Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Consolidating Email Accounts

I am consolidating my professional email accounts into one place. If you’ve previously contacted me using my linchpinpeople.com or either of my sqlpass.org email accounts, please use this instead:

kbriankelley

{at}

acm

{dot}

org

I have been slow to respond at times to the other accounts, because I don’t check… Read more

0 comments, 107 reads

Posted in Databases – Infrastructure – Security on 21 October 2014

SQL Server Security Benchmarks

If you’re not familiar with the Center for Internet Security, here’s the organization’s mission statement:

The Mission of the Center for Internet Security is to enhance the security readiness and response of public private sector entities, with a commitment to excellence through collaboration.

CIS produces consensus-based, best practice secure…

Read more

0 comments, 79 reads

Posted in Databases – Infrastructure – Security on 20 October 2014

#TSQL2sday #59 – My Heroes

Here is my list of heroes for #TSQL2sday. None of them are directly tied to technology, much less SQL Server. However, all of them have made a deep impact on my life. I am where I am today because of these nine.

1. James Tiberius Kirk

I start my… Read more

0 comments, 88 reads

Posted in Databases – Infrastructure – Security on 14 October 2014

Slides and Code for SSIG Talk

Thank you for those who made it out to the SQL Server Innovators Guild last night in Greenville, SC. I hope you enjoyed the talk and that it’ll create conversations about how we better secure the ETL pipeline. With attacks against data becoming more and more prevalent, I only see… Read more

0 comments, 143 reads

Posted in Databases – Infrastructure – Security on 8 October 2014

Carolina Technology Conference: Presentation Materials

For those able to attend my session at this year’s Carolina Technology Conference, thank you! As promised, here are the slides, sample code, and audit scripts from my presentation on What You Absolutely Must Know about SQL Server Security:

ZIP file: What You Absolutely Must Know about SQL Server… Read more

0 comments, 150 reads

Posted in Databases – Infrastructure – Security on 6 October 2014

The Fallacy of Internal Access Only

In the wake of Shell Shock, I’ve seen some vendor advisories indicate that while their product is vulnerable, it’s only through the management interface but everything is okay because if best practices have been followed, the management interface isn’t/hasn’t been exposed to the Internet.

No, everything is not okay.… Read more

2 comments, 5,602 reads

Posted in Databases – Infrastructure – Security on 30 September 2014

Four Things PASS gets Right

PASS has taken a lot of heat recently. A few folks have pointed out that you only seem to hear when people are upset at PASS at something. So here’s my take on what PASS has done correctly.

The Summit

The Summit is a premier conference for SQL Server professionals.… Read more

0 comments, 5,918 reads

Posted in Databases – Infrastructure – Security on 24 September 2014

[Off-Topic] Beating Childhood Cancer

Note: I feel this post is important enough to post across all my blogs.

September is Childhood Cancer Awareness Month here in the USA. Here are some statistics:

  • In 2014, an estimated 15, 780 children (ages 0-19) will be diagnosed with cancer in the USA.
  • In 2014, an estimated…

Read more

0 comments, 117 reads

Posted in Databases – Infrastructure – Security on 9 September 2014

Audit Webinar Tomorrow (4 September 2014)

I will be given a webinar on how to audit SQL Server through MSSQLTips.com.

Webinar Registration Link

The abstract:

Don’t become a statistic. With the numerous data breaches and internal data theft, securing your SQL Server environment can help keep your company out of the news. Unfortunately, a… Read more

0 comments, 133 reads

Posted in Databases – Infrastructure – Security on 3 September 2014

4 Attitudes I Wish I Had Earlier as a DBA

I was tagged by Mike Walsh (blog | twitter) in his post 4 Attitudes I Wish I Had Earlier As a DBA.

I Don’t Have to Do It Alone

I’ve always worked hard in my IT career to be knowledgeable in my field. I don’t like not… Read more

6 comments, 6,806 reads

Posted in Databases – Infrastructure – Security on 28 August 2014

Continuous Integration/Delivery without Testing!

Anything we can do to automate our builds and deployment should be considered. After all, the point isn’t just to write code, but to deploy working code. So what if we did the automated builds and deployed them to development or QA? No errors, so I’m good, right?

Not so… Read more

0 comments, 6,403 reads

Posted in Databases – Infrastructure – Security on 25 August 2014

Still a Need for a SQL Server Specific Organization

If you haven’t already, please read Denise McInerney’s post about why PASS no longer stands for the Professional Association for SQL Server.

The Growth of an Organization

If you’ve been involved with PASS lately, you’ve probably seen this change coming. When I read the post, I wasn’t surprised. PASS… Read more

2 comments, 159 reads

Posted in Databases – Infrastructure – Security on 20 August 2014

Guest Post on SQL Authority – Default Trace & Deleted Databases

I had the opportunity to write another guest post at SQL Authority:

Finding Out What Changed in a Deleted Database

This one covers how to determine who made changes in a database that has been deleted. This isn’t a situation where you can use the schema changes history report… Read more

0 comments, 263 reads

Posted in Databases – Infrastructure – Security on 14 August 2014

One of Those Must Read Books – The Cuckoo’s Egg

I was reading a book about network security monitoring and it mentioned The Cuckoo’s Egg by Cliff Stoll. Stoll’s book has been around for a long time, and it’s considered a classic book with regards to information security. If you’re not familiar with it, it’s the story of a gentleman… Read more

1 comments, 126 reads

Posted in Databases – Infrastructure – Security on 13 August 2014

Guest Editorial Live on SSC

My guest editorial is live on SQLServerCentral.com. My argument is a simple one: we don’t care about data and IT security. I don’t just mean IT folks. I mean most everybody. I include myself in this characterization. I know a few exceptions, but they are truly exceptions.

In the… Read more

0 comments, 138 reads

Posted in Databases – Infrastructure – Security on 11 August 2014

Speaking on ETL Security

I will be giving a presentation on ETL (Extract, Transform, Load) security at two user groups in the coming weeks.

Securing the ETL Pipeline

We’re going to look at typical ETL (Extract, Transform, Load) pipelines and consider the weak points an attacker might go after. Our goal in this isn’t… Read more

0 comments, 143 reads

Posted in Databases – Infrastructure – Security on 25 July 2014

Midlands PASS July Meeting – July 10

The Midlands PASS Chapter will hold its next meeting on July 10. We meet at MicroStaff IT in Cayce, SC. Here is the main presentation:

Statistics, Indexes, and their Impact

Speaker: Brian Kelley, SQL Server MVP

Statistics. Indexes. Clustered Indexes. Non-Clustered Indexes. Covering Indexes. Bookmark Lookups. Perhaps you’ve heard these… Read more

0 comments, 138 reads

Posted in Databases – Infrastructure – Security on 3 July 2014

PASS Summit Session Selection

Let’s make it democratic. Let’s ensure we get solid sessions from key people. And let’s save a ton of work in the process.

Spotlight Sessions:

There are certain folks that are extremely knowledgeable in their areas of expertise. They also happen to be excellent presenters. Have the spotlight sessions and… Read more

10 comments, 152 reads

Posted in Databases – Infrastructure – Security on 27 June 2014

What is an “operational” DBA?

On Facebook last night, I posted the following:

An operational DBA isn’t just a manager of a traditional RDBMS, transactional system. An operational DBA manages the data platform, whatever it is, when it hits production. Their goals are not traditionally the same as someone focused on development. They are looking…

Read more

2 comments, 198 reads

Posted in Databases – Infrastructure – Security on 27 June 2014

“A good DBA is a lazy DBA”

I’m borrowing from Andy Leonard (blog | twitter) who says all the time, “Good engineers are lazy.”

If you’re thinking, “Why would I want (to be) a lazy DBA?” let me explain. There’s a lot to be said for hard work. However, have you ever seen someone who… Read more

7 comments, 994 reads

Posted in Databases – Infrastructure – Security on 25 June 2014

Older posts