-->
SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Archives: June 2017

Security Basics: The Principle of Least Privilege

Whenever I’m asked about creating a security model for an application or database, I tell folks to follow the Principle of Least Privilege. There are several definitions out there, some wordier than others. Here’s mine:

Give the permissions necessary to do the job. No more. No less.

If this is… Read more

3 comments, 2,036 reads

Posted in Databases – Infrastructure – Security on 30 June 2017

Recording of PASS Security VC Webinar

If you were unable to attend this month’s PASS Security Virtual Chapter webinar, The Dirty Business of Auditing, it has been published to YouTube.

As requested, here are the slides: The Dirty Business of Auditing (278 KB).


Read more

0 comments, 286 reads

Posted in Databases – Infrastructure – Security on 29 June 2017

The Three A’s: Auditing

Authentication and Authorization, the first two of the three A’s of security, control who gets access to what. However, at some point we’ll need to do who is accessing that what and when it happened. That brings us to the third A: Auditing.

Auditing isn’t strictly required on all systems.… Read more

0 comments, 1,303 reads

Posted in Databases – Infrastructure – Security on 28 June 2017

The Three A’s: Authorization

Having covered authentication yesterday, let’s move on the second A, authorization. Authentication was about proving identity. Now that we know that identity, we can determine permissions. Just because we have authentication doesn’t mean we have authorization. Let me give you an example. 

A club only permits patrons who are 21… Read more

0 comments, 1,518 reads

Posted in Databases – Infrastructure – Security on 27 June 2017

The Three A’s: Authentication

When I start talking with folks about security, one of the areas of confusion I often find has to do with the three A’s of security. Specifically, the difference between the first two: authentication and authorization. Let’s look at the first today. 

Authentication is simply proving who you are. With… Read more

0 comments, 1,651 reads

Posted in Databases – Infrastructure – Security on 26 June 2017

#SQLChat on Performance Issues

Twitter can often be a great source of information for the SQL Community, especially with the #SQLHelp hashtag. Another resource that not everyone is familiar with is #SQLChat, which Idera runs periodically. There are moderators that helps keep things going, including at least one person from the SQL Server community,… Read more

0 comments, 260 reads

Posted in Databases – Infrastructure – Security on 23 June 2017

PASS Security VC Presentation – The Dirty Business of Auditing

On Thursday, June 22, at 1 PM EDT / 10 AM PDT, I’ll be presenting for the PASS Security Virtual Chapter.

Registration Link

Here’s what I’ll be speaking on:

The Dirty Business of Auditing

Auditing is often a dirty word among DBAs because it equates to more work with… Read more

0 comments, 269 reads

Posted in Databases – Infrastructure – Security on 19 June 2017