Browse by Tags
All Tags »
SQL Server security (
RSS)
I had to redo SPNs today because we swapped out service accounts on some of our non-production SQL Servers. I wanted to verify that connections in bound were being made with Kerberos. If you've ever dealt with this, if the SPNs are wrong you usually...
Every so often I see a post in the forums where someone has stated they've used a Domain Admin level account to run the SQL Server service. The implications are that anyone who is a member of the sysadmin fixed server role is effectively a domain...
Andy Warren points to a TechNet article about Security by Obscurity and wanted me to post some notes. Let's start with the example they used. Rename the Administrator account: I agree with Roger's take. We intentionally rename the administrator...
I have a CTP of SSRS 2008 deployed to one of my servers. Today I built a couple of reports and from one of my systems, they all tested fine. However, this system, because it is a testing server, doesn't receive the Group Policy Object (GPO) controlling...
SQL Server MVP Frank Kalis has posted a short review on How to Cheat at Securing SQL Server 2005 , a book I was able to contribute two chapters to last year. The chapters I focused on were related to Authentication and DDL Triggers . It was a great experience...
I ran across this a week or so ago. There were a couple of SQL Servers running named instances that we wanted to setup Kerberos authentication against (in the event we would use Kerberos delegation). Here is how the ports were set according to SQL Server...
I was able this Saturday to head down to Jacksonville and speak at the SQL Saturday there. There were a lot of folks, a lot of good presentations, and the area in and around Jacksonville was gorgeous. I gave two presentations, both of them security related...
Filed under: SQL Server 2000, SQL Server 2005, Security, Conferences/User Groups, Community, SQL Server, database security, SQL Server security, SQLSaturday, Presenting, SQL Saturday
The recent slate of attacks on IIS servers don't seem to be an attack directly against IIS or against SQL Server itself. In other words, they aren't going after vulnerabilities in the server product (either one). Rather, the attacks are targeting...
I logged into Safari today to download some chapters I want to be able to review when I'm offline. I saw in the new titles there's a forthcoming book called SQL Server Forensics Analysis and it's by one of my co-authors from How to Cheat at...
The SQLSaturday in Jacksonville, Florida, will be held May 3, 2008. I'm on track now to give two security based presentations: Protecting Your SQL Server From Treasure Seekers : This presentation is geared for system administrators, DBAs, and developers...
Looks like my family and I will make the trek down to Jacksonville in May for SQLSaturday . One of my submitted presentations was selected, Trigger Happy Database Security . It'll focus primarily on the use of triggers to audit and manage SQL Server...
I'm a little late on this one, but Cesar Cerrudo has announced he's going to demonstrate exploits to Windows Server 2008, IIS 7.0, and SQL Server at the Hack in the Box conference in Dubai : Windows Server 2008, Still not totally secure The Windows...
SQL Server MVP Randy Dyess has a short webcast which provides the highlights of SQL Server 2008 security.He includes some demos which show the centralized management features inherent in SQL Server 2008. You can find it on the SQL Server Magazine's...