Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Security Outside the Database


Security Outside the Database

Author
Message
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40434 Visits: 18846
Comments posted to this topic are about the item Security Outside the Database

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
chrisn-585491
chrisn-585491
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1164 Visits: 2370
The problem lies with management. Without their insistance and proper allocation of resources, security and education will not be a priority. Security costs $$$. Lack of security costs more. But try explaining that to the CFO or clients that only look at the immediate bottom line.
Thomas Stringer
Thomas Stringer
Right there with Babe
Right there with Babe (738 reputation)Right there with Babe (738 reputation)Right there with Babe (738 reputation)Right there with Babe (738 reputation)Right there with Babe (738 reputation)Right there with Babe (738 reputation)Right there with Babe (738 reputation)Right there with Babe (738 reputation)

Group: General Forum Members
Points: 738 Visits: 1074
I think what is so wonderful about databases and data as a profession is that we oftentimes are the JOIN (if you will) between the high-level software (applications, code, etc.) and the low-level hardware (storage, etc.). Knowing nothing about either is just a time-bomb waiting to happen.

I find it interesting that you explicitly stated networking as something we should know relatively well. I definitely tend to agree with that. Do you feel that structured network learning (i.e. CCNA) is a benefit to a database administrator?



Twitter: @SQLife
Email: sqlsalt(at)outlook(dot)com
krowley
krowley
SSC-Enthusiastic
SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)SSC-Enthusiastic (140 reputation)

Group: General Forum Members
Points: 140 Visits: 429
Unfortunately given the small size of a lot of companies these suggestions are just impractical. What we need is software and hardware that takes care of this for us. SQL Server, Windows, Firewalls, etc should have intelligent default configurations that are secure by default.

IT workers at small businesses often wear multiple hats and as such can't humanly be expected to master the intricacies of of every specific discipline such as firewall administration when they only deal with this area once a month at most.
jarick 15608
jarick 15608
SSC Journeyman
SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)

Group: General Forum Members
Points: 80 Visits: 472
I think half the issue is that we've got lazy developers who circumvent security in the name of repid development. I can't tell you how many developers I've worked with who run code as a user with sysadmin rights and when we, as DBA's, try to deny this, they go around and over our heads and get some high manager to bypass the best practices. I've even seen this from purchased applications.
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40434 Visits: 18846
Thomas Stringer (4/26/2012)
I think what is so wonderful about databases and data as a profession is that we oftentimes are the JOIN (if you will) between the high-level software (applications, code, etc.) and the low-level hardware (storage, etc.). Knowing nothing about either is just a time-bomb waiting to happen.

I find it interesting that you explicitly stated networking as something we should know relatively well. I definitely tend to agree with that. Do you feel that structured network learning (i.e. CCNA) is a benefit to a database administrator?


I think it's good for many people to be IT generalists, outside of their specialty. Over the years knowing networking, AD, mail, etc. has helped me solve DB issues, or even helped me get applications to integrate well.

However I wasn't implying in the piece that DBAs should learn about IP networking. If you have people doing those jobs, inspire/motivate/ping them to learn more about their craft and better secure your systems.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
TravisDBA
TravisDBA
SSCommitted
SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)

Group: General Forum Members
Points: 1536 Visits: 3069
chrisn-585491 (4/26/2012)
The problem lies with management. Without their insistance and proper allocation of resources, security and education will not be a priority. Security costs $$$. Lack of security costs more. But try explaining that to the CFO or clients that only look at the immediate bottom line.



Now there is a man that knows the "real" world and how it works.:-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
TravisDBA
TravisDBA
SSCommitted
SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)

Group: General Forum Members
Points: 1536 Visits: 3069
However I wasn't implying in the piece that DBAs should learn about IP networking. If you have people doing those jobs, inspire/motivate/ping them to learn more about their craft and better secure your systems.


I agree, because in the end it makes you more marketable in the work place. However, in todays work place SARBOX standards tends to demarcate job descriptions a lot more, and when you deal with companies that come under SARBOX standards you have to be very aware of this or otherwise you could find yourself in some trouble with auditors learning/doing someone elses job description.:-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
jarick 15608
jarick 15608
SSC Journeyman
SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)

Group: General Forum Members
Points: 80 Visits: 472
I agree that we should all learn about technologies that relate to our core technologies even though they are technically "not our job". Knowing VMWare, AD, and development(C#, C++, VB.NET) helps me a lot as a DBA.
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40434 Visits: 18846
TravisDBA (4/26/2012)

I agree, because in the end it makes you more marketable in the work place. However, in todays work place SARBOX standards tends to demarcate job descriptions a lot more, and when you deal with companies that come under SARBOX standards you have to be very aware of this or otherwise you could find yourself in some trouble with auditors learning/doing someone elses job description.:-D


Not true. You cannot do someone else's job. That's where you get into trouble. Understanding their job, providing advice, is fine. What you can't do is actually do the work or have access.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search