SQL Server Security
Browse by Tags
Compliance
Cryptography
Execution context
firewall
Microsoft Source Code Analyzer for SQL Injeciton
network security
SQL Injection ASP
Consolidation Guidance for SQL Server
Sung Hsueh, a former SQL Engine Security team member, just published a whitepaper with co-authors Antony Zhong and Madhan Arumugam on Consolidation Guidance for SQL Server. Though it covers far more than just security considerations, it does outline the
Read More...
How To: Share a Single EKM Credential among Multiple Users
SQL Server Extensible Key Management (EKM) requires the authentication information (user/password) to be stored in a credential mapped to the primary identity. This version of EKM cannot be used under an impersonated context; that is, you cannot access
Read More...
Filtering (obfuscating) Sensitive Text in SQL Server
A very common concern when dealing with sensitive data such as passwords is how to make sure that such data is not exposed through traces. SQL Server can detect and filter the SQL statements in traces that include the usage of DDL and built-ins (such
Read More...
Link to Lyudmila’s blog
My teammate Lyudmila is maintaining her own TechNet blog where she writes articles related to SQL Server security. You can access her blog at http://blogs.technet.com/lyudmila_fokina . Her blog is written in Russian, but the samples she includes should
Read More...
Arx the latest vendor to support EKM
With the increasing popularity of the EKM feature in SQL Server 2008, more vendors are adding their support for this great feature. I'm very happy to announce that Arx has just announced their releaese of their EKM provider dll: http://www.arx.com/about/PR/PR-PrivateServer-HSM-Secures-Sensitive-Information-for-Microsoft-SQL-Server-2008.php
Read More...
How To Choose Audit Action Group When Using Auditing in SQL Server 2008
SQL Sever 2008 introduces auditing feature which can audit both server-level events and database-level events and several specific database actions. Please check http://msdn.microsoft.com/en-us/library/cc280386.aspx for more details. One difficulty the
Read More...
Thales/nCipher announces EKM support for SQL Server 2008
I'm very please to announce that last week during the RSA Conference, Thales announced their support for SQL Server 2008 with their nCipher product line of hardward security modules (HSMs) ( http://iss.thalesgroup.com/Press/Press%20Releases/2009/Thales%20Hardware%20Security%20Modules%20integrate%20with%20Microsoft%20SQL%20Server%202008.aspx
Read More...
PCI DSS Compliance with SQL Server 2008
Since PCI Compliance seems to be popular subject for SQL Server users (by which I mean that a quite a few of you are forced to deal with it) here's something that may help. Parente Randolph is a PCI QSA (Qualified Security Assessor) and they recently
Read More...
SQL Server EncryptByKey cryptographic message description
Since the introduction of SQL Server 2008 extensible key management (EKM), new opportunities may arise to handle data encryption on the client while still making the plaintext data accessible to authorized users in SQL Server. One issue between SQL Server
Read More...
Enforce Windows Password Policy on SQL Server Logins
If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is worth to remind that SQL server does provide the option of enforcing window password policy on SQL logins. When creating a SQL login you can specify CHECK_POLICY=on,
Read More...
Interested in Compliance?
I'm pretty sure that there are many of you who have to deal with regulatory compliance but how many of you are aware that we have a SQL Server Compliance web portal? Check out http://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx . There's a lot
Read More...
Feedback requested: Default schemas for Windows groups
We would like your feedback on the scenarios where you need to assign default schemas to Windows groups. We have a post in the forums , but there has only been one reply so far. Please, if you have an opinion or even just want to express your support
Read More...
Performance of Impact of Auditing in SQL Server 2008
Il-Sung Lee and Art Rask’s whitepaper, Auditing in SQL Server 2008 , just hit the web. Congratulations! I just wanted to add to what Il-Sung already has said about this paper that this is a great resource that will answer some of the big questions we
Read More...
Auditing in SQL Server 2008 white paper
In continuation to the post by Jack back in October, we've added Auditing in SQL Server 2008 to our list of security focused white papers ( http://msdn.microsoft.com/en-us/library/dd392015.aspx ). We'll let you know as more white papers are published.
Read More...
Data Protection Day, January 28th
Thought some readers of this blog might be interested in Data Protection Day , tomorrow, January 28. The Council of Europe established this day to raise awareness of data privacy and data protection issues and how we, as technology professionals, can
Read More...
More Posts
Next page »
Search
This Blog
Home
Email
Tags
Compliance
Cryptography
Execution context
firewall
Microsoft Source Code Analyzer for SQL Injeciton
network security
SQL Injection ASP
Archives
November 2009 (1)
October 2009 (1)
June 2009 (2)
May 2009 (2)
April 2009 (2)
March 2009 (4)
February 2009 (2)
January 2009 (3)
December 2008 (3)
November 2008 (1)
October 2008 (2)
August 2008 (1)
July 2008 (2)
June 2008 (2)
March 2008 (1)
January 2008 (1)
December 2007 (1)
November 2007 (1)
Links of Interest
Laurentiu Cristofor's Blog
Raul Garcia's Blog
SQL Security Forum
SQL Server Katmai Security
SQL Protocols
Connect - SQL Server
Lyudmila Fokina's Blog
Syndication
RSS 2.0
Atom 1.0
