Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security
Monday, March 30, 2009 7:39 AM

Security Patches and the Conficker Worm

Well, the media has done their usual stellar job on computer technology subjects, so after this weekend you may have gotten some questions about the Conficker worm. Here's a few pointers to hand out to the relatives and associates: Microsoft released
Posted by Buck Woody | 1 Comments
Thursday, March 26, 2009 7:42 AM

SQL Server Security Links

I was asked yesterday about sharing my security links for SQL Server, so I thought I would post those here: Microsoft Security Bulletin Summaries and Webcasts SQL Server 2000 security tools Security checklists – SQL Server 2000 (can be used as a guideline
Posted by Buck Woody | 1 Comments
Monday, February 09, 2009 11:17 AM

PowerShell Script of the Week - Script and Compare Permissions

One of the biggest issues in compliance is finding out who has permissions to what. And once you're done with that, you need to track when that changes. PowerShell to the rescue!  Here's what I'm using for that: 1: # Scripting database objects: 2:
Posted by Buck Woody | 1 Comments
Tuesday, January 13, 2009 7:51 AM

Service Accounts Redux

The other day I made a post that mixed a couple of concepts. I mentioned that you should always use a separate set of Windows accounts for the SQL Server Engine and Agent services. I also mentioned security ramifications. The fact that the SQL Server
Posted by Buck Woody | 1 Comments
Filed under: ,
Tuesday, January 06, 2009 7:33 AM

Have You Backed Up Your Database Master Key?

If you have encrypted columns in a database or certificates used to create them, you need to make sure that you back up the Database Master Key as part of your maintenance, and then protect that backup file. Here's the short version of the command: BACKUP
Posted by Buck Woody | 1 Comments
Monday, January 05, 2009 7:40 AM

Another Reason to Use A Special Service Account

When I'm asked what the least-used feature of SQL Server is, I often have to reply that it is "good security". Many installations take all the default settings, and most use programmatic security rather than the features built in to SQL Server.
Posted by Buck Woody | 1 Comments
Tuesday, December 23, 2008 7:19 AM

Security Warning for sp_replwritetovarbin

There's a new Microsoft security bulletin you should be aware of before you take off on vacation. It isn't an open exploit; you have to be an authenticated user to try it. Not only that, if you have all the latest service packs or SQL Server 2008 you
Posted by Buck Woody | 1 Comments
Filed under: ,
Tuesday, November 25, 2008 6:31 AM

Secure those Laptops

If your company uses laptops (and of course they do) make sure that the data on them is secure, especially if you're using replication in SQL Server to store data on them. Here at Microsoft I use Vista on my laptop with Bitlocker - a free, easy-to-use
Posted by Buck Woody | 2 Comments
Filed under: , ,
Wednesday, October 08, 2008 7:08 AM

Spreading the Security Wealth

When I first started at Microsoft, I worked a couple of projects with the SQL Server Security team - and I really enjoyed that group. They are a very smart, fun group of folks to hang around with. Plus, they are really good at math! Anyway, they wrote
Posted by Buck Woody | 1 Comments
Filed under: ,
Thursday, August 28, 2008 6:53 AM

Backup those Keys

I'm working on a Policy that will expose a particularly thorny issue. In SQL Server 2008, you can use a new feature called Transparent Data Encryption (TDE). This feature encrypts the entire database, so you don't have to change your application at all.
Posted by Buck Woody | 2 Comments
Wednesday, July 09, 2008 10:11 AM

Security Bulletin for SQL Server 2005

You might notice that I blog quite often about security here, even though I'm on the management team. The reason is that over the years as a DBA I've seen so many shops that don't take care of the basics, so I think you just can't talk about it enough.
Posted by Buck Woody | 1 Comments
Wednesday, June 25, 2008 9:07 AM

Stopping SQL Injection in its Tracks

I will be getting back to the "Day in the Life of the DBA" series of posts, but I got this from the security folks today and thought I would share it: Today the MSRC in collaboration with SQL Server, IIS, and Hewlett Packard published Microsoft Security
Posted by Buck Woody | 2 Comments
Filed under: ,
Friday, May 30, 2008 3:12 PM

SQL Injection Attacks

You might have read recently that there have been ongoing SQL injection attacks against vulnerable web applications occurring over the last few months. These attacks have received recurring attention in the press as they pop up in various geographies
Posted by Buck Woody | 5 Comments
Monday, September 17, 2007 6:52 AM

Script of the day - Fix orphaned logins

You may have had the problem where you move a database from one server to another and lose the ability for the users to log in. This happens because the SID values in the master database don't match the SID values in the user database, even if the same
Posted by Buck Woody | 1 Comments
Monday, August 27, 2007 8:18 AM

Speeding up encryption

A friend of mine from Tampa, Florida wrote me the other day with an interesting observation: "I have a small finding and don't know where to publish it. Maybe you can help get the word out via your blog? OPEN SYMMETRIC KEY is somewhat costly to execute.
Posted by Buck Woody | 2 Comments
More Posts Next page »
 
Page view tracker