I was working with an auditor today who is working through a system with an external audit agency. The external agency handed us scripts to run across SQL Server, Active Directory, etc. I took on the SQL Server scripts. Then I refused to run them. The main reason I pushed… Read more

Hitting close to home, SC Governor Nikki Haley noted that after the SC Department of Revenue breach was reported, that the IRS didn't require the data to be encrypted:

“As I am sure you are aware, an international hacker recently breached the South Carolina Department of Revenue’s computer system exposing… Read more

Sitting in the first Keynote for the 2013 Techno Security and Forensics Investigation Conference, I was not surprised to hear Kevin Mandia say that in their recent investigations, they had found anti-virus installed and working with the latest definitions. Yet these systems were still infected with malware. In short, AV had… Read more

I'm processing through my notes for the 2013 Techno Security Conference, which is finishing up today with post-cons. Of all the sessions I attended, the best one was Cloud Security and Digital Forensics, presented by Ken Zatyko. This was actually a replacement talk, because the talk I wanted to… Read more

There's enough from this morning's 2013 Techno Security and Forensics Investigation Conference to split into multiple blog posts. I'll focus this one on the keynote that was given this morning. The presentation was Protecting the US Financial System from Transnational Criminals and it was given by A.T. Smith, Deputy Director,… Read more

The Techno Security & Forensics Security Conference is held in conjunction with the Mobile Forensic Conference each year in Myrtle Beach, SC. Both conferences are primarily geared towards forensics types. Each of the main days (there are pre and post-con classes like most conferences) starts with a keynote speaker. Today's… Read more

Finally.... SQL Saturday has come back to... South Carolina!  (with apologies to The Rock)

After the last SQL Saturday in Columbia, Bobby Dimmick (blog | twitter) and I decided to step back and see if somewhere else near us wanted to host a SQL Saturday. Charleston,… Read more

I've gotten in contact with most of the speakers who submitted SQL Server security talks for the PASS Summit. All that I've traded emails on DMs on Twitter are interested, it's just a matter of putting together some details. In addition, several folks who do talks on SQL Server… Read more

If you missed the webinar Andy Leonard (blog | twitter) and I presented today or you had technical difficulties, here's the recording:

SSIS and Security with Andy and Brian

It runs just about an hour and we ask questions that should be considered when building an… Read more

I've given a couple of security presentations recently where I talked about how you must keep track of how security is being managed. For instance:

1. The best practice recommendation is that we use Windows authentication vs. SQL Server authentication.
2. In an enterprise environment, we typically want to use Windows…

Read more

Andy Leonard (blog | twitter) and I are teaming up to do a security presentation today on SSIS. It's scheduled for 11 AM EDT.

Register to attend the webinar!

I'm going to go ahead and post a copy of the slides here before the presentation. There's nothing earth-shattering… Read more

My latest article is up at MSSQLTips.com:

Disaster Recovery Planning for Microsoft SQL Server - Getting Backups and Restores Right

For more of my articles:

• My articles here at SQLServerCentral.com
• My articles at MSSQLTips.com

  Read more

Andy Leonard (blog | twitter) and I are teaming up to do a security presentation on SSIS. It's scheduled for Wednesday, May 29th, at 11 AM EDT.

Register to attend the webinar!

We're going to look at the typical ETL (Extract, Transform, Load) pipeline and consider the weak points… Read more

With the PASS Summit sessions announced, I took a quick look to see how many were what I'd consider security-centric. I know that's open to opinion, but basically, I searched on these three keywords:

• security
• secure
• compliance

I then looked at what came up. Of the accepted sessions, I only… Read more

Andy Leonard (blog | twitter) and I are putting together a presentation on protecting the entire ETL (Extract, Transform, Load) pipeline, specifically around SSIS. In our research on weak points along said pipeline, we've come up with an interesting question right off the bat:

Do you check whether… Read more

I'm speaking at two user groups next week.

Tuesday - Midlands PASS - May 14

I'll be giving a presentation on PowerShell to help folks get started and to further along those who are already on the path. This will be very similar to the presentation I gave at… Read more

On May 9, 2013, at 3 PM EDT I will be presenting on 5 Steps Every DBA Should Take to Secure Their SQL Server. We'll look at five areas:

• SQL Server configuration
• Database security
• Backup security
• Auditing
• Maintaining and deploying your security model

If you're interested, please register… Read more

As promised, here are the presentations and sample code I used at the 2013 Carolina Code Camp. If you attended one of my sessions, thank you for choosing to spend your time sitting through my presentation. Hopefully I was able to share something you can use in your career.

  Read more

On Saturday, May 4, the Enterprise Developers Guild in Charlotte will hold their annual Carolina Code Camp. There's a number of great speakers across a wide range of topics, including some of us SQL Server folks like Melissa Coates, Rafael Salas, Javier Guillen, and Wayne Snyder. The location, Central… Read more

Last week I had the following error message repeating over and over again in the SQL Server log of one of my servers. It was repeating so much that the logs were growing very large, very fast:

Message
An exception occurred while enqueueing a message in the target queue. Error: 15517,… Read more