Tag Archives: security

Delaying Patches is Problematic

I was listening to a DevOps podcast from Josh Corman, of Rugged Software. Rugged Software aims to improve security by asking developers and sysadmins to adhere to their manifesto, which recognizes both the importance of software in the modern world, … Continue reading

Posted in Editorial | Tagged , | Leave a comment

Do I have a Database Master Key in a database? #SQLNewBlogger

Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers. How can I tell if I have a Database Master Key in a database? It’s actually easy. I query … Continue reading

Posted in Blog | Tagged , , , | Leave a comment

Securing Your Instances

I wrote a post about finding the port number of a SQL instance using PowerShell. Almost immediately I was taken to task by someone that noted port scanners can easily find SQL ports, so it’s silly to move off 1433. … Continue reading

Posted in Editorial | Tagged , | Leave a comment

Backup Data Security

It seems there is no end to the insecure ways in which people manage data. I haven’t seen this one before, but I’m sure it’s happened. In fact, I bet it’s happening right now in more than one company. A … Continue reading

Posted in Editorial | Tagged | Leave a comment

Post TDE–Getting Unencrypted Backups

I saw a question posted recently about someone that had disabled TDE and was still having issues restoring a backup. This doesn’t seem like that should be an issue, but it can be. A little testing shows how. Let’s assume … Continue reading

Posted in Blog | Tagged , , , | 1 Comment

Wow. Just Wow

Wow. Just Wow. Yes, I meant to use a capital letter there. The Red Cross’ Blood Service in Australia had database backups on a website that anyone could access. That means that anyone could download the backup, which contained PII … Continue reading

Posted in Editorial | Tagged , | Leave a comment

Creating a Logon Trigger–#SQLNewBlogger

Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers. Suppose you want to audit logins for your SQL Server instance. There are multiple ways to do this, but … Continue reading

Posted in Blog | Tagged , , , | 2 Comments

Who’s Touching My Database

Abstract: As databases become more critical to the operation of our organizations, we are being asked to audit and report on access to both data and the configuration of our systems. SQL Server has a number of features that can … Continue reading

Posted in Presentations | Tagged , ,

Coming Attacks

The pieces by Bruce Schneier related to security are fascinating. One of his latest posts looks at potential coming attacks to our Internet infrastructure, which could potentially take down parts of the worldwide network. Whether you think this is a … Continue reading

Posted in Editorial | Tagged

The Danger of xp_cmdshell

Securing a computer is a challenge. There are all sorts of potential issues in every platform, and ensuring safety for your data can be less a reflection of your ability and more the good fortune there isn’t a focused effort … Continue reading

Posted in Editorial | Tagged , | 4 Comments