SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Server Security: Why Security Is Important


SQL Server Security: Why Security Is Important

Author
Message
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10612 Visits: 1917
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/bkelley/sqlserversecuritywhysecurityisimportant.asp

K. Brian Kelley
@‌kbriankelley
Frank Kalis
Frank Kalis
SSCrazy Eights
SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)SSCrazy Eights (8.4K reputation)

Group: General Forum Members
Points: 8357 Visits: 289
Hi Brian,

very good research work!

What I like is your fine, yet true distinction between hackers and crackers
From my point of view, a hacker has not malicious intent, but wants to show his ability to do it, while a cracker starts with this malicious intent.

As you've mentioned http://www.sqlsecurity.com , the slogan on their homepage has become you of my all time favorites.

"There is no 'patch' for stupidity."

But not so long ago, somewhere I've read, that attacks on windows system have begun to decline, while attacks on *nix systems are growing in number. Hope I find the link again, so I can post

Cheers,
Frank

P.S.: Is the link to the 'Lifecycle' book valid ???

Edited by - a5xo3z1 on 07/31/2003 05:44:10 AM

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10612 Visits: 1917
The old link just recently died. The new link doesn't paste correctly into the forum. Sad I'll see about doing some sort of redirect myself from my web site.

K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1



Edited by - bkelley on 07/31/2003 06:45:06 AM

K. Brian Kelley
@‌kbriankelley
Steve Jones
Steve Jones
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: Administrators
Points: 64369 Visits: 19117
Excellent case for patching systems. It's amazing to me that people still don't take this seriously. I'm struggling with hundreds of MSDE installations that have sa/blank hardcoded into the app.

Why?

The developers didn't think it was a big deal.

Steve Jones
sjones@sqlservercentral.com
http://www.sqlservercentral.com/columnists/sjones
www.dkranch.net

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Steve Jones
Steve Jones
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: Administrators
Points: 64369 Visits: 19117
One more note:

Commentary: People, process secure the enterprise
By Forrester Research
Special to CNET News.com
July 31, 2003, 4:30 AM PT


Michael Rasmussen, Director, Forrester Research

Last week, Microsoft and Cisco Systems announced two major vulnerabilities.

Organizations need an action plan to respond to vulnerabilities and exposures, and should not rely on products alone for protection.

This is a people and process problem that works with technology. The Microsoft vulnerability is a significant exposure into every operating system running the NT code base from NT to 2003.




Related story
Security pros talk,
but can they walk?
A new national policy and
months of Microsoft initiative
haven't shown a significant
improvement in security.





The Cisco vulnerability is an exposure that can crash every router. Both can be devastating to enterprises if used by the miscreants of the world. Additionally, we have seen exploit code in the wild for both. Jumping on the bandwagon, as usual, are myriad security vendors claiming they have the solution to protect the enterprise.

Vendor claims are far-fetched and provide a false sense of security. No vendor today resolves these vulnerabilities, except Microsoft and Cisco with the patches they implement. Security vendor solutions may hold back the evil hordes of hackers should they come knocking, but the deviant will break through given enough time and motive.

The only true answer is to patch systems. Organizations should focus on the process and policy portion of security as much or more than the technology aspect. Do not put blind trust into security vendor claims of protection, rather, honestly evaluate how the product works and the time it potentially buys you.

Develop a patch management process based on business risk so the critical business applications and support systems (e.g., network, desktop) are expedited and patched in accordance with the risk the organization faces.




Steve Jones
sjones@sqlservercentral.com
http://www.sqlservercentral.com/columnists/sjones
www.dkranch.net

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search