Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Encrypt usernames and passwords stored in files

I was looking at a product recently and came across a rather unpleasant surprise: the install instructions specified that I put the database connection in plaintext in web.config. I’ll explore this particular case and why it’s particularly egregious, but from a security perspective, this shouldn’t happen anymore, regardless of application.… Read more

0 comments, 1,495 reads

Posted in Databases – Infrastructure – Security on 2 April 2014

Speaking at Midlands PASS Chapter tonight

The Midlands PASS Chapter is an official PASS (Professional Association for SQL Server) chapter located in Columbia, SC. It’s free to attend our meetings, which are typically held the 2nd Thursday of each month.

Once a year we like to do an open forum on SQL Server security. It’s typically… Read more

0 comments, 134 reads

Posted in Databases – Infrastructure – Security on 13 March 2014

A summary of the SQL Server security #datachat is live

Recently I posted about participating in a #datachat about SQL Server security. As it turned out, we didn’t talk about SQL Server security, but data security. It was a good discussion with quite a few knowledgeable folks joining in. A summary of the discussion including some highlighted tweets can… Read more

0 comments, 169 reads

Posted in Databases – Infrastructure – Security on 12 March 2014

Auditing VMware vCenter Actions (on SQL Server)

When you’ve got a SIEM appliance or application, you want actions and events going into it as a central repository. That allows you to see patterns and hopefully track incidents across systems. As a result, if you want to track actions in VMware’s vCenter and you’ve got the database hosted… Read more

0 comments, 276 reads

Posted in Databases – Infrastructure – Security on 7 March 2014

The weakest link in database security

The weakest link in database security is the same as for most all IT security: people.

Because the weakest link is always people, we have adopted a principle called The Principle of Least Privilege to determine how we should assign security. If you’ve never heard of it, it’s a basic… Read more

1 comments, 224 reads

Posted in Databases – Infrastructure – Security on 6 March 2014

Security #Datachat on Twitter Tonight

Tonight, at 9 PM Eastern, I’ll be participating in a #datachat on SQL Server security. It’s sponsored by Confio (now part of Solarwinds).

You can find more details about the #datachat here.

How can you participate? Simply open up a search for #datachat and participate in the community Q… Read more

1 comments, 194 reads

Posted in Databases – Infrastructure – Security on 27 February 2014

Presenting on Top SQL Server Vulnerabilities

On February 19th, 2014, I’ll be giving a webinar from 3-4 PM Eastern on the Top SQL Server Vulnerabilities. You can register here for it.

It is being provided by MSSQLTips.com and GreenSQL. Here’s what I’m covering:

Your goal is to have a secure SQL Server installation. However,… Read more

0 comments, 1,390 reads

Posted in Databases – Infrastructure – Security on 12 February 2014

#TSQL2sDay – Data marts across a shaky WAN link

It sounded good in principle, especially given the requirements and the limitations:

  • We needed our various sites to be able to access the data on their customers.
  • Our line-of-business application that would be installed on the workstations will use this data.
  • Our sites resembled a snowflake schema with respect to…

Read more

2 comments, 177 reads

Posted in Databases – Infrastructure – Security on 11 February 2014

Presenting on Security at Midlands PASS

On Thursday, February 13, 2014, I’ll be at Midlands PASS in Columbia, SC. We’ll be meeting from 5:30 PM to about 7:30 PM. I’ll once again be given an open ended SQL Server security talk. Here’s the description:

Midlands PASS Chapter’s annual SQL Server security refresher! This is an open-ended…

Read more

0 comments, 113 reads

Posted in Databases – Infrastructure – Security on 10 February 2014

Free Online SQL Server Training for the Week of January 12, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

 

Monday, Jan 13:

Read more

0 comments, 237 reads

Posted in Databases – Infrastructure – Security on 9 January 2014

Being a Better IT Pro – Keep It Short

Keep your emails and communications as short as possible.

Make sure you cover everything you absolutely need to, but nothing more. When an email is too long, people won’t read it. Don’t believe me? Think about your own habits. When you see a wall of text, what do you do?… Read more

0 comments, 71 reads

Posted in Databases – Infrastructure – Security on 8 January 2014

Being a Better IT Pro – Get to the Point

When writing emails or other communications, state your point or request right at the beginning.

For instance, if you need the server team to reboot the server, tell them in the first sentence that you want them to reboot the server. Most IT folks attempt to reason through things logically… Read more

0 comments, 107 reads

Posted in Databases – Infrastructure – Security on 7 January 2014

Being a Better IT Pro – Grammar

In my IT career, one of the things I have found that sets me apart is my ability to write. As IT pros, we write a lot. Whether we’re talking email or documentation, senior level IT workers are always writing. However, not all of us graduated college with a degree… Read more

0 comments, 88 reads

Posted in Databases – Infrastructure – Security on 23 December 2013

Speaking at SQL Saturday #233–Washington, DC

For those who will be at SQL Saturday #233 in Washington, DC, I’ll be giving my professional development talk, Being the Swiss Army Knife of DB Pros, at 9:45 AM.

My career is ever evolving and so is my talk. For instance, I have just returned to the role… Read more

0 comments, 70 reads

Posted in Databases – Infrastructure – Security on 2 December 2013

Free Online SQL Server Training for the Week of November 24, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Monday, Nov 25:

Read more

0 comments, 75 reads

Posted in Databases – Infrastructure – Security on 22 November 2013

Free Online SQL Server Training for the Week of November 17, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Tuesday, Nov 19:

Read more

0 comments, 76 reads

Posted in Databases – Infrastructure – Security on 14 November 2013

What If Someone Tampered with the Process?

I’m a big fan of automation. Automation means I can do more. Automation means I eliminate the mundane stuff to focus on critical things. I like automation as an IT professional.

However, as a security professional, a question that is ever present in my mind is,

“What if someone tampered…

Read more

0 comments, 81 reads

Posted in Databases – Infrastructure – Security on 8 November 2013

Recording of SQL Injection Webcast Now Available

On Tuesday I gave a webcast along with MSSQLTips on SQL Injection. If you were unable to attend (or were able to attend and want to see it again), you can view it at the following link [registration required]:

SQL Injection: What it is, how it happens and how to…

Read more

0 comments, 82 reads

Posted in Databases – Infrastructure – Security on 7 November 2013

Free Online SQL Server Training for the Week of November 10, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Tuesday, Nov 12:

Read more

0 comments, 68 reads

Posted in Databases – Infrastructure – Security on 7 November 2013

Newer posts