Articles, blogs, whitepapers, webinars, and other resources to Learn In-demand IT Skills
A place to improve knowledge and learn new and In-demand IT skills for career launch, promotion, higher pay scale, and career switch.
This will be the first in a series of blog posts in the next several months designed to touch on many of the topics covered in QuickStart’s SQL Server 2008 training courses; mores specifically database auditing with guidance and discussion for SQL Server 2008 and SQL Server 2008 R2. If the next version of SQL Server (code named ‘Denali’) adds or changes this, I will cover that towards the end of the series. In this first blog, we’ll look regulatory requirements, general organizational security practices, and auditing best practices for databases irrespective to the DBMS chosen. The second blog will continue looking at best practices, specifically what audit event data needs to be in the log and protecting audit systems and data. In the third blog, I’ll discuss the available auditing methods in SQL Server 2008/R2 and the advantages and disadvantages of each one. In the fourth and fifth blogs we’ll do a deeper dive into two specific auditing mechanisms, SQL Server Audit (built-in fine grain auditing introduced in SQL Server 2008), SQL Server Event Notifications (introduced in SQL Server 2005).
I hear these and many similar comments and questions all the time in my SharePoint online Power User classes:
These questions and comments all relate to SharePoint governance. SharePoint governance is a very important consideration for any SharePoint deployment, one that from myexperience a lot of organizations cut corners (or don’t even realize what they should be doing), to the detriment of their SharePoint deployment’s success. SharePoint governance is a big subject; more than one blog post can cover. Of all the subjects and classes we teach (from Citrix, Cisco, VMWare, to Microsoft SQLServer, WindowsServer, Exchange, etc.), there is only one product we have a dedicated class on Governance for:SharePoint. I present this as evidence for the need for SharePoint governance, without which has led some people to call SharePoint a “virus”. (Go Google or Bing “SharePoint” and “Virus” if you don’t believe me).
Identity columns are nothing new in T-SQL. They are great when you want a unique number to be automatically assigned every time you insert a new record. The trouble is that while they are unique within the table, they are probably the same between tables. Every table with an identity column has a 1 for the first record, a 2 for the second, etc. Of course you can set the seed and increment for the identity column to something other than (1,1), but you still have to manually track which table has which seed. Trying to track that is destined for failure. What we really need is a way to have automatically assigned numbers for new records, but ones which are guaranteed to be unique across any table that uses them. Of course, you know I wouldn’t be writing this if there weren’t a solution. In SQL Server 2012, Microsoft introduced something called the SEQUENCE object that does this very thing.
In my first blog post on using secure passwords in PowerShell scripts, I explained how the .NET Framework uses Strings and a new object type, SecureStrings. SecureStrings have several features that protect against attacks to read string values from memory, not the least of which is that the string is encrypted from the start in memory. I then introduced the Get-PSCredentialcmdlet that will prompt for a username and password and store that password in a SecureString property, with the property incidentally named “Password”. An alternative discussed there, when only a SecureString is needed and not a full credential, was the Read-Host cmdlet with the –AsSecureString parameter.
In my first blog post on using secure passwords in PowerShell scripts, I discussed methods in PowerShell to keep passwords and other secure strings secure in memory and protect against memory dump attacks and the like. I showed how to use those secure strings to run commands either an alternate username and password if the commands ask for those or by building and using PSCredential objects for those commands that expect a full credential object. At the end of the blog I showed how to convert that secure string to a regular encrypted string using the Windows Data Protection API (DPAPI). While highly secure, that method of encrypting the string is limited to that one user account on that one computer by the way it uses the Windows DPAPI.
In this blog post, I will present some of the security considerations we want to be aware of when configuring security for scripts, especially automating their execution.
I frequently get asked questions in my PowerShell classes about providing credentials to commands and scripts, including storing passwords in scripts. In this blogpostI’ll discuss howthe .NET Framework handles strings and why that behavior is undesirable for working with passwords and other secure strings of data. I will also discuss methods of providing passwords, credentials, and other secure strings into our commands and scripts interactively. AttheendI will introduce a method of securely saving credentials so that a script can be executed without prompting for passwords, although the script must be executed by the user who entered the credentials. In afollow uppost, I’ll discuss options when you need multiple people to execute scripts with saved credentials.
With the release of SQL 08 R2, Microsoft is making Report Builder 3.0 available. It has been a long road from the original Report Builder 1.0. It was a little clunky, not very intuitive, and was dependent on Report Models. Report Models are an abstraction of the data, and are generally designed by the BI Developer to expose data to the Business User for report creation.
While there are some benefits to using Report Models, (You can give fields and views logical names, group data logically, define relationships where none existed, and use them to enforce security to name a few), it still falls on the BI Developer to create them.