Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Archives: June 2013

Dealing with Auditors: Password Settings

Yet again I've seen an audit request where the auditor wants the DBA to show what SQL Server's settings are for this set of information:

 

  • Account Lockout settings
  • Password Expiration settings
  • Password Complexity settings

 

If you're dealing with an auditor who is asking for this on your SQL… Read more

Update Your Audit Queries for SQL Server

I was working with an auditor today who is working through a system with an external audit agency. The external agency handed us scripts to run across SQL Server, Active Directory, etc. I took on the SQL Server scripts. Then I refused to run them. The main reason I pushed… Read more

Personally Identifiable Information (PII) and Data Encryption

Hitting close to home, SC Governor Nikki Haley noted that after the SC Department of Revenue breach was reported, that the IRS didn't require the data to be encrypted:

 

“As I am sure you are aware, an international hacker recently breached the South Carolina Department of Revenue’s computer system exposing… Read more

Why Anti-Virus Offers Limited Protection

Sitting in the first Keynote for the 2013 Techno Security and Forensics Investigation Conference, I was not surprised to hear Kevin Mandia say that in their recent investigations, they had found anti-virus installed and working with the latest definitions. Yet these systems were still infected with malware. In short, AV had… Read more

From the 2013 Techno Security Conference - Cloud Computing and Digital Forensics

I'm processing through my notes for the 2013 Techno Security Conference, which is finishing up today with post-cons. Of all the sessions I attended, the best one was Cloud Security and Digital Forensics, presented by Ken Zatyko. This was actually a replacement talk, because the talk I wanted to… Read more

Notes from 2013 Techno Security Conference Tuesday Keynote

There's enough from this morning's 2013 Techno Security and Forensics Investigation Conference to split into multiple blog posts. I'll focus this one on the keynote that was given this morning. The presentation was Protecting the US Financial System from Transnational Criminals and it was given by A.T. Smith, Deputy Director,… Read more

Notes from the First Day of the 2013 Techno Security Conference

The Techno Security & Forensics Security Conference is held in conjunction with the Mobile Forensic Conference each year in Myrtle Beach, SC. Both conferences are primarily geared towards forensics types. Each of the main days (there are pre and post-con classes like most conferences) starts with a keynote speaker. Today's… Read more