Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Good Advice on "Certification"

Buck Woody (blog | twitter) is often seen as one of the wise men of the SQL Server community and with good reason: he often brings a perspective filled with great wisdom. Take for instance, his post to the MCM news:

 

Create your own MCM program… Read more

1 comments, 1,827 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 10 September 2013

Is Microsoft's Certification Program Value Microsoft's Fault?

I'd be interested if anyone says, "No," to that question. Gail Shaw raised a few points in this post about trust and value in Microsoft's certification brand. Having been on the hiring side in recent years, I'd have to agree with the general sentiment that a Microsoft certification does… Read more

Good Intro Podcast on Hadoop

Have you heard about Hadoop but don't know much about it? What about "big data?" Would you like an intro at the 20,000 foot level that won't take more than an hour of your time?

 

Jeremiah Peschka (blog | twitter) was recently on .NET Rocks, a… Read more

0 comments, 1,281 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 3 September 2013

Before Asking for Help...

I have a standard rule that I use before going and bugging a co-worker or posting via social media/message forum about a technical question I might have. I invoke this rule except in cases where there's a production down or impaired situation and seconds count. Here's the rule:

 

Before I… Read more

Specify the Parameter Names for Stored Procedures

I just ran across a case where a script was failing. Here's the part that's failing:

 

EXEC sp_addrolemember 'MyDomain\MyGroup', 'SomeRole';
GO 


 Do you see the issue? If not, that's understandable. Because this is correct:

 

EXEC sp_addsrvrolemember 'MyDomain\MyGroup', 'SomeRole';
GO 


The problem with the first query is due to… Read more

Boorish Behavior? No, Worse. Death Threats Against Developers/Designers.

I know DBAs and developers have a rocky relationship. However, I don't believe we go as far as some of the fanatics in the gaming space. A friend of mine linked to this article:

 

BioWare writer quits after death threats to family

 

This isn't the first occurrence, as… Read more

Schneier's Thoughts on the Future of IT Security and the Impact of the Internet on Power

If you've got an hour to spare, you might want to check out this presentation by Bruce Schneier where he gives his thoughts on the future of security (it's evolving into a feudal model) and what the Internet means with respect to power. He talks a lot about privacy concerns,… Read more

Windows Phone Security Advisory - Weakness in Security Protocol

If you're using a Windows phone, versions 7.8 or 8, there is a new security advisory out with respect to weakness in one of the authentication protocols:

Microsoft Security Advisory (2876146) - Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

 

There is a recommended security update - not in the… Read more

More on SQL Server Built-In Cryptography Options

I wrote a series of articles at MSSQLTips.com to cover the cryptographic algorithms that are available with Microsoft SQL Server. Basically, I distilled what the current view is on each algorithm and whether or not it's okay to use. If you're looking at securing data using the cryptography SQL Server provides,… Read more

Thank you, Mr. Solomon

On one of the newsgroups I follow, I received a message that David Solomon will no longer be teaching seminars on Windows internals. Here's the quote from his website:

 

After 20 years researching, writing about, and teaching Windows OS internals, I’ve decided to focus full-time on the volunteer… Read more

Audio and slides are up for my webinar on SQL Server encryption

The webinar audio and slides/demo scripts are up for the presentation I did for the PASS Security virtual chapter.

 

PASS Security VC Meeting Archive

 

Make sure you grab both files(slides and demos + session recording). If you pull down the session recording, the audio is fine but the… Read more

Presenting for the new PASS Security Virtual Chapter on July 18

 

The PASS Security virtual chapter is up and running thanks to the hard work of Argenis Fernandez (blog | twitter) and Robert Davis (blog | twitter)!

 

I'll be speaking for it on Thursday, July 18th, at 1 PM ET. Here's the information about it: Read more

Dealing with Auditors: Password Settings

Yet again I've seen an audit request where the auditor wants the DBA to show what SQL Server's settings are for this set of information:

 

  • Account Lockout settings
  • Password Expiration settings
  • Password Complexity settings

 

If you're dealing with an auditor who is asking for this on your SQL… Read more

Update Your Audit Queries for SQL Server

I was working with an auditor today who is working through a system with an external audit agency. The external agency handed us scripts to run across SQL Server, Active Directory, etc. I took on the SQL Server scripts. Then I refused to run them. The main reason I pushed… Read more

Personally Identifiable Information (PII) and Data Encryption

Hitting close to home, SC Governor Nikki Haley noted that after the SC Department of Revenue breach was reported, that the IRS didn't require the data to be encrypted:

 

“As I am sure you are aware, an international hacker recently breached the South Carolina Department of Revenue’s computer system exposing… Read more

Why Anti-Virus Offers Limited Protection

Sitting in the first Keynote for the 2013 Techno Security and Forensics Investigation Conference, I was not surprised to hear Kevin Mandia say that in their recent investigations, they had found anti-virus installed and working with the latest definitions. Yet these systems were still infected with malware. In short, AV had… Read more

From the 2013 Techno Security Conference - Cloud Computing and Digital Forensics

I'm processing through my notes for the 2013 Techno Security Conference, which is finishing up today with post-cons. Of all the sessions I attended, the best one was Cloud Security and Digital Forensics, presented by Ken Zatyko. This was actually a replacement talk, because the talk I wanted to… Read more

Notes from 2013 Techno Security Conference Tuesday Keynote

There's enough from this morning's 2013 Techno Security and Forensics Investigation Conference to split into multiple blog posts. I'll focus this one on the keynote that was given this morning. The presentation was Protecting the US Financial System from Transnational Criminals and it was given by A.T. Smith, Deputy Director,… Read more

Notes from the First Day of the 2013 Techno Security Conference

The Techno Security & Forensics Security Conference is held in conjunction with the Mobile Forensic Conference each year in Myrtle Beach, SC. Both conferences are primarily geared towards forensics types. Each of the main days (there are pre and post-con classes like most conferences) starts with a keynote speaker. Today's… Read more

SQL Saturday Charleston!

Finally.... SQL Saturday has come back to... South Carolina!  (with apologies to The Rock)

 

After the last SQL Saturday in Columbia, Bobby Dimmick (blog | twitter) and I decided to step back and see if somewhere else near us wanted to host a SQL Saturday. Charleston,… Read more

Newer posts

Older posts