Tag Archives: security

Wow. Just Wow

Wow. Just Wow. Yes, I meant to use a capital letter there. The Red Cross’ Blood Service in Australia had database backups on a website that anyone could access. That means that anyone could download the backup, which contained PII … Continue reading

Posted in Editorial | Tagged , | Leave a comment

Creating a Logon Trigger–#SQLNewBlogger

Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers. Suppose you want to audit logins for your SQL Server instance. There are multiple ways to do this, but … Continue reading

Posted in Blog | Tagged , , , | 2 Comments

Who’s Touching My Database

Abstract: As databases become more critical to the operation of our organizations, we are being asked to audit and report on access to both data and the configuration of our systems. SQL Server has a number of features that can … Continue reading

Posted in Presentations | Tagged , , | Leave a comment

Coming Attacks

The pieces by Bruce Schneier related to security are fascinating. One of his latest posts looks at potential coming attacks to our Internet infrastructure, which could potentially take down parts of the worldwide network. Whether you think this is a … Continue reading

Posted in Editorial | Tagged | Leave a comment

The Danger of xp_cmdshell

Securing a computer is a challenge. There are all sorts of potential issues in every platform, and ensuring safety for your data can be less a reflection of your ability and more the good fortune there isn’t a focused effort … Continue reading

Posted in Editorial | Tagged , | 4 Comments

Encryption Keys Matter

Perhaps the importance of protecting encryption keys is even greater than we realize. It appears that the NSA and the US Government have been able to read encrypted traffic for some time on the Internet, perhaps for most of the last … Continue reading

Posted in Editorial | Tagged , | 4 Comments

Separate Accounts

This editorial was originally published on Aug 10, 2012. It is being re-run as Steve is on vacation. Many years ago I worked in a small company that only had about 5 or 6 servers. We had one system administrator … Continue reading

Posted in Editorial | Tagged

Security Leaks from Websites

One of the main issues with connecting databases to the Internet is that if a hacker finds a way to get access to the database with credentials, perhaps using a well known account (*cough* sa *cough*) and a weak password, … Continue reading

Posted in Editorial | Tagged | 1 Comment

Keyboard Hardlines

A few years ago, I had a keyboard die. At the time, I needed something quickly and ended up with a Logitech wireless model that included a mouse. I’m not sure of which model, but I’ve ended up getting two … Continue reading

Posted in Editorial | Tagged | 2 Comments

Passwords Under Pressure

What should we do about passwords? They’re a thorn in the side of administrators trying to keep systems secure, but they’re also an issue for users. Not for most of our users, but certainly for some. In hospitals, or other … Continue reading

Posted in Editorial | Tagged