SQL Server Security: 3 Homework Assignments to Start Today
Straight Path Solutions - SQL Server Consulting
by Mike Walsh
2w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. Thanks for tuning into our posts for the 30 SQL Server security checks in 30 days series this month. I want to recap the entire month of posts with a few homework assignments to get you started today. Assignment #1 – Change your mindset. We’ve talked about a lot of the checks in our sp_CheckSecurity tool ..read more
Visit website
SQL Injection: Deconstructing an Attack
Straight Path Solutions - SQL Server Consulting
by Mike Walsh
2w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. As we wrap up our month of posts about SQL Server security and information about our SQL Server security checks, let’s talk about SQL Injection. We’ll deconstruct a pattern of attack we’ve seen before, and talk about prevention and awareness. SQL Injection has been around long before xkcd gave us Little ..read more
Visit website
Enhancing SQL Server Security: Reviewing and Optimizing Audits
Straight Path Solutions - SQL Server Consulting
by David Seis
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. Audits are a crucial component of SQL server that helps to ensure the security and integrity of your data. SQL Server built in auditing functionality, in particular, provides a robust framework for tracking and logging events occurring in the database engine. However, it’s not enough to merely set up the ..read more
Visit website
Your SQL Server Database Owner Might be Causing Privilege Escalation
Straight Path Solutions - SQL Server Consulting
by Jeff Iannucci
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. SQL Server database ownership may seem like an insignificant concern, but choosing the wrong owner for your database can be a main contributor to security disasters like ransomware. Let’s talk a bit about how to choose an owner that doesn’t create a huge security vulnerability for you and your SQL Server ..read more
Visit website
What the SQL Server TDE Certificate Expiration Date Does (and does not) Mean
Straight Path Solutions - SQL Server Consulting
by Mike Lynn
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. Transparent Data Encryption uses certificates in its architecture for protecting your data while at rest. One attribute of a certificate is they have an expiration date. Certificates expire for a couple reasons, but the main reason is to enforce security. When a website certificate expires it forces the ..read more
Visit website
The Real Danger Regarding the xp_cmdshell Setting
Straight Path Solutions - SQL Server Consulting
by Jeff Iannucci
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. When considering database security, you might find stories of data breaches involving SQL Server with reports like this. “The researchers note that the ransomware infection starts with the MS-SQL process on the compromised machine downloading a .NET file using cmd.exe and powershell.exe.” That ..read more
Visit website
Fixing SQL Server Vulnerabilities With GDRs
Straight Path Solutions - SQL Server Consulting
by Jeff Iannucci
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. For many years, SQL Server updates were an odd mix of “Service Packs” (SPs) and “Cumulative Updates” (CUs) – which weren’t completely cumulative – with each release including some number of security updates, added features, and hotfixes. Deciding what and when to apply was all a bit of a guessing game, a ..read more
Visit website
The Case for Auditing Your SQL Server Login Failures
Straight Path Solutions - SQL Server Consulting
by David Seis
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. Login failures are something we expect to see every once in a while, and it may even become something that we ignore completely unless we have some sort of auditing system to count exactly how many have occurred recently. I am writing this post to provide you a few tips and tricks when it comes to login ..read more
Visit website
Understanding and Managing SQL Server Error Log
Straight Path Solutions - SQL Server Consulting
by David Seis
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. SQL Server offers a robust logging mechanism known as the SQL Server Error Log. This log plays a crucial role in troubleshooting, auditing, and ensuring the smooth operation of your SQL Server instances. You can explore the SQL server error log through SQL Server Management Studio in the management folde ..read more
Visit website
OLE Automation: Just As Much Vulnerability As xp_cmdshell
Straight Path Solutions - SQL Server Consulting
by Jeff Iannucci
3w ago
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. It’s rare to see OLE Automation procedures enabled on a SQL Server instance. Most folks aren’t using these specially system procedure because they didn’t have a need to use them, have a compliance requirement that prohibits using them, or they tried using them and had adverse results. As the Microsoft do ..read more
Visit website

Follow Straight Path Solutions - SQL Server Consulting on FeedSpot

Continue with Google
Continue with Apple
OR