I was having a twitter coversation with @dataartisan about chess. He remarked that playing on-line with random folks didn't strike him as very much fun. Truth be told, I'd rather play a game with folks I know, even if it's only been a short time, than folks I don't. That made me… Read more

Folks have cited the recent InformationWeek article on how South Carolina's Department of Revenue was hacked because the SC state government basically said, "It's the IRS' fault for not telling us we should encrypt social security numbers." I'm not going to touch that. It stands on its own for its foolishness.… Read more

 We'll discuss surface area later in the week. Today let's talk about if you're able to connect to SQL Server. Connecting to SQL Server and actually logging in are two different things. I can run a scanner and detect SQL Server is present and then launch a telnet session. That… Read more

When it comes to attacking SQL Server, whether we're talking about the security of an installation or as a piece towards a larger solution, I first stop and realize that SQL Server is the sum of its parts. For instance, take SQL Server installed on a VM. Areas that concern… Read more

One of my goals back when I was a young MCSE (that's Microsoft Certified System Engineer for NT4, not the new certs) was to one day be certified as a Microsoft Certified Trainer. I realize that being an MCT is like being a Ph.D. There are some super sharp ones and there… Read more

If you're dealing with a version of SQL Server greater than SQL Server 2000, at this point I'm going to say yes. The reason I say yes is looking at the files that are updated. For instance:

• SQL Server 2005 SP4 GDR file list
• SQL Server 2005 SP4 QFE file…

Read more

I had a few folks ask me for the slides and SQL scripts from the Auditing SQL Server webinar I gave for Idera. You can find them together in this .zip file:

http://www.sqlservercentral.com/blogs-admin/blogs/brian_kelley/Presentations/Idera_Auditing_SQL_Scripts.zip

Thanks for those who attended. If you weren't able to make the webinar, it's archived here: Read more

Today is black Tuesday for October 2012. One security bulletin is specifically for a component of the SQL Server stack: SQL Server Reporting Services. Here's the write-up from Microsoft:

Microsoft Security Bulletin MS12-070

This affects from SQL Server 2000 Reporting Services through SQL Server 2012 Reporting Services, all supported versions.… Read more

On October 17th, Midlands PASS will welcome Kathi Kellenberger to speak on T-SQL 2012. Here's what her talk will be on:

You have heard all about AlwaysOn, BI Semantic Model, and Power View. Did you know that SQL Server 2012 has a host of new T-SQL features? Attend this session… Read more

Idera will be re-broadcasting that I recorded earlier in the year on meeting audits with SQL Server. It's scheduled for October 9th at 10 AM PT/12 PM CT/1 PM ET. I'll be on afterwards for a live Q and A session. If you didn't get a chance to see it… Read more

Once again it is time for the Professional Association for SQL Server (PASS) Board of Directors election. This year there are three seats available and five candidates vying for those seats. You can begin the process of learning about the candidates here:

PASS Elections Site

If you want to interact with… Read more

We welcomed daughter #3 and child #5 into this world on Saturday at 9:43 AM. She came a bit earlier than expected, but mom and baby are both doing fine. Her siblings are ecstatic, especially her oldest sister (now 7 years old). With her birth, the balance of power has… Read more

Back on August 15th I did a webinar for the PASS Professional Development virtual chapter on my talk Being the Swiss Army Knife of DB Pros. The recording is good and is now on-line:

LiveMeeting recording for Swiss Army Knife of DB Pros

I know I tend to say… Read more

This is based on a post with respect to where our focus and efforts should be that I wrote at my Goal Keeping DBA blog:

SELECT Task, Priority, DueDate
FROM [What_Is_Important] AS I
  INNER JOIN [What_I_Can_Control] AS C
  ON I.TaskID = C.TaskID
ORDER BY DueDate, Priority, Task;

  Read more

This falls in line with a previous post about common sense in IT.

I was having lunch with a co-worker, whom I will call Marcus, to protect the guilty (he's not). Marcus in an IT director for a medical services provider. About two weeks ago the vendor of the… Read more

Auto-deploying AV definitions has become common place throughout the industry. However, this post from the SANS Internet Storm Center raises the question about whether we should stagger deployments, much as we should be doing with security patches. This is a hard call.

AV updates can happen a lot, depending on how… Read more

It's been a while since I was in the day-to-day business of security patches. However, I still keep up with vulnerabilities and fixes as I expect every Microsoft SQL Server DBA should. Here are some resources I recommend to do the job right:

• Secunia Advisories - You'll need to…

Read more

I was watching a training video last night and the instructor made the statement we hear all the time:

"Test this in a non-production environment before you make a change in production."

In fact, he repeated it several times. In a recent article I wrote, I included the following warning:

 The… Read more

If you are in or around the Charlotte, NC area, there is a PowerShell Saturday coming your way on September 15, 2012. You can find out more information and register at:

PowerShell Saturday 002 Charlotte, NC

There looks to be a great set of speakers from infrastructure folks… Read more

As I blogged about previously, tomorrow (Wednesday) I will be speaking for the PASS Professional Development virtual chapter. My talk will be on my career, how I got to where I am, and how I have developed the views I've developed with respect to the job, building yourself up in… Read more