted:

 

“As I am sure you are aware, an international hacker recently breached the South Carolina Department of Revenue’s computer system exposing… Read more

Why Anti-Virus Offers Limited Protection

Sitting in the first Keynote for the 2013 Techno Security and Forensics Investigation Conference, I was not surprised to hear Kevin Mandia say that in their recent investigations, they had found anti-virus installed and working with the latest definitions. Yet these systems were still infected with malware. In short, AV had… Read more

From the 2013 Techno Security Conference - Cloud Computing and Digital Forensics

I'm processing through my notes for the 2013 Techno Security Conference, which is finishing up today with post-cons. Of all the sessions I attended, the best one was Cloud Security and Digital Forensics, presented by Ken Zatyko. This was actually a replacement talk, because the talk I wanted to… Read more

Notes from 2013 Techno Security Conference Tuesday Keynote

There's enough from this morning's 2013 Techno Security and Forensics Investigation Conference to split into multiple blog posts. I'll focus this one on the keynote that was given this morning. The presentation was Protecting the US Financial System from Transnational Criminals and it was given by A.T. Smith, Deputy Director,… Read more

Notes from the First Day of the 2013 Techno Security Conference

The Techno Security & Forensics Security Conference is held in conjunction with the Mobile Forensic Conference each year in Myrtle Beach, SC. Both conferences are primarily geared towards forensics types. Each of the main days (there are pre and post-con classes like most conferences) starts with a keynote speaker. Today's… Read more

SQL Saturday Charleston!

Finally.... SQL Saturday has come back to... South Carolina!  (with apologies to The Rock)

 

After the last SQL Saturday in Columbia, Bobby Dimmick (blog | twitter) and I decided to step back and see if somewhere else near us wanted to host a SQL Saturday. Charleston,… Read more

SQL Server security webinar series is coming soon!

I've gotten in contact with most of the speakers who submitted SQL Server security talks for the PASS Summit. All that I've traded emails on DMs on Twitter are interested, it's just a matter of putting together some details. In addition, several folks who do talks on SQL Server… Read more

Security and SSIS webinar recording available

If you missed the webinar Andy Leonard (blog | twitter) and I presented today or you had technical difficulties, here's the recording:

 

SSIS and Security with Andy and Brian

 

It runs just about an hour and we ask questions that should be considered when building an… Read more

You Must Cross Teams for Sound Security

I've given a couple of security presentations recently where I talked about how you must keep track of how security is being managed. For instance:

 

  1. The best practice recommendation is that we use Windows authentication vs. SQL Server authentication.
  2. In an enterprise environment, we typically want to use Windows…

Read more

SSIS Security Presentation today, May 29th

Andy Leonard (blog | twitter) and I are teaming up to do a security presentation today on SSIS. It's scheduled for 11 AM EDT.

 

Register to attend the webinar!

 

I'm going to go ahead and post a copy of the slides here before the presentation. There's nothing earth-shattering… Read more

Giving an SSIS security webinar with Andy Leonard

Andy Leonard (blog | twitter) and I are teaming up to do a security presentation on SSIS. It's scheduled for Wednesday, May 29th, at 11 AM EDT.

Register to attend the webinar!

 

We're going to look at the typical ETL (Extract, Transform, Load) pipeline and consider the weak points… Read more

I'm thinking of hosting a series of webinars on SQL Server security

With the PASS Summit sessions announced, I took a quick look to see how many were what I'd consider security-centric. I know that's open to opinion, but basically, I searched on these three keywords:

  • security
  • secure
  • compliance

I then looked at what came up. Of the accepted sessions, I only… Read more

Do you check to see if an SSIS package has been modified?

Andy Leonard (blog | twitter) and I are putting together a presentation on protecting the entire ETL (Extract, Transform, Load) pipeline, specifically around SSIS. In our research on weak points along said pipeline, we've come up with an interesting question right off the bat:

 

Do you check whether… Read more

Speaking in Columbia and Charlotte Next Week

I'm speaking at two user groups next week.

 

Tuesday - Midlands PASS - May 14

I'll be giving a presentation on PowerShell to help folks get started and to further along those who are already on the path. This will be very similar to the presentation I gave at… Read more

I'm Giving a SQL Server Security Webinar on May 9, 2013

On May 9, 2013, at 3 PM EDT I will be presenting on 5 Steps Every DBA Should Take to Secure Their SQL Server. We'll look at five areas:

 

  • SQL Server configuration
  • Database security
  • Backup security
  • Auditing
  • Maintaining and deploying your security model

 

If you're interested, please register… Read more

2013 Carolina Code Camp Presentations

As promised, here are the presentations and sample code I used at the 2013 Carolina Code Camp. If you attended one of my sessions, thank you for choosing to spend your time sitting through my presentation. Hopefully I was able to share something you can use in your career.

  Read more

Speaking at the 2013 Carolina Code Camp

On Saturday, May 4, the Enterprise Developers Guild in Charlotte will hold their annual Carolina Code Camp. There's a number of great speakers across a wide range of topics, including some of us SQL Server folks like Melissa Coates, Rafael Salas, Javier Guillen, and Wayne Snyder. The location, Central… Read more

Troubleshooting SQL Server Error 15517

Last week I had the following error message repeating over and over again in the SQL Server log of one of my servers. It was repeating so much that the logs were growing very large, very fast:

 

Message
An exception occurred while enqueueing a message in the target queue. Error: 15517,… Read more

Older posts