SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Nice Article on Security Myths in May/June 2006 Issue of TechNet Magazine

The May/Jone 2006 issue of TechNet Magazine has a feature on security. One of the articles is titled Deconstructing Common Security Myths and it's authored by Jesper Johansson and Steve Riley. One of the things which caught my attention was this:

Myth: It's Always Better to Wait for an Official Solution to a Problem

The authors go on to explain that ultimately you have to make a decision based on the risk. This calendar year we've seen two Microsoft vulnerabilities which had 3rd party patches deployed before Microsoft got theirs out the door. Both sets of patches mitigated the most common attacks against the vulnerabilities and seemed to work well. However, any organization which considered those patches had to think about deploying an unofficial patch to all of their systems, then later deploying the Microsoft patch, and then finally rolling back the unofficial patch. Since the unofficial patches hadn't been regression tested, there was a lot of speculation with both about what would and wouldn't work. Did some organizations roll out the unofficial patches? Absolutely. It made sense based on their analysis of the risk. But other organizations didn't. To them the risk of the 3rd party patch was greater than the risk of being hit.

As for the rest of the article, it covers whether or not to wait on a service pack (how many are waiting to apply SQL Server 2005 Service Pack 1 until all the "bugs are shaken out"), myths about passwords, and myths about firewalls and blacklists. All of the myths are common areas of discussion on the various security forums and mailing lists and this article provides greater food for thought.

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


Posted by Anonymous on 15 May 2006
It's funny, but most articles in magazines get lost on my desk. I get quite a few subscriptions and rarely...
Leave a Comment

Please register or log in to leave a comment.