Blog - Title

  • SQL Server Security

    SQL Azure Security Services

    • 0 Comments
    Last week, we released SQL Azure Security Services through SQL Azure Labs. In this initial version of our labs, you can Scan your SQL Azure server or individual databases for security issues - We look for design issues, elevation issues and etc...
  • SQL Server Security

    Meet the team at SQL PASS Summit 2011

    • 0 Comments
    PASS Summit 2011 is coming to Seattle this week starting October 11 th 2011. You'll have the opportunity to meet a lot of folks from the SQL Server team during the event, and a variety of speakers that will share their experiences and delight you with...
  • SQL Server Security

    Data Hashing in SQL Server

    • 5 Comments
    A common scenario in data warehousing applications is knowing what source system records to update, what data needs to be loaded and which data rows can be skipped as nothing has changed since they were last loaded. Another possible scenario is the need...
  • SQL Server Security

    Database Engine Permission Basics

    • 7 Comments
    I am posting this on behalf of my colleague Rick Byham, a technical writer on the SQL Server Team. Database Engine permissions are managed at the server level through logins and fixed server roles, and at the database level through database users...
  • SQL Server Security

    SQL Server 2008 PCI DSS v.2.0 Whitepaper

    • 2 Comments
    If PCI compliance with SQL Server is a concern for you, then you'll probably want to check out the Deploying SQL Server 2008 R2 Based on Payment Card Industry Data Security Standards (PCI DSS) Version 2.0 white paper published by Parente Beard LLC. The...
  • SQL Server Security

    Integrity checks with EncryptByKey

    • 0 Comments
    This article is a follow up to “Prevent Tampering of Encrypted Data Using @add_authenticator Argument for ENCRYPTBYKEY” . In the last article we described a scenario where the security risk of copying encrypted data from one row to another...
  • SQL Server Security

    Prevent Tampering of Encrypting Data Using add_authenticator Argument of EncryptByKey

    • 0 Comments
    This article is one of several articles discussing some of the best practices for encrypting data. This article demonstrates how the @ add_authenticator argument of the ENCRYPTBYKEY function can help prevent tampering with encrypted data. Imagine the...
  • SQL Server Security

    Revisiting the RC4 / RC4_128 Cipher

    • 0 Comments
    The implementation of RC4/RC4_128 in SQL Server does not salt the key and this severely weakens the security of data that is encrypted using the RC4/RC4_128 algorithm. In cryptography, an initialization vector (IV) is a fixed size input to a cryptographic...
  • SQL Server Security

    Tips for using DB user with password

    • 4 Comments
    Creating DB-specific users with password on a contained DB can provide a lot of mobility for applications since it enables the possibility of moving a DB from any particular instance to another one without the need to also manually move login information...
  • SQL Server Security

    Contained Database Authentication in depth

    • 4 Comments
    To connect with contained user credentials you have to specify contained database in the connection string. If no database is specified the connection will try to do traditional authentication as a login in master database. If the database does not support...
  • SQL Server Security

    Contained Database Authentication: How to control which databases are allowed to authenticate users using logon triggers

    • 4 Comments
    With the release of Microsoft SQL Server code-name “Denali” Community Technology Preview 1 (CTP1) and the introduction of Contained Database (CDB) ( http://msdn.microsoft.com/en-us/library/ff929071(SQL.110).aspx ), we also introduced the capability...
  • SQL Server Security

    Contained Database Authentication: Monitoring and controlling contained users

    • 0 Comments
    Enabling contained database authentication on an instance allows db owners (and other privileged db users) to create and manage users who can connect to the database on the instance. However, the instance administrator (or other privileged server principal...
  • SQL Server Security

    Contained Database Authentication: Introduction

    • 0 Comments
    In Microsoft SQL Server code-name “Denali” Community Technology Preview 1 (CTP1) we introduced the Contained Database (CDB) feature. As the name suggests, self-contained database have no external dependencies. Contained databases can therefore...
  • SQL Server Security

    Guest account in User Databases

    • 4 Comments
    Andreas Wolter recently posted yet another reason to keep guest disabled on user databases in SQL Server. He also points out some reasons why developers shouldn’t have access to production systems, but I’d like to focus on the implications for guest....
  • SQL Server Security

    rand vs. crypt_gen_random

    • 0 Comments
    Many applications need to generate random data, and in order to help in this task they typically rely on pseudorandom number generators (PRNG). Typical PRNGs are deterministic in nature and therefore they are not cryptographically suitable, this is the...
  • SQL Server Security

    Security Checklists on TechNet Wiki

    • 1 Comments
    Rick Byham, our wonderful technical writer, just posted some checklists you may find useful on the TechNet Wiki . You can search the wiki for word checklist or use these links: Database Engine Security Checklist: Encrypting Sensitive Data Database...
  • SQL Server Security

    DEK and the Log

    • 5 Comments
    In my previous post I talked about DEK management and how it is stored in the database. In this post I will try to give an overview of how the database log file is encrypted by TDE and what are the implicataions of key rotations (DEK or encryptor changes...
  • SQL Server Security

    Database Encryption Key (DEK) management

    • 10 Comments
    This post will talk about DEK, what it is and how it is securely stored and managed inside a database. Before enabling TDE a DEK must be created which is used to encrypt the contents of the database. It is a symmetric key and supported algorithms are...
  • SQL Server Security

    TDE, DEK and the LOG

    • 0 Comments
    Transparent Database Encryption ( TDE ) was introduced in SQL Server 2008 to allow users to encrypt databases without affecting any applications. Before reading this blog I would suggest reading Sung Hsueh’s whitepaper on TDE and MSDN as it covers...
  • SQL Server Security

    Blocking automated SQL injection attacks

    • 4 Comments
    SQL injection attacks have been on the rise in the last two years, mainly because of automated tools. We first witnessed these automated attacks in December 2007, and since then very little has changed in the way that these attacks work. Attackers use...
  • SQL Server Security

    SQL Server Authentication Troubleshooter

    • 0 Comments
    I am posting this article on behalf of my teammate Lyudmila. A new tool to help investigate ‘Login Failed’ errors in SQL Server has been recently implemented and published on CodePlex: http://ssat.codeplex.com/ The tool is implemented in C# and...
  • SQL Server Security

    Presentation on SQL Security

    • 0 Comments
    The SQL Security Team's Raul Garcia and Il- Sung Lee are presenting at 1 PM PST today on SQL Security in an online webcast. http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032444124&Culture=en-US . Good, 300 level discussion on how to...
  • SQL Server Security

    Open positions @ SQL Server

    • 0 Comments
    We wanted to post and let everyone know that the Microsoft SQL Server Base and Infrastructure (SBIA) team is hiring for various test positions. This includes the Security team (or Core Security Infrastructure team) and several other teams who are working...
  • SQL Server Security

    RSA Conference 2010

    • 0 Comments
    If anyone is planning to attend to the RSA Conference 2010 in San Francisco, please stop by and visit us at the Microsoft SQL Server booth and to the theater sessions we have prepared for the event: Title Schedule Speaker ...
  • SQL Server Security

    HIPAA Compliance with SQL Server 2008

    • 2 Comments
    Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and Accountability Act ) from our customers than other regulations. Although there is no formal certification around HIPAA at this point, health care providers...
Page 2 of 4 (83 items) 1234