-->
SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Randomness in Security Configuration

We were deploying a new web service. Because of the nature of the service, we wanted it to listen on a non-standard port. Security by obscurity doesn’t work against a real attacker or well-written malware. However, if someone was just attempting to check for a web server by doing the… Read more

0 comments, 204 reads

Posted in Databases – Infrastructure – Security on 14 August 2017

Just Say No to Social Engineering Memes

These memes, from a security and privacy perspective, are nothing but trouble. Here’s an example I just saw a friend respond to:


The reason I say trouble is because if you play along, they reveal a tremendous amount of personal information about you. That information is often used to secure… Read more

1 comments, 254 reads

Posted in Databases – Infrastructure – Security on 11 August 2017

#TSQL2sday: Interviewing Patterns

This T-SQL Tuesday is hosted by Kendra Little.

I’ve been told interviewing is an art. Perhaps it is. I view it more as an information exchange. The organization you’re interviewing with is trying to obtain information on you. You should be trying to obtain information on the organization. The… Read more

3 comments, 107 reads

Posted in Databases – Infrastructure – Security on 8 August 2017

Geek Sync on Wednesday: Taking Control of Your Organization’s SQL Server Sprawl

This Wednesday, July 26th, at 12 PM EDT, I’ll be giving a presentation through Idera’s Geek Sync series. You will need to register for the session.

Registration Link for Geek Sync talk

Here’s what I’ll be covering:

You have SQL Server sprawl throughout your organization. There are SQL Servers installed… Read more

0 comments, 118 reads

Posted in Databases – Infrastructure – Security on 24 July 2017

Remember What It’s Like to Be a Rookie

File this under “soft skills.” Let me start with a recent experience.

Last week I was leading a team of youth working around their local community. My oldest son was one of my co-leaders and he had just come back from his first year at The Citadel as well as… Read more

1 comments, 1,386 reads

Posted in Databases – Infrastructure – Security on 20 July 2017

Security Basics: The Principle of Least Privilege

Whenever I’m asked about creating a security model for an application or database, I tell folks to follow the Principle of Least Privilege. There are several definitions out there, some wordier than others. Here’s mine:

Give the permissions necessary to do the job. No more. No less.

If this is… Read more

2 comments, 1,760 reads

Posted in Databases – Infrastructure – Security on 30 June 2017

Recording of PASS Security VC Webinar

If you were unable to attend this month’s PASS Security Virtual Chapter webinar, The Dirty Business of Auditing, it has been published to YouTube.

As requested, here are the slides: The Dirty Business of Auditing (278 KB).


Read more

0 comments, 146 reads

Posted in Databases – Infrastructure – Security on 29 June 2017

The Three A’s: Auditing

Authentication and Authorization, the first two of the three A’s of security, control who gets access to what. However, at some point we’ll need to do who is accessing that what and when it happened. That brings us to the third A: Auditing.

Auditing isn’t strictly required on all systems.… Read more

0 comments, 1,087 reads

Posted in Databases – Infrastructure – Security on 28 June 2017

The Three A’s: Authorization

Having covered authentication yesterday, let’s move on the second A, authorization. Authentication was about proving identity. Now that we know that identity, we can determine permissions. Just because we have authentication doesn’t mean we have authorization. Let me give you an example. 

A club only permits patrons who are 21… Read more

0 comments, 1,324 reads

Posted in Databases – Infrastructure – Security on 27 June 2017

The Three A’s: Authentication

When I start talking with folks about security, one of the areas of confusion I often find has to do with the three A’s of security. Specifically, the difference between the first two: authentication and authorization. Let’s look at the first today. 

Authentication is simply proving who you are. With… Read more

0 comments, 1,434 reads

Posted in Databases – Infrastructure – Security on 26 June 2017

#SQLChat on Performance Issues

Twitter can often be a great source of information for the SQL Community, especially with the #SQLHelp hashtag. Another resource that not everyone is familiar with is #SQLChat, which Idera runs periodically. There are moderators that helps keep things going, including at least one person from the SQL Server community,… Read more

0 comments, 197 reads

Posted in Databases – Infrastructure – Security on 23 June 2017

PASS Security VC Presentation – The Dirty Business of Auditing

On Thursday, June 22, at 1 PM EDT / 10 AM PDT, I’ll be presenting for the PASS Security Virtual Chapter.

Registration Link

Here’s what I’ll be speaking on:

The Dirty Business of Auditing

Auditing is often a dirty word among DBAs because it equates to more work with… Read more

0 comments, 167 reads

Posted in Databases – Infrastructure – Security on 19 June 2017

Speaking at Charleston PASS on May 18, 2017

During the day of the 18th I’ll be at the Syntax Code and Craft Conference in Charleston, SC. That evening I’m stopping by Charleston PASS to visit and give a presentation.

Register for Charleston PASS’ May 18th Meeting

I’m stepping away from my comfort zone of security and presenting on… Read more

0 comments, 168 reads

Posted in Databases – Infrastructure – Security on 12 May 2017

Slides from 24 Hours of PASS – Data Security

As promised, here are my slides from the 24 Hours of PASS on Data Security:

S1 – Brian Kelley_WhatYouAbsolutelyMustKnowAboutSQLServerSecurity (.pptx – 733 KB)

S7 – Brian Kelley_ProtectingDataAcrossTheEnvironment (.pptx – 1.3 MB)

Thanks for those who attended!


Read more

0 comments, 209 reads

Posted in Databases – Infrastructure – Security on 9 May 2017

Slides from SSWUG 2017 Spring Virtual Conference

As promised, here are the slides for my two presentations from SSWUG’s 2017 Spring Virtual Conference:

SSWUG_Spring_Building an Auditing Framework for SQL Server (.pptx – 152 KB)

SSWUG Spring Performing a SQL Server Security Risk Assessment (.pptx – 265 KB)

Thanks to those who attended!


Read more

0 comments, 162 reads

Posted in Databases – Infrastructure – Security on 8 May 2017

Additional Presentation at 24 Hours of PASS

I’ve had another presentation added for the 24 Hours of PASS; this one is the first session of the line-up, 12:00 GMT on May 3, 2017. You can register for this session and any of the others at the registration link.

Here are the details about the added… Read more

0 comments, 226 reads

Posted in Databases – Infrastructure – Security on 2 May 2017

[Off-Topic] Dealing with Type 2

I had a brief conversation with Stuart Ainsworth yesterday over Facebook. In passing I mentioned that I was doing well managing blood sugar levels and he indicated he didn’t know I had been dealing with anything like that. It reminded me that I hadn’t said anything about being diagnosed with… Read more

0 comments, 228 reads

Posted in Databases – Infrastructure – Security on 28 April 2017

Speaking at Syntax Code and Craft Conference 2017

On May 18, 2017, I’ll be giving a talk at the Syntax Code and Craft Conference in Charleston, SC. If you haven’t heard of this conference, it’s a 2-day affair primarily focused on developers. Here is my talk:

 

MAKE SQL SERVER GO FASTER

An app is a failure if… Read more

0 comments, 412 reads

Posted in Databases – Infrastructure – Security on 27 April 2017

Speaking at the SSWUG 2017 Spring Virtual Conference

On May 2, 2017, I’ll be giving two talks at the SSWUG 2017 Virtual Conference. Here are the talks:

 

Building a Home Grown Auditing Infrastructure for SQL Server

Not everyone has the budget for 3rd party tools to provide audit / security information on their SQL Server environment.… Read more

0 comments, 243 reads

Posted in Databases – Infrastructure – Security on 26 April 2017

Speaking at 24 Hours of PASS

On May 3, 2017, at 2 PM EDT (6 PM GMT) I’ll be speaking as part of the 24 Hours of PASS. Here’s what I’ll be speaking on:

 

Protecting Data Across the Environment

You are responsible for protecting data within your organization. Wary of how attackers have become… Read more

0 comments, 209 reads

Posted in Databases – Infrastructure – Security on 25 April 2017

Older posts