Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Archives: July 2011

Bad Admins: Non-Production Servers

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

We all know we shouldn't do it: don't put production data in non-production. The main reason is because we don't treat non-production like production. If we did, we'd… Read more

Bad Admins: Taking Advantage of Maintenance Periods

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

Sooner or later a SQL Server is going to need maintenance. This could simply be automatic patching for security vulnerabilities. Now I realize that there are some environments… Read more

Bad Admins: Stealing the SQL Server Service Account

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

The service account for SQL Server is a member of the sysadmin role. This is required. And one would think that if you follow all the best practices… Read more

Gaining Speaker Experience Credentials, Part II

In a previous post I gave suggestions on how to get speaking credentials for consideration at a larger event, such as the PASS Summit. I focused mainly on SQL Server specific opportunities, but there are others.

Other Technical User Groups

This was suggested by Grant Fritchey (blog | twitter Read more

Bad Admins: Pocketing Backups

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

I have seen organizations put a lot of attention and focus on the database servers themselves. This is true whether we're talking SQL Server or another product. This… Read more

Bad Admins: Stealing An Account

Yesterday I posted about manipulating group membership to get access to a SQL Server. Today comes attack vector #2: stealing an account. And when I mean stealing an account, it could be any account. It doesn't have to be a DBA's account. For instance, if I know a particular end user… Read more

Bad Admins: Attacking via Group Membership

This is a series of blog posts about how administrators can gain access to SQL Server, even if you try to impede them. This was inspired by a conversation with Brent Ozar (twitter | blog) about Argenis Fernandez's (twitter | blog) post about getting in as… Read more