Western Digital WD Red internal HDD sliced in half on pink surface

You can’t secure your network with spite

I wrote a post a couple weeks ago about not changing port 1433 for security reasons. I received this comment, which is not visible on that page because it warrants a lengthy response. I have redacted the name of the commenter. I disagree. Hundreds companies around the world were victims of ransomware attack even they
-> Continue reading You can’t secure your network with spite

Padlock

Don’t change your default SQL Server port for security reasons

Since we’re on a recent theme of revising long-held best practices that are not, here’s a timely one for you: Don’t change your default SQL Server port for security reasons. In SQL Server Configuration Manager, you can set a custom port for your SQL Server instance. If you’re running named instances, you might even find
-> Continue reading Don’t change your default SQL Server port for security reasons

Glasses, calculator, tablet, white neat desk

System-versioned ledger tables: things you can’t do

This is the third post in the series about system-versioned ledger tables, a new feature introduced in Azure SQL Database. You can read Part 1 and Part 2 if you haven’t already. Every choice we make is a trade-off. New features have limitations, and ledger tables are no exception. Some of these limitations are perfectly
-> Continue reading System-versioned ledger tables: things you can’t do

Glasses, calculator, tablet, white neat desk

System-versioned ledger tables: the next step

In the first post of this series, we learned about a new type of system-versioned table that also works at the database level and introduces a mechanism that demonstrates whether your database has been tampered with. Very simply, if the cryptographic hash does not match what is in the off-site digest, your database has been
-> Continue reading System-versioned ledger tables: the next step

Glasses, calculator, tablet, white neat desk

Introducing system-versioned ledger tables

As long-time readers of this blog know, I’m a big fan of temporal tables, also known as system-versioned temporal tables. Until recently, temporal tables were synonymous with system-versioned tables, but all that changed a short while ago with the introduction — in Azure SQL Database — of system-versioned ledger tables. This new series of posts
-> Continue reading Introducing system-versioned ledger tables

padlock and chain

Security update for all supported versions of SQL Server (CVE-2021-1636)

Microsoft announced updates today for all supported versions of SQL Server, for a privilege escalation vulnerability that leverages Extended Events. For security reasons no further details have been provided, but you can expect more information in the near future, now that this update is public. From the knowledge base article: Data can be sent over a
-> Continue reading Security update for all supported versions of SQL Server (CVE-2021-1636)

chain and padlock

A new malware attack on SQL Server

Tencent Security has released a report (written in Chinese) describing a new malware attack by the name of “MrbMiner” on SQL Server instances exposed to the Internet with passwords that can be brute-forced. According to the report it installs an application written in C# by the name of assm.exe which communicates with a command-and-control server to download a digital
-> Continue reading A new malware attack on SQL Server

macro shot of stainless steel padlock

Picking up the pieces after the DBA has left: taking ownership of a SQL Server instance

WARNING: This post contains information that can get you fired if you use it without express written permission. In some jurisdictions it might get you jail time as well. Let’s assume you are a consultant, and a customer has called you in a panic because they have lost access to their production environment. Let’s assume
-> Continue reading Picking up the pieces after the DBA has left: taking ownership of a SQL Server instance

red LED signage

What is a strong password anyway?

Background Fellow Microsoft MVP Troy Hunt (blog | Twitter) has been operating the website Have I Been Pwned (HIBP) for a number of years now. For the record, “pwned” is pronounced like “owned” but with a “p” in front of it. Don’t use the term in public unless you’re in a room full of information security
-> Continue reading What is a strong password anyway?