Subscribe to this blog
K. Brian Kelley - Databases, Infrastructure, and Security
Archives: November 2012
Are Your Protecting Your DB Backups?
Folks have cited the recent InformationWeek article on how South Carolina's Department of Revenue was hacked because the SC state government basically said, "It's the IRS' fault for not telling us we should encrypt social security numbers." I'm not going to touch that. It stands on its own for its foolishness.… Read more
1 comments, 966 reads
Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 27 November 2012
Server Level Security
We'll discuss surface area later in the week. Today let's talk about if you're able to connect to SQL Server. Connecting to SQL Server and actually logging in are two different things. I can run a scanner and detect SQL Server is present and then launch a telnet session. That… Read more
0 comments, 1,391 reads
Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 6 November 2012
SQL Server Security: The Sum of Its Parts
When it comes to attacking SQL Server, whether we're talking about the security of an installation or as a piece towards a larger solution, I first stop and realize that SQL Server is the sum of its parts. For instance, take SQL Server installed on a VM. Areas that concern… Read more
0 comments, 786 reads
Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 5 November 2012