Blog - Title

  • SQL Security

    Thales/nCipher announces EKM support for SQL Server 2008

    • 2 Comments
    I'm very please to announce that last week during the RSA Conference, Thales announced their support for SQL Server 2008 with their nCipher product line of hardward security modules (HSMs) ( http://iss.thalesgroup.com/Press/Press%20Releases/2009/Thales...
  • SQL Security

    SQL Server 2008 PCI DSS v.2.0 Whitepaper

    • 2 Comments
    If PCI compliance with SQL Server is a concern for you, then you'll probably want to check out the Deploying SQL Server 2008 R2 Based on Payment Card Industry Data Security Standards (PCI DSS) Version 2.0 white paper published by Parente Beard LLC. The...
  • SQL Security

    SQL Server 2008 Compliance Guide

    • 2 Comments
    Denny Lee and JC Cannon have been hard at work producing a Compliance Guide for SQL Server 2008 , including scripts and policy files. Great resource for anyone working on compliance with SQL Server.
  • SQL Security

    Configuring SQL Audit using the Audit Dynamic Management Views

    • 2 Comments
    In SQL Audit we added 2 Dynamic Management Views (DMVs) for use with reporting and configuration that I thought could use some more explanation and examples of how we intended they be used. The first is sys.dm_audit_class_type_map. Unfortunately the terms...
  • SQL Security

    Filtering (obfuscating) Sensitive Text in SQL Server

    • 2 Comments
    A very common concern when dealing with sensitive data such as passwords is how to make sure that such data is not exposed through traces. SQL Server can detect and filter the SQL statements in traces that include the usage of DDL and built-ins (such...
  • SQL Security

    Consolidation Guidance for SQL Server

    • 2 Comments
    Sung Hsueh, a former SQL Engine Security team member, just published a whitepaper with co-authors Antony Zhong and Madhan Arumugam on Consolidation Guidance for SQL Server. Though it covers far more than just security considerations, it does outline the...
  • SQL Security

    HIPAA Compliance with SQL Server 2008

    • 2 Comments
    Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and Accountability Act ) from our customers than other regulations. Although there is no formal certification around HIPAA at this point, health care providers...
  • SQL Security

    Always Encrypted Key Metadata

    • 2 Comments
    In the previous articles on Always Encrypted, we used two sample applications (a console app and an ASP .NET web app) to demonstrate how to use Always Encrypted to protect sensitive information stored in a database. We showed a process for setting up...
  • SQL Security

    Transparent Data Encryption Preview Issues

    • 2 Comments
    As increasing numbers of customers are trying out and using our Preview of Transparent Data Encryption (TDE) for Azure SQL Database, we wanted to make you aware of a few issues some are encountering, primarily with Geo-Replication. Creating a copy...
  • SQL Security

    Encrypting Existing Data with Always Encrypted

    • 1 Comments
    As you have learned from our previous articles, Always Encrypted is a client-side encryption technology - sensitive data is transparently encrypted and decrypted within a client application by a client driver. SQL Server does not have access to plaintext...
  • SQL Security

    PCI DSS Compliance with SQL Server 2008

    • 1 Comments
    Since PCI Compliance seems to be popular subject for SQL Server users (by which I mean that a quite a few of you are forced to deal with it) here's something that may help. Parente Randolph is a PCI QSA (Qualified Security Assessor) and they recently...
  • SQL Security

    SQL Server 2008 Security Whitepapers

    • 1 Comments
    I just wanted to call attention to a few SQL Server 2008 related security papers written or reviewed by our team: Engine Separation of Duties for the Application Developer - discusses how to build applications that support role separation. Database...
  • SQL Security

    SQL Audit Buffering and Error Handling

    • 1 Comments
    I've had several questions about how exactly the buffering and error handling works in SQL Audit and thought it would help to give some more detail. For starters, let's break down the event firing workflow into the following stages: 1. Permission...
  • SQL Security

    Data Protection Day, January 28th

    • 1 Comments
    Thought some readers of this blog might be interested in Data Protection Day , tomorrow, January 28. The Council of Europe established this day to raise awareness of data privacy and data protection issues and how we, as technology professionals, can...
  • SQL Security

    Auditing in SQL Server 2008 white paper

    • 1 Comments
    In continuation to the post by Jack back in October, we've added Auditing in SQL Server 2008 to our list of security focused white papers ( http://msdn.microsoft.com/en-us/library/dd392015.aspx ). We'll let you know as more white papers are published...
  • SQL Security

    Performance of Impact of Auditing in SQL Server 2008

    • 1 Comments
    Il-Sung Lee and Art Rask’s whitepaper, Auditing in SQL Server 2008 , just hit the web. Congratulations! I just wanted to add to what Il-Sung already has said about this paper that this is a great resource that will answer some of the big questions we...
  • SQL Security

    Feedback requested: Default schemas for Windows groups

    • 1 Comments
    We would like your feedback on the scenarios where you need to assign default schemas to Windows groups. We have a post in the forums , but there has only been one reply so far. Please, if you have an opinion or even just want to express your support...
  • SQL Security

    Interested in Compliance?

    • 1 Comments
    I'm pretty sure that there are many of you who have to deal with regulatory compliance but how many of you are aware that we have a SQL Server Compliance web portal? Check out http://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx . There's a lot...
  • SQL Security

    The TRUSTWORHY bit database property in SQL Server 2005

    • 1 Comments
    In SQL Server 2005 we introduced a new database property named TRUSTWORTHY bit (TW bit for short) at the database level in order to work as a safeguard to reduce the default surface area regarding some powerful new features: EXECUTE AS USER and CLR assemblies...
  • SQL Security

    SQL Server 2005 Encryption – Encryption and data length limitations (feedback page)

    • 1 Comments
    We have received some feedback regarding the “SQL Server 2005 Encryption – Encryption and data length limitations” article, but unfortunately the owner of this blog is no longer a member of our team and we really don’t have access to it in order to answer...
  • SQL Security

    Getting started with Microsoft ® Source Code Analyzer for SQL Injection

    • 1 Comments
    Two days ago, we released Microsoft ® Source Code Analyzer for SQL Injection, June 2008 CTP which can analyze SQL injection vulnerabilities in Active Server Pages (ASP) code. In this blog, we will describe simple steps to help you start using the tool...
  • SQL Security

    Microsoft ® Source Code Analyzer for SQL Injection – July 2008 CTP

    • 1 Comments
    Today we have released an updated Community Technology Preview of Microsoft Source Code Analyzer for SQL Injection. We made the following improvements based on community feedback: Included a GUI to view warnings generated by the tool. Downgraded...
  • SQL Security

    Developing Web Apps using Always Encrypted

    • 1 Comments
    In our first post on the Always Encrypted technology, Getting Started with Always Encrypted , we showed how to develop a simple console app using Always Encrypted to protect sensitive information. In this article, we will demonstrate the process of developing...
  • SQL Security

    Security Checklists on TechNet Wiki

    • 1 Comments
    Rick Byham, our wonderful technical writer, just posted some checklists you may find useful on the TechNet Wiki . You can search the wiki for word checklist or use these links: Database Engine Security Checklist: Encrypting Sensitive Data Database...
  • SQL Security

    rand vs. crypt_gen_random

    • 0 Comments
    Many applications need to generate random data, and in order to help in this task they typically rely on pseudorandom number generators (PRNG). Typical PRNGs are deterministic in nature and therefore they are not cryptographically suitable, this is the...
Page 2 of 4 (87 items) 1234