Webcast: How to Secure SQL Server – End to End Security

On April 16, 2024, I will be giving another webcast; this one will be on SQL Server security.

Sign up link

As always, the registration is free. Here’s the abstract:

Data is the lifeblood for almost every organization. As a result, platforms like Microsoft SQL Server are high-value targets for attackers. However, knowing what to do and not do can be daunting.

In this webinar, we’ll walk through a framework to secure your SQL Servers from end-to-end. Starting with the install and walking through surface area, permissions, backups, encryption, and concluding with decommissioning, we’ll cover every area you’ll need to consider for your SQL Server environment. Where they are applicable, we’ll also point out industry good practices and where to find the documentation on them.

By the end of the webinar, you should leave with a plan for where to start, what’s most important, and where to go for more information to ensure you can properly harden and secure the SQL Servers in your organization.

Tomorrow – Webcast on SQL Server Administration

I will be giving another Microsoft SQL Server-based webcast, this time on the administration of Microsoft SQL Server. The webcast is scheduled for March 26, 2024 at 1 PM Eastern.

Registration link (free): What a DBA Needs to Know about SQL Server Administration

Here is the abstract for the webinar:

The DBA role encompasses a broad range of skills and focus areas. One of those is SQL Server administration.

What does a DBA charged with SQL Server administration need to know to be successful? In this webinar, we’ll look at the key areas you should master if you’re charged with SQL Server administration: a secure installation, ensuring proper backup/recovery mechanisms to meet recovery time objectives (RTOs)/recovery point objectives (RPOs), securing access to SQL Server and the data contained within, baselining and performance monitoring, and finally, basic troubleshooting – where to look and what to look based on the issues a particular SQL Server is experiencing.

Webcast on SQL Server Administration

I will be giving another Microsoft SQL Server-based webcast, this time on the administration of Microsoft SQL Server. The webcast is scheduled for March 26, 2024 at 1 PM Eastern. It’s scheduled for 1 PM EDT / 5 PM UTC.

Registration link (free): What a DBA Needs to Know about SQL Server Administration

Here is the abstract for the webinar:

The DBA role encompasses a broad range of skills and focus areas. One of those is SQL Server administration.

What does a DBA charged with SQL Server administration need to know to be successful? In this webinar, we’ll look at the key areas you should master if you’re charged with SQL Server administration: a secure installation, ensuring proper backup/recovery mechanisms to meet recovery time objectives (RTOs)/recovery point objectives (RPOs), securing access to SQL Server and the data contained within, baselining and performance monitoring, and finally, basic troubleshooting – where to look and what to look based on the issues a particular SQL Server is experiencing.

Giving a Security Webinar this Wednesday

If you haven’t already signed up, on November 29, 2023, at 11 AM Eastern Standard Time, I’m presenting a webinar on how to harden SQL Server.

Link to Register (free): GoTo Webinar – How to harden SQL Server – registration

Here’s the abstract:

Microsoft SQL Server has been a target of threat actors for over 20 years. The first world-wide exploit of SQL Server was known as SQL Slammer and it caused significant changes to Microsoft’s software development lifecycle and the instituting the Trustworthy Computing initiative. Now, a fresh attack against SQL Server has made the news: DB#Jammer. DB#Jammer and attacks like it exploit poor security configurations in both SQL Server and the surrounding technology.

Beyond the abstract, here’s what I’m going to go into detail about:

• Understanding surface area, zero trust, and network security.
• Assuming an already breached mentality.
• The importance of basics such as password strength and account lockout.
• The need for a layered approach when it comes to security – network, OS, and SQL Server.
• Proper auditing and reporting to detect breaches

Webinar: How to Harden SQL Server

On November 29, 2023, at 11 AM Eastern Standard Time, I’m presenting a webinar on how to harden SQL Server.

Link to Register (free): GoTo Webinar – How to harden SQL Server – registration

Here’s the abstract:

Microsoft SQL Server has been a target of threat actors for over 20 years. The first world-wide exploit of SQL Server was known as SQL Slammer and it caused significant changes to Microsoft’s software development lifecycle and the instituting the Trustworthy Computing initiative. Now, a fresh attack against SQL Server has made the news: DB#Jammer. DB#Jammer and attacks like it exploit poor security configurations in both SQL Server and the surrounding technology.

Beyond the abstract, here’s what I’m going to go into detail about:

• Understanding surface area, zero trust, and network security.
• Assuming an already breached mentality.
• The importance of basics such as password strength and account lockout.
• The need for a layered approach when it comes to security – network, OS, and SQL Server.
• Proper auditing and reporting to detect breaches

My Upcoming Speaking Engagements

March 4 – Charleston PASS, Charleston, SC

What Admins Absolutely Must Know About SQL Server Security

There are so many security tips out there for SQL Server. Almost all of them are rated as a best practice. What do you listen to? What do you focus on? In this session we’ll break down what you absolutely must know about securing SQL Server. We’ll look at the things to look for within SQL Server, including some of the nooks and crannies an attacker might use but what are rarely audited. You’ll leave with a checklist of what to investigate and a set of scripts to run on your own systems.

Register Here

March 12 – Webinar with MSSQLTips.com

SQL Server backup automation and best practices

Join us for this webcast to learn about best practices for backing up your SQL Server databases along with things you can automate to reduce your workload.

Having proper backups for your SQL Server databases is your last line of defense when things go wrong. Database backups are rarely used to restore a production database, but when they are needed, having a solid plan is paramount.

In this webcast we will cover:

• The types of backups to setup for your databases
• Proper database settings for backups
• Protecting database backups
• Backing up system databases
• Automating backups with SQL Agent and other scheduling tools
• Automating checks to ensure backups are successful
• Setting up alerts and notifications for backup failures
• and more

Register Here

March 12 – Midlands PASS, Columbia, SC

What Developers Absolutely Must Know About SQL Server Security

There are so many security tips out there for SQL Server. Almost all of them are rated as a best practice.What do you listen to? What do you focus on? In this session we’ll break down what you absolutely must know about building secure database using SQL Server. We’ll look at the SQL Server securables model, how you can simplify your security model using patterns and models you are already familiar with, how roles can be used to aggregate security cleanly, and how to put in triggers and other mechanisms to try and protect your databases from attack.

Register Here

Presenting on Top SQL Server Vulnerabilities

On February 19th, 2014, I’ll be giving a webinar from 3-4 PM Eastern on the Top SQL Server Vulnerabilities. You can register here for it.

It is being provided by MSSQLTips.com and GreenSQL. Here’s what I’m covering:

Your goal is to have a secure SQL Server installation. However, you don’t have forever to get the job done. Nor do you have an infinite amount of time and resources to monitor the installation after it’s in production.

• What are the biggest things to focus on?
• What will be your most painful headaches going forward?
• What should you be watching for to detect a potential compromise?

In this webinar, I’ll answer these questions so you can quickly and effectively configure and test your SQL Server for optimal security. We will also give you a glimpse into GreenSQL’s offerings to secure your SQL Servers. For those on a tight budget, scripts will be provided and free tools referenced.

Free Online SQL Server Training for the Week of January 12, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

 

Monday, Jan 13:

• 11 AM – Big Boys’ Toys: ColumnStore Indexes with Table Partitioning – Andrew Whettam – PASS BI VC

Tuesday, Jan 14:

• 11 AM – Bus Matrix – the foundation of your Data Warehouse – William Anton –Pragmatic Works

Thursday, Jan 16:

• 11 AM – Necessarily Evils, Building Optimized CRUD Procedures – Jason Strate – Pragmatic Works
• 12 PM – Analytics at Cisco – Arun Saksena – PASS Business Analytics VC
• 12 PM – Attributes & Hierarchies in Analysis Services 2012 – Thomas LeBlanc – PASS BI VC
• 3 PM – Building a Rock-Solid Backup Solution – Brian Kelley – Idera / MSSQLTips.com

 

Training Providers I Regularly Review:

• Confio
• Idera
• Microsoft
• MSSQLTips.com
• Pragmatic Works
• Professional Association for SQL Server – I’m using the events page. If you’re a chapter leader and haven’t converted your meeting announcements over to Events, please check the Chapter Dashboard to learn how to do so.
• SQL Lunch
• SQL Sentry
• SSWUG.org

Free Online SQL Server Training for the Week of November 17, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Tuesday, Nov 19:

• 11 AM – XQuery Basics for the DBA – Jason Strate – Pragmatic Works
• 6 PM – Data Vault Data Warehouse – Jeff Renz – PASS Business Intelligence Virtual Chapter

Wednesday, Nov 20:

• 10 AM – Understanding Query Execution Plans – Richard Douglas – MSSQLTips.com
• 3 PM – Chapters 13 & 14 of Delivering Business Intelligence with Microsoft SQL 2012 – (forum) – PASS SQL Book Readers VC

Thursday, Nov 21:

• 11 AM – Controlling Your SSIS Control Flow Using Containers – T.J. Brown – Pragmatic Works
• 1 PM – PCI for the SQLDBA – Andy Warren – PASS Security VC

Training Providers I Regularly Review:

• Confio
• Idera
• Microsoft
• MSSQLTips.com
• Pragmatic Works
• Professional Association for SQL Server – I’m using the events page. If you’re a chapter leader and haven’t converted your meeting announcements over to Events, please check the Chapter Dashboard to learn how to do so.
• SQL Lunch
• SQL Sentry
• SSWUG.org

Recording of SQL Injection Webcast Now Available

On Tuesday I gave a webcast along with MSSQLTips on SQL Injection. If you were unable to attend (or were able to attend and want to see it again), you can view it at the following link [registration required]:

SQL Injection: What it is, how it happens and how to stop it?

I was asked about the slides and scripts. You can find them as a download here:

SQL Injection Presentation Materials