SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Security Outside the Database


Security Outside the Database

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)

Group: Administrators
Points: 84233 Visits: 19223
Comments posted to this topic are about the item Security Outside the Database

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
chrisn-585491
chrisn-585491
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2644 Visits: 2471
The problem lies with management. Without their insistance and proper allocation of resources, security and education will not be a priority. Security costs $$$. Lack of security costs more. But try explaining that to the CFO or clients that only look at the immediate bottom line.
Thomas Stringer
Thomas Stringer
SSC Eights!
SSC Eights! (906 reputation)SSC Eights! (906 reputation)SSC Eights! (906 reputation)SSC Eights! (906 reputation)SSC Eights! (906 reputation)SSC Eights! (906 reputation)SSC Eights! (906 reputation)SSC Eights! (906 reputation)

Group: General Forum Members
Points: 906 Visits: 1074
I think what is so wonderful about databases and data as a profession is that we oftentimes are the JOIN (if you will) between the high-level software (applications, code, etc.) and the low-level hardware (storage, etc.). Knowing nothing about either is just a time-bomb waiting to happen.

I find it interesting that you explicitly stated networking as something we should know relatively well. I definitely tend to agree with that. Do you feel that structured network learning (i.e. CCNA) is a benefit to a database administrator?



Twitter: @SQLife
Email: sqlsalt(at)outlook(dot)com
krowley
krowley
SSC Veteran
SSC Veteran (216 reputation)SSC Veteran (216 reputation)SSC Veteran (216 reputation)SSC Veteran (216 reputation)SSC Veteran (216 reputation)SSC Veteran (216 reputation)SSC Veteran (216 reputation)SSC Veteran (216 reputation)

Group: General Forum Members
Points: 216 Visits: 429
Unfortunately given the small size of a lot of companies these suggestions are just impractical. What we need is software and hardware that takes care of this for us. SQL Server, Windows, Firewalls, etc should have intelligent default configurations that are secure by default.

IT workers at small businesses often wear multiple hats and as such can't humanly be expected to master the intricacies of of every specific discipline such as firewall administration when they only deal with this area once a month at most.
jarick 15608
jarick 15608
SSC Veteran
SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)

Group: General Forum Members
Points: 205 Visits: 478
I think half the issue is that we've got lazy developers who circumvent security in the name of repid development. I can't tell you how many developers I've worked with who run code as a user with sysadmin rights and when we, as DBA's, try to deny this, they go around and over our heads and get some high manager to bypass the best practices. I've even seen this from purchased applications.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)

Group: Administrators
Points: 84233 Visits: 19223
Thomas Stringer (4/26/2012)
I think what is so wonderful about databases and data as a profession is that we oftentimes are the JOIN (if you will) between the high-level software (applications, code, etc.) and the low-level hardware (storage, etc.). Knowing nothing about either is just a time-bomb waiting to happen.

I find it interesting that you explicitly stated networking as something we should know relatively well. I definitely tend to agree with that. Do you feel that structured network learning (i.e. CCNA) is a benefit to a database administrator?


I think it's good for many people to be IT generalists, outside of their specialty. Over the years knowing networking, AD, mail, etc. has helped me solve DB issues, or even helped me get applications to integrate well.

However I wasn't implying in the piece that DBAs should learn about IP networking. If you have people doing those jobs, inspire/motivate/ping them to learn more about their craft and better secure your systems.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
TravisDBA
TravisDBA
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2428 Visits: 3069
chrisn-585491 (4/26/2012)
The problem lies with management. Without their insistance and proper allocation of resources, security and education will not be a priority. Security costs $$$. Lack of security costs more. But try explaining that to the CFO or clients that only look at the immediate bottom line.



Now there is a man that knows the "real" world and how it works.:-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
TravisDBA
TravisDBA
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2428 Visits: 3069
However I wasn't implying in the piece that DBAs should learn about IP networking. If you have people doing those jobs, inspire/motivate/ping them to learn more about their craft and better secure your systems.


I agree, because in the end it makes you more marketable in the work place. However, in todays work place SARBOX standards tends to demarcate job descriptions a lot more, and when you deal with companies that come under SARBOX standards you have to be very aware of this or otherwise you could find yourself in some trouble with auditors learning/doing someone elses job description.:-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
jarick 15608
jarick 15608
SSC Veteran
SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)SSC Veteran (205 reputation)

Group: General Forum Members
Points: 205 Visits: 478
I agree that we should all learn about technologies that relate to our core technologies even though they are technically "not our job". Knowing VMWare, AD, and development(C#, C++, VB.NET) helps me a lot as a DBA.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)SSC Guru (84K reputation)

Group: Administrators
Points: 84233 Visits: 19223
TravisDBA (4/26/2012)

I agree, because in the end it makes you more marketable in the work place. However, in todays work place SARBOX standards tends to demarcate job descriptions a lot more, and when you deal with companies that come under SARBOX standards you have to be very aware of this or otherwise you could find yourself in some trouble with auditors learning/doing someone elses job description.:-D


Not true. You cannot do someone else's job. That's where you get into trouble. Understanding their job, providing advice, is fine. What you can't do is actually do the work or have access.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search