Since witnessing a rather nasty cyber attack around a year ago, I've been thinking quite a bit about security. Do we really know how secure our SQL Servers are? Penetration testing is a great way to find out where our weaknesses and vulnerabilities are. Ideally you probably want to be getting regular pen tests conducted... Continue Reading →
xp_cmdshell is an extended SQL stored proc that allows users to run Windows command prompt commands from within SQL. Sound scary? It might, but is xp_cmdshell really a security risk? Well a lot of people think so, many DBAs and IT departments will insist that it's always disabled and many auditors and pen testers will... Continue Reading →
SQL doesn't really give us too many tools out of the box to allow us to spot when someone may be up to no good. We can look at the number of failed login attempts in SQL's error log. If you start seeing multiple login attempts, especially for SA or any other suspicious looking user... Continue Reading →
The question of encryption seems to be coming up a lot recently. I've had a number of people asking me about how to go about encrypting SQL Server. SQL can encrypt our data at a number of different levels and gives us a quite a few options when doing so. I want to use this... Continue Reading →
For one reason or another data security and encryption has been coming up quite a bit in my day to day work recently and I've started to realise that it seems to be one of those things that people aren't all that aware of. As I've been meaning to write a little series on encryption... Continue Reading →
SQL Undercover 