-->
SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

The Three A’s: Auditing

Authentication and Authorization, the first two of the three A’s of security, control who gets access to what. However, at some point we’ll need to do who is accessing that what and when it happened. That brings us to the third A: Auditing.

Auditing isn’t strictly required on all systems.… Read more

0 comments, 1,250 reads

Posted in Databases – Infrastructure – Security on 28 June 2017

The Three A’s: Authorization

Having covered authentication yesterday, let’s move on the second A, authorization. Authentication was about proving identity. Now that we know that identity, we can determine permissions. Just because we have authentication doesn’t mean we have authorization. Let me give you an example. 

A club only permits patrons who are 21… Read more

0 comments, 1,486 reads

Posted in Databases – Infrastructure – Security on 27 June 2017

The Three A’s: Authentication

When I start talking with folks about security, one of the areas of confusion I often find has to do with the three A’s of security. Specifically, the difference between the first two: authentication and authorization. Let’s look at the first today. 

Authentication is simply proving who you are. With… Read more

0 comments, 1,597 reads

Posted in Databases – Infrastructure – Security on 26 June 2017

#SQLChat on Performance Issues

Twitter can often be a great source of information for the SQL Community, especially with the #SQLHelp hashtag. Another resource that not everyone is familiar with is #SQLChat, which Idera runs periodically. There are moderators that helps keep things going, including at least one person from the SQL Server community,… Read more

0 comments, 245 reads

Posted in Databases – Infrastructure – Security on 23 June 2017

PASS Security VC Presentation – The Dirty Business of Auditing

On Thursday, June 22, at 1 PM EDT / 10 AM PDT, I’ll be presenting for the PASS Security Virtual Chapter.

Registration Link

Here’s what I’ll be speaking on:

The Dirty Business of Auditing

Auditing is often a dirty word among DBAs because it equates to more work with… Read more

0 comments, 240 reads

Posted in Databases – Infrastructure – Security on 19 June 2017

Speaking at Charleston PASS on May 18, 2017

During the day of the 18th I’ll be at the Syntax Code and Craft Conference in Charleston, SC. That evening I’m stopping by Charleston PASS to visit and give a presentation.

Register for Charleston PASS’ May 18th Meeting

I’m stepping away from my comfort zone of security and presenting on… Read more

0 comments, 214 reads

Posted in Databases – Infrastructure – Security on 12 May 2017

Slides from 24 Hours of PASS – Data Security

As promised, here are my slides from the 24 Hours of PASS on Data Security:

S1 – Brian Kelley_WhatYouAbsolutelyMustKnowAboutSQLServerSecurity (.pptx – 733 KB)

S7 – Brian Kelley_ProtectingDataAcrossTheEnvironment (.pptx – 1.3 MB)

Thanks for those who attended!


Read more

0 comments, 255 reads

Posted in Databases – Infrastructure – Security on 9 May 2017

Slides from SSWUG 2017 Spring Virtual Conference

As promised, here are the slides for my two presentations from SSWUG’s 2017 Spring Virtual Conference:

SSWUG_Spring_Building an Auditing Framework for SQL Server (.pptx – 152 KB)

SSWUG Spring Performing a SQL Server Security Risk Assessment (.pptx – 265 KB)

Thanks to those who attended!


Read more

0 comments, 208 reads

Posted in Databases – Infrastructure – Security on 8 May 2017

Additional Presentation at 24 Hours of PASS

I’ve had another presentation added for the 24 Hours of PASS; this one is the first session of the line-up, 12:00 GMT on May 3, 2017. You can register for this session and any of the others at the registration link.

Here are the details about the added… Read more

0 comments, 274 reads

Posted in Databases – Infrastructure – Security on 2 May 2017

[Off-Topic] Dealing with Type 2

I had a brief conversation with Stuart Ainsworth yesterday over Facebook. In passing I mentioned that I was doing well managing blood sugar levels and he indicated he didn’t know I had been dealing with anything like that. It reminded me that I hadn’t said anything about being diagnosed with… Read more

0 comments, 315 reads

Posted in Databases – Infrastructure – Security on 28 April 2017

Speaking at Syntax Code and Craft Conference 2017

On May 18, 2017, I’ll be giving a talk at the Syntax Code and Craft Conference in Charleston, SC. If you haven’t heard of this conference, it’s a 2-day affair primarily focused on developers. Here is my talk:

 

MAKE SQL SERVER GO FASTER

An app is a failure if… Read more

0 comments, 503 reads

Posted in Databases – Infrastructure – Security on 27 April 2017

Speaking at the SSWUG 2017 Spring Virtual Conference

On May 2, 2017, I’ll be giving two talks at the SSWUG 2017 Virtual Conference. Here are the talks:

 

Building a Home Grown Auditing Infrastructure for SQL Server

Not everyone has the budget for 3rd party tools to provide audit / security information on their SQL Server environment.… Read more

0 comments, 330 reads

Posted in Databases – Infrastructure – Security on 26 April 2017

Speaking at 24 Hours of PASS

On May 3, 2017, at 2 PM EDT (6 PM GMT) I’ll be speaking as part of the 24 Hours of PASS. Here’s what I’ll be speaking on:

 

Protecting Data Across the Environment

You are responsible for protecting data within your organization. Wary of how attackers have become… Read more

0 comments, 253 reads

Posted in Databases – Infrastructure – Security on 25 April 2017

IT Security Audit & Compliance Webinar Today (April 4) at 1 PM EDT

I’m speaking as part of a small panel for IT GRC Forum on keeping up your data security program in the face of changing regulatory requirements. This is occurring at 1 PM EDT, April 4, 2017.

Webinar: Streamlining Your Data-Security Program to Meet Regulatory Change

One correction on my listed… Read more

0 comments, 225 reads

Posted in Databases – Infrastructure – Security on 4 April 2017

New Article – Application Database Security Design (Part 1 – Authentication)

In conjunction with the webinar I gave last month for MSSQLTips, I’ve started an article series on application database security design.

Read Part 1 – Authentication for SQL Server

The issue with a one hour webcast is one can’t cover a broad topic like application database security design in any… Read more

1 comments, 1,996 reads

Posted in Databases – Infrastructure – Security on 6 March 2017

Database Security Webinar Today (Feb 23)

Today at 3 PM EST I’m giving a webinar on designing a successful database security model with SQL Server.

Register Here for Free (you can also register for other upcoming MSSQLTips webinars)

Here’s what I’ll be covering:

You’re building a new application using SQL Server as a back-end and you… Read more

0 comments, 349 reads

Posted in Databases – Infrastructure – Security on 23 February 2017

Giving a Security Webinar on Thursday

On Thursday, February 23rd at 3 PM EST I’m giving a webinar on designing a successful database security model with SQL Server.

Register Here for Free (you can also register for other upcoming MSSQLTips webinars)

Here’s what I’ll be covering:

You’re building a new application using SQL Server as a… Read more

0 comments, 222 reads

Posted in Databases – Infrastructure – Security on 21 February 2017

Career Corner: Go Beyond Networking

Networking with others is good for your career. You should do it. Don’t stop there. Keep going.

Networking builds contacts and associates you can reach out to with respect to your technical discipline. You need these to grow effectively in your career.

However, networking typically stops at the technical side.… Read more

0 comments, 380 reads

Posted in Databases – Infrastructure – Security on 25 January 2017

Grateful to have been a Microsoft MVP

A couple of weeks ago I received the disappointing but expected news that I wasn’t renewed as a Microsoft Data Platform MVP. I say expected because I knew my ability to give back to the community had been greatly diminished over the later part of 2015 and into 2016. Between… Read more

0 comments, 336 reads

Posted in Databases – Infrastructure – Security on 2 January 2017

Reminder – Geek Sync Today!

Today (December 14, 2016) at 12 PM Eastern I’m giving a webinar on preparing for your SQL Server farm for the holidays.

Registration: Geek Sync – Surviving the Holidays with SQL Server

Here’s what I will be covering:

It’s the end of the year and you want to have a… Read more

0 comments, 267 reads

Posted in Databases – Infrastructure – Security on 14 December 2016

Newer posts

Older posts