Chip Andrews, Director of Research and Development for Special Ops Security, Inc. is your SQL Server Security professor. Chip is the founder of the SQLSecurity.com website which focuses on Microsoft SQL Server security topics and issues. He has over 14 years of secure software development experience helping customers design, develop, deploy and maintain reliable and secure software. Chip has been a primary and contributing author to several books including Special Ops: Network and Host Security for Microsoft, Oracle and UNIX, SQL Server Security, and Hacking Exposed: Windows 2000. He also served as a technical reviewer for the book SQL Server Security Distilled. He is a prominent speaker at security conferences, where he provides expertise on Microsoft SQL Server security issues and secure application design. SQL Server Security School is in session -- enjoy!
SQL Server Security School
Lesson 1: Minimizing SQL Server service, login and user accounts
By default, SQL Server service accounts, logins, and user accounts have a large number of rights and permissions needed to support the myriad options and tools provided with SQL Server. A better strategy would be to lock down the permissions as much as possible and then only "give back" the rights needed to complete the task at hand. Firewall administrators have lived by this axiom for years, why not database administrators?
Listen to Lesson one right now.
Sponsored by: Imceda Software
Lesson 2: SQL Server discovery challenges and solutions
SQL Servers can be hard to locate on today's networks. Personal firewalls, non-default SQL Server TCP ports, and users who only enable the server when they need it can all be lurking on your network without your knowledge. Making sure that you can find all of the SQL Servers on your network is critical to securing them. In this lesson, we'll discuss all of the tools and techniques at your disposal to get this done.
Listen to Lesson two right now.
Sponsored by: Imceda Software
Lesson 3: Securing SQL Servers using Group Policy
Between development workstations, a myriad of third-party products and line-of-business systems that use SQL Server, the average organization may have hundreds if not thousands of SQL Server systems to configure and secure. Doing this by hand is labor-intensive and likely infeasible for most. By implementing company policies and enforcing them through Active Directory and Group Policy, you can literally affect thousands of installations at once and enforce order from chaos.
Listen to Lesson three right now.
Sponsored by: SQL Server Adviser newsletter
Lesson 4: Defensive programming against SQL Injection
SQL injection is still among the most ubiquitous of application security vulnerabilities despite plenty of press on the problem. In order to mitigate this, we need more policy compliance and process in the application development space, not just penetration testing and education. In this webcast we'll discuss what you should be doing early on in your development projects to address this problem and how many of these techniques can be applied to existing products.
Listen to Lesson four right now.
Sponsored by: SQL Server Adviser newsletter
