Security

Rajendra Gupta

Contained databases in SQL Server

January 12, 2016 by

As we know there are two types of authentication available in SQL Server Windows authentication and SQL authentication. In Windows authentication we use Active directory authentication to connect with SQL Server which makes the most secure authentication method as it can have complexity, group policy configured at AD level applied to all domain servers while in SQL Authentication SQL users are created inside SQL and provided required permissions. The Permissions includes server wide and database wide. The logins can have certain permissions at the database level might be read or write etc.

Read more »
Eli Leiba

Creating a SQL Injection protection function

December 9, 2015 by

The Problem

The Problem demonstrated here describes a very common scenario. The IT Security group orders all programmers that all the dynamic input strings that comes from user input to be checked for suspicious SQL injection intentions.

SQL injection is a code injection technique used to attack data-driven applications. During the attack, malicious SQL statements are inserted into data entry fields for execution inside the database engine.

Read more »
Priyanka Chouhan

7 Neat tricks to better safeguard a SQL database

November 3, 2015 by

Every organization, whether large or small, imposes some security measures to protect its confidential data. Such data usually includes contract details, project planning reports, employee information, financial account details and more. More often than not, firewalls, anti-viruses, and other data security techniques are applied to keep unauthorized users or programs from accessing such sensitive company data. What most organizations probably fail to recognize is the threat that exists to such information from people within the circle of trust.

Read more »
Kenneth M. Nielsen

New Features in SQL Server 2016 – Dynamic Data Masking

July 23, 2015 by

There are many new features in SQL Server 2016, but the one we will focus on in this post is:

  • Dynamic Data Masking

Have you ever been on a website, where your personal information, ie. Social Security number or Credit Card number shown in clear text, ready for everyone to have a look at. Would it not be cool if your information was somehow masked by default, and not needed to rely on the application to mask the data before displaying it on the screen?

Read more »
Kenneth M. Nielsen

New Features in SQL Server 2016 – Always encrypted

July 8, 2015 by

There are many new features in SQL Server 2016, but the one we will focus on in this post is:

  • Always encrypted

A feature many companies and developers have been waiting, is now finally being implemented in SQL Server. The feature is called Always Encrypted, the main purpose of this feature is to secure your data. Your data will only be visible to the ones logged into an application consuming the data, and will never be transferred from application to database unencrypted.

Read more »
Steve Simon

SQL Server security mechanism – How to control what data are users able to view within their reports

January 8, 2015 by

Introduction

A few years back, a client asked me to implement a quick and dirty “security mechanism” to control what data the myriad of users were able to view within their reports. There were numerous tables with multiple columns and all departments (within the enterprise) had their data within these tables.

SQLShack Industries has tasked us with creating a similar quick and dirty “security mechanism”. We shall attack this challenge by creating the necessary stored procedures (to extract the required data) and then utilize these stored procedures to render and consume the data within our reports.

Read more »
Ivan Stankovic

SQL Server Policy Based Management – Categories and Database Subscriptions

May 21, 2014 by
In the recent articles (see below) about SQL Server Policy Based Management, we have explained the terms used by the feature, how it can be used in different environments and for various scenarios. We have also described how its basic purpose, evaluating declared rules against specific SQL Server instances and their objects, can be extended on other aspects of SQL Server such as SQL Server Audit is. Read more »
Ivan Stankovic

SQL Server Policy Based Management – applying policies to non-compliant targets

May 8, 2014 by
SQL Server Policy Based Management provides means to declare certain states and properties for SQL Server instances and their objects in a form of policies. These policies can be evaluated against a set of SQL Server instances, or against a specific SQL Server instance and a set of its objects that can be narrowed even more using additional policy conditions. However, even an evaluation of declared policies against their targets (SQL Server instances and their objects) produces viable results, in a form of evaluation reports that shows which target does and which one does not comply with the policy, this is not enough. After non-compliant targets are identified, they need to be altered in order to comply with the evaluated policies. Read more »
Ivan Stankovic

SQL Server Policy Based Management – best practices

May 5, 2014 by
In SQL Server Policy Based Management, best practices represent guidelines in a form of Policy Based Management policies that are in common SQL Server use scenarios considered as the best way to configure SQL Server instances and their objects. For example, it is considered a best practice for most SQL Server environments to use and enforce Windows Authentication mode. Violations of these policies can indicate SQL Server configurations that can result in low reliability, poor performance, increased security risks, unexpected conflicts, or other potential problems. Read more »
Ivan Stankovic

SQL Server Policy Based Management – The On Change evaluation mode

April 25, 2014 by
The Policy Based Management feature we described in the series of articles (see below) provides an efficient method to declare and enforce policies related to SQL Server instances and their objects. The main purpose of the feature is to facilitate maintenance of a single and, what’s more important, multiple SQL Server instances across the enterprise. Policies can be created on one SQL Server instance, and applied to other SQL Server instances afterwards, as explained in details in the SQL Server Policy Based Management – evaluating policies on multiple SQL Server instances article. Read more »
Ivan Stankovic

SQL Server security and Policy Based Management – Alerting

March 24, 2014 by
In the previous article related to the SQL Server Policy Based Management feature, we discussed and provided steps and tips to create conditions and policies that help maintaining SQL Server security in large enterprises with a number of SQL Server instances. Now, we are going to go further as once set policies are not much of a use if their violations are left unnoticed. Read more »
Ivan Stankovic

SQL Server security and Policy Based Management – In practice

March 16, 2014 by
In the previous introduction article we have described concepts, terms, and common Policy Based Management tasks. The SQL Server Policy Based Management feature can be used in various scenarios and for different purposes. Using once declared policies and the Export/Import feature, maintaining SQL Server security in large enterprises with a number of SQL Server instances can be an automated process Read more »