acheter chaussures christian louboutin 2014

acheter chaussures puma 2014

acheter chaussures nike air jordan 2014



 
  
Monday, November 24, 2014     | Register
Login Security

 

My Kerberos Checklist…

 

Kerberos….. The dreaded K word …. Adam Saxton de-mystifies the beast in this great post ... Source : Adam W. Saxton - CSS SQL Server Engineers - Blog Post

 

 

Unravelling Active Directory

 

Understanding how a user has access to a database can be difficult when multiple levels of Active Directory group membership is involved. In this post, Linchi provides a perl script to make this process much easier ... Source : Linchi Shea - SQLBlog.com

 

 

Logins, Users and SIDs

 

In this post, Greg walks us through a number of options for linking users and logins whose SID values have been displaced ... Source : Greg Low - SQLBlog.com

 

 

Listing Objects Owned by a Server Principal

 

Brian shares a script which can be used to list all objects owned by a given login in any database ... Source : K. Brian Kelley - SQLServerCentral.com

 

 

Limiting connections to a specific application

 

Aaron lets us in on a little known SQL Server feature; the ability to restrict connections to a particular application ... Source : Aaron Bertrand - SQLBlog.com

 

 

Configuring Kerberos Authentication

 

Brian does a great job of tackling a tricky and often misunderstood topic; Kerberos Authentication ... Source : K. Brian Kelley - SQLServerCentral.com

 

 

Public Role Permissions

 

A number of security breaches originate from the public role having too many permissions. In this post, Tim shares a script which lists the permissions granted to this role ... Source : Tim Ford - mssqltips.com

 

 

Row Level Security

 

For certain environments and applications, row level security, that is, blocking access to particular rows for given users, is crucial. In this article, Brian discusses a number of techniques for implementing this ... Source : K. Brian Kelley - SQLPass.org

 

 

Alerts for Repeated Login Failures

 

A great example of the power of combining monitoring and automation; in this article, David walks us through the process of setting up monitoring and alerts for repeated login failures ... Source : David Bird - SQLTeam.com

 

 

Windows Groups; Management Challenges for SQL Server Logins

 

The Windows Authentication mode allows logins to be defined for both Windows users and groups. As Laurentiu points out in this blog post, whilst adding Windows Groups can simplify management, they come with some additional considerations, particularly around object ownership and default databases/schemas ... Source : Laurentiu Cristofor - MSDN.com - Blog Post

 

 

SIDs, Orphaned Users and users without a login

 

Laurentiu addresses some common misconceptions about orphaned and login-less users that result from moving databases between servers and/or deleting logins ... Source : MSDN Blogs - Laurentiu Crisofor - Blog Post

 

 

pwdencrypt and pwdcompare

 

Laurentiu takes us through the details of using the undocumented commands pwdencrypt and pwdcompare and how they can be used to identify weak SQL passwords ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 


Auditing

 

SQL Server 2008 Auditing Whitepaper

 

The SQL Server 2008 Auditing Whitepaper. Includes coverage of the performance impact of auditing under various workloads ... Source : MSDN.com - Whitepaper

 

 

Auditing in SQL Server 2008

 

Need to audit select statements on a specific table? In SQL 2005, this was not possible without 3rd party tools or using stored procs to create a custom solution. In 2008, we can use the new and enhanced auditing feature, as Aaron points out in this posting ... Source : Aaron Bertrand - SQLblog.com - Blog Post

 

 

SQL Audit Buffering and Error Handling

 

The new SQL Audit Feature in SQL Server 2008 provides significant auditing improvements over earlier versions. The focus of this post is on the buffering and error handling aspects including coverage of the impacts of the QUEUE_DELAY setting ... Source : SQL Server Security Blog - MSDN.com - Blog Post

 

 

Tuning Change Data Capture Performance

 

This whitepaper describes methods for maximizing the performance of Change Data Capture implementations ... Source : SQLCat.com - Whitepaper

 

 

Standardized SQL Server 2008 Audit

 

Lara provides several scripts to help get us started on creating standardized SQL Server audits ... Source : Lara Rubbelke - SQLBlog.com

 


SQL Injection, Malware & Viruses

 

One of the (many) benefits of Stored Procedures

 

In addition to reducing Adhoc SQL induced cache bloat, Stored Procedures increase security by avoiding the need to grant permissions to underlying tables. In this post, Tony Rogerson uses an example of a recent SQL Injection Robot to highlight this point ... Source : Tony Rogerson - SQLBlogcasts.com - Blog Post

 

 

Source Code Analyzer for SQL Injection

 

To help against the increasing amount of SQL Injection attacks, Microsoft has released a tool to analyze ASP and ASP.NET source code for SQL Injection vulnerabilities. This blog post provides a link the download along with a description of the tool including code examples for analyzing directories of multiple asp files. ... Source : Microsoft.com - MSDN Blog Post

 

 

Web Application Firewalls

 

SQL Server MVP Jason Massie discusses a (temporary) alternative to editing large amounts of ASP code to prevent SQL Injection Attacks ... Source : Jason Massie - StatisticsIO.com - Blog Post

 

 

SQL Rover

 

SQL Rover will recursively search through a directory, generally your IIS log directory, and look inside of the logs for possible SQL Injections ... Source : Codeplex.com

 

 

Security Vulnerabilities

 

A great article containing various techniques used for injection, brute force, port scanner and xp_cmdshell attacks. Some scary reading here …. ... Source : oWasp.org - Article

 

 

Malware to Attack Databases

 

This paper is about Data0, a fictitious malware that will automatically hack database servers and steal their data. Several techniques used by Data0 will be detailed. While Data0 could be used by the bad guys for evil purposes, it could also be used by security professionals and organizations to determine how strong networks, workstations, database servers, etc. are against this kind of attack. This paper is not intended to be a cook book for cyber criminals, it's intended to show people that by implementing simple techniques malware can become “smarter” and cause a lot more damage in the very near future ... Source : argeniss.com

 

 

SQL Injection

 

In this post, Aaron uses a recent article on a "Massive Injection attack" to highlight some best practices in locking down SQL Server to prevent similar injection attacks ... Source : Aaron Bertrand - SQLBlog.com - Blog Post


Firewalls & Network Configuration

 

The Database Exposure Survey 2007

 

A frightening read which highlights the number of internet exposed database servers ... Source : Next Generation Security Software - ngssoftware.com

 

 

Troubleshooting Kerberos Issues

 

In this article, Adam Saxton starts down the long road of double-hop troubleshooting by providing a gentle introduction to Kerberos, and how to recognize Kerberos SQL related issues ... Source : Adam Saxton - Microsoft SQL Server Support Blog - Blog Post

 

 

TCP Port Assignment

 

When choosing a static TCP port for a SQL Instance, care should be taken to avoid port numbers used by other applications. This resource from Iana.org lists all registered application port numbers and points out the safe range (49152 through 65535) for private port assignment ... Source : iana.org

 

 

SQL Server & Firewalls

 

With Windows Server 2008 being the first Server OS to enable the Windows Firewall by default, now is a great time to review the SQL Server firewall strategy. This post provides a five step approach for achieving best practice firewall configuration for SQL Server ... Source : Microsoft.com - MSDN Blog Post 


Least Privilege & Best Practices

 

SQL Server Agent job/user contexts

 

It's sometimes a little confusing trying to work out the security context of a SQL Server agent job. In this post, Tibor helps us in that very task ... Source : Tibor Karaszi - SQLBlog.com

 

 

Implementing Database Object Schemas

 

A great whitepaper explaining the benefits of Database Object Schemas. As well as listing a number of best practices, it explains how schemas can be used to protect database objects from unintended access/modification as well as simplifying administration ... Source : Michael Redman - MSDN.com - Technical Article

 

 

SQL Server 2008 Compliance Guide

 

This whitepaper provides an overview of the SQL Server 2008 features that can be utilized for compliance purposes. As well as covering Policy Based Management, it covers security techniques such as separation of duties, encryption and auditing ... Source : Microsoft.com - Whitepaper

 

 

SQL Server 2008 Security Overview for Database Administrators

 

SQL Server 2008 is secure by design, default, and deployment. Microsoft is committed to communicating information about threats, countermeasures, and security enhancements as necessary to keep your data as secure as possible. This paper covers some of the most important security features in SQL Server 2008. It tells you how, as an administrator, you can install SQL Server securely and keep it that way even as applications and users make use of the data stored within ... Source : Microsoft.com - Whitepaper

 

 

SQL Server 2005 Security Best Practices - Operational and Administrative Tasks

 

This white paper covers some of the operational and administrative tasks associated with SQL Server 2005 security and enumerates best practices and operational and administrative tasks that will result in a more secure SQL Server system ... Source : Microsoft.com - Technet Article

 

 

Common SQL Server Security Issues and Solutions

 

In this article, Paul tackles a number of important security issues from physical and network security through to SQL Injection, auditing and service accounts ... Source : Paul Randal - Technet Magazine

 

 

Script to determine permissions in SQL Server 2005

 

A great article from mssqltips.com outlining the usage of the fn_my_permissions function to return the current permissions of a specific user at various levels in a given database or at the server level ... Source : MSSQLTips.com - Article

 

 

Separation of Duties

 

Despite "Least Privilege" and "Separation of Duties" being fundamental security concepts, they are frequently overlooked, often with disastrous consequences. Amongst other topics, this article covers user/schema separation, and how it can be used to create more secure database applications ... Source : Microsoft.com - MSDN Technical Article

 

 

Alternatives to xp_cmdshell

 

Raul Garcia offers some alternatives to enabling the potentially dangerous xp_cmdshell including CLR and TSQL with EXECUTE AS ... Source : MSDN Blogs - Raul Garcia - Blog Post

 

 

The TRUSTWORHY bit database property in SQL Server 2005

 

Raul offers some best practices regarding the use of the Trustworthy bit property introduced in SQL 2005. ... Source : MSDN Blogs - Raul Garcia - Blog Post 

 

 

SQL Server 2000 Security Checklist

 

Provides a summary of best practices for SQL Server 2000 and links to in depth security articles ... Source : Microsoft.com - Technet Article

 

 


Encryption

 

Transparent Data Encryption in SQL Server 2008

 

Laurentiu provides an excellent coverage of the new Transparent Data Encryption (TDE) feature in SQL Server 2008 ... Source : MSDN Blogs - Laurentiu Crisofor - Blog Post

 

 

SQL Server Cryptography

 

A great overview of how cryptography is used throughout SQL Server, from authentication and permissions through to the various encryption methods ... Source : Microsoft.com - MSDN Technical Article

 

 

Password Authentication

 

Laurentiu compares 4 methods for password authentication; store clear, store encrypted, store hash and store salted hash ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

Encryption Techniques Compared

 

A great article on MSDN comparing various data encryption techniques. Transparent Data Encryption in 2008 is compared with cell level encryption in 2005 (also supported in 2008) as well as BitLocker and EFS ... Source : Microsoft.com - Article

 

 

Why you should not encrypt data with certificates

 

In this blog post, Laurentiu argues the case to only encrypt data in SQL 2005 using symmetric keys ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

How to determine the size of Encrypted Data

 

Encrypted data is larger than unencrypted data. But how much larger? ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

Restoring databases in SQL 2005 that use encryption

 

If the Service Master Key (SMK) is dropped for tighter control it needs to be regenerated following a database restore. Laurentiu takes us through the process in this blog post. Update: How to recover when the service master key (SMK) is not accessible  ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

How SQL Server uses Certificates

 

How does SQL Server use Certificates internally to encrypt data? Laurentiu explains in this Blog Post ... Source : MSDN Blogs - Laurentiu Cristofor - Blog Post

 

 

SSL Encryption

 

In this post, Brad discusses the end result of a number of client and server encryption settings ... Source : Brad Sarsfield - MSDN.com - Blog Post

 

 

SQL Encryption

 

Microsoft Whitepaper that explores the encryption features in SQL Server 2005 ... Source : Microsoft.com - Download

 

 

SQL Server 2008 Encryption

 

SQL Mag article covering database encryption in SQL Server 2008 including Extensible Key Management and Hardware Security Modules - SQLMag subscription required to view this article ... Source : SQLMag.com - Article

 

 

Microsoft IT Showcase ; Improving Data Security by Using SQL Server 2005

 

Detailed discussion describing how Microsoft IT uses SQL Server 2005 to improve data security for its line-of-business applications. SQL Server 2005 enabled Microsoft IT to implement column-level encryption together with a robust, and yet easy-to-use encryption key management framework ... Source : Microsoft.com - Download

 

 

SQL Server 2000 C2 Administrator's and User's Security Guide

 

This book is designed to help you install and use a C2-level certified SQL Server ... Source : Microsoft.com - Technet Article

 

 

Using SQL Server in FIPS Compliance Mode

 

FIPS stands for Federal Information Processing Standard. A FIPS is a standard developed by two government bodies. One is NIST, the National Institute of Standards and Technology, in the United States. The other is CSE, the Communications Security Establishment, in Canada. FIPS are standards that are either recommended or mandated for use in federal (either U.S. or Canadian) government-operated IT systems ... Source : Microsoft.com - Knowledge Base Article

 

 

Can encryption make you more vulnerable?

 

Laurentiu blogs about a recent article that argues how encrypting data may actually increase vulnerability. An excellent read ... Source : Laurentiu Christofor - msdn.com - Blog Post

 

 



Copyright (c) 2014 sqlCrunch.com   |  Privacy Statement  |  Terms Of Use

acheter chaussres nike air max 2014

acheter chaussures nike free run 2014