We are solidly in the age of the data breach, and companies are justifiably nervous. But not nearly nervous enough. “As with any security issue, a full review of all companies, systems, third-party applications and related IT solutions must be completed before final determinations can be made.”
Category: Security
SQL Server Security on the Ground
Today we’re going to hit my top 5 – well, top 6 – boots-on-the-ground security tips for SQL server. First, though… I’m pleased as punch to invite you to our next live webinar on April 21: Jen and Sean’s All-Time 5 Favorite SQL Server Security Tactics! Register: www.tinyURL.com/2022-03-LearnSQL
UNDERSTANDING SQL SERVER SECURITY: Secure xp_cmdshell with the Microsoft Master’s guide (in 4 not-so-easy steps)
Quite a lot of data folks are reasonably concerned with the possible security holes that xp_cmdshell could introduce.
Audit Logons with Extended Events
Some time ago, I wrote an article for SQL Server 2008 to help determine the use of the server since SQL Server 2008 was reaching End Of Life. In that article, I shared a reasonable use of server side trace to capture all of the logon events to the server. Afterall, you have to find…
Restrict the usage of a SQL Server Authenticated Application Id
SQL Server login ids may not be the most secure thing in the world but they are likely to be around for quite a while and one of the more common uses of them is as an application id. An application uses a SQL Server id to connect to SQL and then controls its own…
Quiz: How well do you know security best practices?
Check out our new quiz. Quiz #3: How well do you know security best practices? In case you missed any of our previous quizzes, they can all be found here: All Quizzes.
I’m the new DBA, and I’m locking down development servers
Many times, I’ve started with a company as one of their first, if not the first DBA. They’ve acquired enough servers now, with enough data moving around, that they just can’t continue as they are. There’s no shortage of developers to can write stored procedures or SSIS packages, or to write a new page for…
5 Tips for Friday: Security
Today I am starting a new series called 5 Tips for Friday. Every Friday, I will post 5 best practice tips for a particular subject. For the inaugural 5 Tips for Friday, I am going to post tips about Security. Don’t use impersonation: Unfortunately, some people think that the recommendation to use Windows authentication means…
Why is a Windows authenticated login more secure than a SQL authenticated one?
I had this question come up at work the other day and while I knew it was true I wasn’t as sure about why as I’d like. The person I was working with wanted a real answer, not just Because I say so, so off to the internet I went. What I knew before I…
What Really Causes Performance Problems?
Every IT shop has its problems with performance: some localized, and some that span a server, or even multiple servers. Technologists tend to treat these problems as isolated incidents – solving one, then another, and then another. This happens especially when a problem is recurring but intermittent. When a slowdown