Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Not More Than 16 Characters?!?

Microsoft, you’re killing me. This is the warning I received when typing in a password for Office 365:

I blinked when I saw the warning, “Your password can’t be longer than 16 characters.” I couldn’t believe that I had gotten that warning, so I erased what I had typed for… Read more

6 comments, 2,290 reads

Posted in Databases – Infrastructure – Security on 10 June 2016

Protecting Against Delete without Where

If I’m doing any manual work with T-SQL, I always begin every set of data change operations with BEGIN TRAN and I have the COMMIT TRAN commented out at the end of my script. Why?

Quite simply, because I’m wary of having a DELETE clause without a proper WHERE clause.… Read more

7 comments, 3,103 reads

Posted in Databases – Infrastructure – Security on 9 June 2016

A Different Type of Currency

Recently, a member of the community lamented that folks weren’t willing to provide an email address for free training. This reminds me of an old saying popularized by Heinlein, but one that was used a lot in the Perl community: TANSTAAFL (There Ain’t No Such Thing As A Free Lunch).… Read more

1 comments, 133 reads

Posted in Databases – Infrastructure – Security on 9 June 2016

Slides from 2016 Techno Security & Mobile Forensics Conference

I’ve completed both of my presentations at the 2016 Techno Security and Forensics Investigation Conference (#technosecurity). If you were able to make it to one of my talks, thank you for choosing to spend your time with me. While my slides will be available from the conference site,… Read more

0 comments, 165 reads

Posted in Databases – Infrastructure – Security on 7 June 2016

Sights that just scream, “No!”

I’m at a conference, specifically a security conference. So I looked at the available WiFi connections. Among the conference and hotel specific connections and the MiFi and cellphone uplinks I spotted this one:

That just screams, “No!” TANSTAAFL.


Read more

0 comments, 154 reads

Posted in Databases – Infrastructure – Security on 7 June 2016

Congrats to MSSQLTips on 10 Years!

MSSQLTips has posted about their 10 years as a resource to the SQL Server community. It’s where I do the bulk of my writing these days, mainly because I like the problem/solution format. However, the folks at MSSQLTips didn’t just write to acknowledge their 10th birthday. 

They also posted… Read more

0 comments, 124 reads

Posted in Databases – Infrastructure – Security on 6 June 2016

On Software and OS Lifecycle Management

An Important Rule: 

If you’re trying to convince someone to your viewpoint, insulting them generally doesn’t work. If it does anything, it will be more likely to entrench them against your position. Therefore, this is something that IT professionals should avoid. 

If You Write Your Own Software

or work… Read more

0 comments, 4,779 reads

Posted in Databases – Infrastructure – Security on 17 April 2015

On Software and OS Lifecycle Management

An Important Rule: 

If you’re trying to convince someone to your viewpoint, insulting them generally doesn’t work. If it does anything, it will be more likely to entrench them against your position. Therefore, this is something that IT professionals should avoid. 

If You Write Your Own Software

or work… Read more

0 comments, 55 reads

Posted in Databases – Infrastructure – Security on 17 April 2015

On PowerShell

I use PowerShell a lot and I write about using it to solve problems quite frequently. The fact that I can extending Powershell by interfacing with the .NET Framework or making a COM/COM+ object call means I can do just about anything I need to do in order to… Read more

0 comments, 129 reads

Posted in Databases – Infrastructure – Security on 10 April 2015

On PowerShell

I use PowerShell a lot and I write about using it to solve problems quite frequently. The fact that I can extending Powershell by interfacing with the .NET Framework or making a COM/COM+ object call means I can do just about anything I need to do in order to… Read more

0 comments, 382 reads

Posted in Databases – Infrastructure – Security on 10 April 2015

On Automation

I’m a big fan of automation. I’ve been in IT for 27 years now. One unchanging rule during that time is there is always more to do than there is time to do it. Automation helps close that gap. And when I can automate something, I can do more than… Read more

0 comments, 4,824 reads

Posted in Databases – Infrastructure – Security on 9 April 2015

On Automation

I’m a big fan of automation. I’ve been in IT for 27 years now. One unchanging rule during that time is there is always more to do than there is time to do it. Automation helps close that gap. And when I can automate something, I can do more than… Read more

0 comments, 75 reads

Posted in Databases – Infrastructure – Security on 9 April 2015

Trust No One Implicitly

At the Charlotte BI Group meeting last night, one of the questions I was asked after I gave my talk on Securing the ETL Pipeline was this:

“So you’re basically saying we should trust our DBAs?”

My response caught several people off guard:

“No, I’m saying to trust no one

Read more

2 comments, 52 reads

Posted in Databases – Infrastructure – Security on 8 April 2015

Trust No One Implicitly

At the Charlotte BI Group meeting last night, one of the questions I was asked after I gave my talk on Securing the ETL Pipeline was this:

“So you’re basically saying we should trust our DBAs?”

My response caught several people off guard:

“No, I’m saying to trust no one

Read more

2 comments, 5,183 reads

Posted in Databases – Infrastructure – Security on 8 April 2015

Speaking at Charlotte BI Group Tomorrow

Tomorrow, Tuesday, April 7, 2015, I’ll be speaking at the Charlotte BI user group. The meeting starts at 5:30 PM.

Here’s the info:

RSVP Link

Topic: Securing the ETL Pipeline

We’re going to look at typical ETL (Extract, Transform, Load) pipelines and consider the weak points an attacker might… Read more

0 comments, 217 reads

Posted in Databases – Infrastructure – Security on 6 April 2015

Speaking at Charlotte BI Group Tomorrow

Tomorrow, Tuesday, April 7, 2015, I’ll be speaking at the Charlotte BI user group. The meeting starts at 5:30 PM.

Here’s the info:

RSVP Link

Topic: Securing the ETL Pipeline

We’re going to look at typical ETL (Extract, Transform, Load) pipelines and consider the weak points an attacker might… Read more

0 comments, 59 reads

Posted in Databases – Infrastructure – Security on 6 April 2015

Women in Technology

Warning: rant forthcoming.

I don’t get the women in technology problem. Oh, I understand and see the problem. I also understand and see the problem is primarily with men. I just don’t get why there is a problem. 

Maybe the reason I don’t get the problem with women being our… Read more

10 comments, 119 reads

Posted in Databases – Infrastructure – Security on 18 March 2015

Women in Technology

Warning: rant forthcoming.

I don’t get the women in technology problem. Oh, I understand and see the problem. I also understand and see the problem is primarily with men. I just don’t get why there is a problem. 

Maybe the reason I don’t get the problem with women being our… Read more

10 comments, 6,370 reads

Posted in Databases – Infrastructure – Security on 18 March 2015

Why You Shouldn’t Skip the Infrastructure/Security Architecture Review

It’s not usual for development projects to undergo an architecture review, but too many times these reviews consist only of developers. There are no server or network folks, much less any DBAs or security personnel. When I’ve brought this up to some of my developer friends, they wonder what the… Read more

0 comments, 5,303 reads

Posted in Databases – Infrastructure – Security on 9 March 2015

Why You Shouldn’t Skip the Infrastructure/Security Architecture Review

It’s not usual for development projects to undergo an architecture review, but too many times these reviews consist only of developers. There are no server or network folks, much less any DBAs or security personnel. When I’ve brought this up to some of my developer friends, they wonder what the… Read more

0 comments, 60 reads

Posted in Databases – Infrastructure – Security on 9 March 2015

Older posts