Wednesday, August 27, 2008     | Register

Site Feeds

Popular Downloads

Securing SQL Server

 

Alternatives to xp_cmdshell

 

Raul Garcia offers some alternatives to enabling the potentially dangerous xp_cmdshell including CLR and TSQL with EXECUTE AS ... Source : MSDN Blogs - Raul Garcia - Blog Post

 

 

SQL Injection

 

In this post, Aaron uses a recent article on a "Massive Injection attack" to highlight some best practices in locking down SQL Server to prevent similar injection attacks ... Source : Aaron Bertrand - SQLBlog.com - Blog Post

 

 

Source Code Analyzer for SQL Injection

 

To help against the increasing amount of SQL Injection attacks, Microsoft has released a tool to analyze ASP and ASP.NET source code for SQL Injection vulnerabilities. This blog post provides a link the download along with a description of the tool including code examples for analyzing directories of multiple asp files. ... Source : Microsoft.com - MSDN Blog Post

 

 

SQL Server & Firewalls

 

With Windows Server 2008 being the first Server OS to enable the Windows Firewall by default, now is a great time to review the SQL Server firewall strategy. This post provides a five step approach for achieving best practice firewall configuration for SQL Server ... Source : Microsoft.com - MSDN Blog Post

 

 

Security Vulnerabilities

 

A great article containing various techniques used for injection, brute force, port scanner and xp_cmdshell attacks. Some scary reading here …. ... Source : oWasp.org - Article

 

 

The TRUSTWORHY bit database property in SQL Server 2005

 

Raul offers some best practices regarding the use of the Trustworthy bit property introduced in SQL 2005. ... Source : MSDN Blogs - Raul Garcia - Blog Post

 

 

SIDs, Orphaned Users and users without a login

 

Laurentiu addresses some common misconceptions about orphaned and login-less users that result from moving databases between servers and/or deleting logins ... Source : MSDN Blogs - Laurentiu Crisofor - Blog Post

 

 

pwdencrypt and pwdcompare

 

Laurentiu takes use through the details of using the undocumented commands pwdencrypt and pwdcompare and how they can be used to identify weak SQL passwords ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

SQL Server 2005 Security Best Practices - Operational and Administrative Tasks

 

This white paper covers some of the operational and administrative tasks associated with SQL Server 2005 security and enumerates best practices and operational and administrative tasks that will result in a more secure SQL Server system ... Source : Microsoft.com - Technet Article

 

 

Microsoft IT Showcase ; Improving Data Security by Using SQL Server 2005

 

Detailed discussion describing how Microsoft IT uses SQL Server 2005 to improve data security for its line-of-business applications. SQL Server 2005 enabled Microsoft IT to implement column-level encryption together with a robust, and yet easy-to-use encryption key management framework ... Source : Microsoft.com - Download

 

 

SQL Server 2000 Security Checklist

 

Provides a summary of best practices for SQL Server 2000 and links to in depth security articles ... Source : Microsoft.com - Technet Article

 

 

Malware and Virus Protection

 

Malware to Attack Databases

 

This paper is about Data0, a fictitious malware that will automatically hack database servers and steal their data. Several techniques used by Data0 will be detailed. While Data0 could be used by the bad guys for evil purposes, it could also be used by security professionals and organizations to determine how strong networks, workstations, database servers, etc. are against this kind of attack. This paper is not intended to be a cook book for cyber criminals, it's intended to show people that by implementing simple techniques malware can become “smarter” and cause a lot more damage in the very near future ... Source : argeniss.com

 

 

Encryption, C2 & FIPS

 

Password Authentication

 

Laurentiu compares 4 methods for password authentication; store clear, store encrypted, store hash and store salted hash ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

Encryption Techniques Compared

 

A great article on MSDN comparing various data encryption techniques. Transparent Data Encryption in 2008 is compared with cell level encryption in 2005 (also supported in 2008) as well as BitLocker and EFS ... Source : Microsoft.com - Article

 

 

Why you should not encrypt data with certificates

 

In this blog post, Laurentiu argues the case to only encrypt data in SQL 2005 using symmetric keys ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

How to determine the size of Encrypted Data

 

Encrypted data is larger than unencrypted data. But how much larger? ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

Restoring databases in SQL 2005 that use encryption

 

If the Service Master Key (SMK) is dropped for tighter control it needs to be regenerated following a database restore. Laurentiu takes us through the process in this blog post. Update: How to recover when the service master key (SMK) is not accessible  ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

How SQL Server uses Certificates

 

How does SQL Server use Certificates internally to encrypt data? Laurentiu explains in this Blog Post ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

SQL Encryption

 

Microsoft Whitepaper that explores the encryption features in SQL Server 2005 ... Source : Microsoft.com - Download

 

 

SQL Server 2000 C2 Administrator's and User's Security Guide

 

This book is designed to help you install and use a C2-level certified SQL Server ... Source : Microsoft.com - Technet Article

 

 

Using SQL Server in FIPS Compliance Mode

 

FIPS stands for Federal Information Processing Standard. A FIPS is a standard developed by two government bodies. One is NIST, the National Institute of Standards and Technology, in the United States. The other is CSE, the Communications Security Establishment, in Canada. FIPS are standards that are either recommended or mandated for use in federal (either U.S. or Canadian) government-operated IT systems ... Source : Microsoft.com - Knowledge Base Article

 

Can encryption make you more vulnerable?

 

Laurentiu blogs about a recent article that argues how encrypting data may actually increase vulnerability. An excellent read ... Source : Laurentiu Christofor - msdn.com - Blog Post

 


Copyright (c) 2008 sqlCrunch.com   |  Privacy Statement  |  Terms Of Use