Browse by Tags

"DevOps" (Short for Dev eloper Op eration s ) is one of a group of new terms such as "Cloud", "Big Data" and "Data Scientist" - words that are somewhere between marketing and tasks we've actually had around in other forms for years.However, working in a Distributed Environment (Both on and off premises...

I recently read a blog post from a technical professional who’s account had been hacked ( http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ ) – not because he used poor passwords or unsafe practices, but because the hackers used some social engineering to get around...

Microsoft is working on a new Windows Azure service called “Trust Services”. Trust Services takes a certificate you upload and uses it to encrypt and decrypt sensitive data in the cloud. Of course, like any security service, there’s a bit more to it than that. I’ll give you a...

(Many thanks to Peter Gvozdjak and Dan Benediktson here at Microsoft who worked with me on this issue and provided the bulk of information for this post) Recently I had a customer inquire about some performance tuning he wanted to do for SQL Azure, and as part of that he found that it was possible to...

Recently several IT industry information outlets have reported that there has been a 10-year concentrated, organized effort on breaking through computer security at some of the largest companies in the world. Government sites have also been attacked in multiple countries. Add to this the regular loss...

Recently two more large databases were attacked and compromised, one at the popular Gawker Media sites and the other at McDonald’s. Every time this kind of thing happens (which is FAR too often) it should remind the technical professional to ensure that they secure their systems correctly. If you...

Research shows that companies that are considering a “cloud” platform have various concerns, and that security is at the top of that list. I’ve put together a list of the resources I use for explaining our security posture, and the steps that you need to take to be secure in Windows...

There was a question yesterday on Twitter (hashtag #sqlhelp) wondering how to let developers create stored procedures and then grant the rights to those procedures to other people. I believe that question got answered, but it also brought up the subject of Schemas, which I've blogged about before. ...

Note: If you’re reading this more than a few months away from July of 2010, do more research. Never trust an old blog as gospel on anything, including my entries. Always refer to Books Online for the authoritative answer, and if it’s wrong, file a bug against it using the “Feedback”...

You're probably familiar with a Wiki - a document set that anyone can edit. Did you know TechNet (Microsoft's source for technical professionals) has one? And did you know there are lots of folks keeping it up to date? Well, Rick Byham, one of my friends over in the SQL Server group has posted a bunch...

I was reading this post on J.D. Meier's Blog, which deals with the “cloud” (I really dislike that term) . You might wonder what that has to do with SQL Server, since it isn’t specifically about SQL Azure. I’ll come back to that in a moment. I play a little music now and then, on the keyboards and with...

You might not have heard of as many data breaches recently as in the past. As you’re probably aware, I call them out here as often as I can, especially the big ones in government and medical institutions, because I believe those can have lasting implications on a person’s life. I think that my data is...

Periodically I back up the keys within my servers and databases, and when I do, I blog a reminder here. This should be part of your standard backup rotation – the keys should be backed up often enough to have at hand and again when they change. The first key you need to back up is the Service Master...

Did you know that you already have a Server Master Key (SMK) generated for your system? That’s right – while a Database Master Key (DMK) is generated when you encrypt a certificate or Asymmetric Key with code, the Server Master Key is generated automatically when you start the Instance. So you should...

SQL Server runs under the aegis of a “service” in Windows. That means it’s running in the background all of the time. A Service in Windows requires the ability to “log on” to the system – even if you don’t see that happening. Which brings us to this post. First, you should use a regular, low-privileged...

Well, It’s happened again. Hundreds of thousands of private records were stolen from a database . This one, however, was different. No one stole any passwords, no one did any social engineering, nothing was captured in-line. No, this one was accomplished by stealing the actual hard drives themselves...

SQL Server has two major security vectors: “Principals”, which are primarily users and roles (groups), and “Securables”, which are primarily objects on the server or in the database, like tables or views. Many applications use Logins for their users, and then tie those Instance Logins to Database Users...

Well, the media has done their usual stellar job on computer technology subjects, so after this weekend you may have gotten some questions about the Conficker worm. Here's a few pointers to hand out to the relatives and associates: Microsoft released an out of band security bulletin last October that...

I was asked yesterday about sharing my security links for SQL Server, so I thought I would post those here: Microsoft Security Bulletin Summaries and Webcasts SQL Server 2000 security tools Security checklists – SQL Server 2000 (can be used as a guideline for other versions of SQL Server) ...

One of the biggest issues in compliance is finding out who has permissions to what. And once you're done with that, you need to track when that changes. PowerShell to the rescue!  Here's what I'm using for that: 1: # Scripting database objects: 2: # Delete the old script file. 3: Remove...

The other day I made a post that mixed a couple of concepts. I mentioned that you should always use a separate set of Windows accounts for the SQL Server Engine and Agent services. I also mentioned security ramifications. The fact that the SQL Server Engine and Agent have different accounts does not...

If you have encrypted columns in a database or certificates used to create them, you need to make sure that you back up the Database Master Key as part of your maintenance, and then protect that backup file. Here's the short version of the command: BACKUP MASTER KEY TO FILE = '<complete path and filename>...

When I'm asked what the least-used feature of SQL Server is, I often have to reply that it is "good security". Many installations take all the default settings, and most use programmatic security rather than the features built in to SQL Server. This is especially true of the service accounts...

There's a new Microsoft security bulletin you should be aware of before you take off on vacation. It isn't an open exploit; you have to be an authenticated user to try it. Not only that, if you have all the latest service packs or SQL Server 2008 you don't have the issue. It has to do with the sp_replwritetovarbin...

If your company uses laptops (and of course they do) make sure that the data on them is secure, especially if you're using replication in SQL Server to store data on them. Here at Microsoft I use Vista on my laptop with Bitlocker - a free, easy-to-use solution keeps my data on the hard drive encrypted...