Our data should be secure. And our environment too. What we can do for maximizing security in a hybrid environment, where SQL Server exist in two forms: premise and cloud. How to organize our job, how to control our data if we use Windows Azure SQL Database - The Cloud Database. physical security, policy-based management, auditing, encryption, federation, access and authorization. All of those subjects will be covered during my session.
Backup? Who cares! Now and Then? We store our data in the cloud. Somewhere in the Cloud. Which Cloud? Who cares! But we are still SQL Server Professionals, so… are we need backup? Should we use newest opportunities or old methods? Are we going a step further or step back? On my session, I will try to find answers for all of those (and more) questions. Demos, cases, and examples from the world of backup. And of course worst practices.
• We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: And what NOW? New version old my old well-known session updated for whole changes which happened in DBA World in last two-three years.
• So, from the ground to the Sky and further - everything for surviving disaster. Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users.
• In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 13 2015 at Hochschule Bonn-Rhein-Sieg, Grantham-Allee 20, St. Augustin, Rheinland, 53757, Germany. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
###
Maintenance Plans for Beginners (but not only) | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
Backup? Who cares! Now and Then? We store our data in the cloud. Somewhere in the Cloud. Which Cloud? Who cares! But we are still SQL Server Professionals, so… are we need backup? Should we use newest opportunities or old methods? Are we going a step further or step back? On my session, I will try to find answers for all of those (and more) questions. Demos, cases, and examples from the world of backup. And of course worst practices.
• We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: And what NOW? New version old my old well-known session updated for whole changes which happened in DBA World in last two-three years.
• So, from the ground to the Sky and further - everything for surviving disaster. Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users.
• In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 13 2015 at Hochschule Bonn-Rhein-Sieg, Grantham-Allee 20, St. Augustin, Rheinland, 53757, Germany. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
###
Maintenance Plans for Beginners (but not only) | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Introduction to SQL Server Analysis services 2008Tobias Koprowski
This is my presentation from 17th Polish SQL server User Group Meeting in Wroclaw. It\'s first part of Quadrology Bussiness Intelligence for ITPros Cycle.
June 17th & 18th 2015. FREE. Online. On-demand. On your device.
Over 60 sessions in 2 days. Starting at 11:00 EDT on the 17th June, SPBiz brings insights and knowledge to help your business benefit from SharePoint, wherever you are. If you want to get the most out of your SharePoint platform, this is THE conference for you. Free to attend as a delegate, bringing influential speakers and direction setters in the SharePoint community directly to your device.
Microsoft Azure zmienia się. Jego częśc poświęcona bazie danych (Windows Azure SQL Database) zmienia się jeszcze szybciej. Podczas tej sesji chciałbym pokazac tym, którzy nie widzieli, oraz przypomniec tym, którzy już coś wiedzą - o co chodzi z WASD, jakie zmiany nastapiły i czego możemy po tej bazie oczekiwać. Dla odważnych będzie okazja podłączenia się do konta w chmurze i przetestowania ych rozwiązań samemu.
In this session, you'll gain invaluable guidance for optimizing your backup strategies. Actually that is a lie, I will be advocating the mind shift from backup strategies and the devastating affect they can have on a company and instead move you to thinking about implementing restore strategies. Things become much simpler when you consider the purpose of a backup, and the effects of the different recovery models and backup options have on your customers and effectively your livelihood. Using trace flags the session will also cover how SQL Server manages its own backup options and how you can tune them to make sure that you meet the time constraints of your enforced maintenance windows.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Understanding the Transaction Log, Your Key to Unlocking Greater ThroughputRichard Douglas
Does your application suffer from performance problems even though you followed best practices on schema design? Have you looked at your transaction log?
There's no doubt about it, the transaction log is treated like a poor cousin. The poor thing does not receive much love. The transaction log however is a very essential and misunderstood part of your database. There will be a team of developers creating an absolutely awesome elegant design the likes of which have never been seen before, but the leave the transaction log using default settings. It's as if it doesn't matter, an afterthought, a relic of the platform architecture.
In this session you will learn to appreciate how the transaction log works and how you can improve the performance of your applications by making the right architectural choices.
2AM. We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
Backup and Restore SQL Server Databases in Microsoft AzureDatavail
You’ll come to understand some of the advantages of using SQL Server in Azure by examining cloud-friendly SQL Server backup methods like backup to block blobs as well as finding workarounds to real-world issue like Azure’s throughput limitations.
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)Andre Essing
Best practices are recommendations for a rock solid system and high performance. These best practices are based on recommendations from vendors and countless experiences that were made in the community. All these experiences, tips and recommendations combined makes the manual how you should setup and configure a system. This also applies to SQL Server. Some of these best practices were already spotted on some PASS chapter meeting, SQL Saturdays and conferences.
Unfortunately, on the most SQL Servers you can find best practices only in rare cases. Most times performance issues or instability could be solved by implementing just these best practices. Starting at the BIOS settings, going through the Windows settings and for sure the SQL Server itself, I want to show you how to configure your SQL Server to make it a rock solid high performance data monster.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Introduction to SQL Server Analysis services 2008Tobias Koprowski
This is my presentation from 17th Polish SQL server User Group Meeting in Wroclaw. It\'s first part of Quadrology Bussiness Intelligence for ITPros Cycle.
June 17th & 18th 2015. FREE. Online. On-demand. On your device.
Over 60 sessions in 2 days. Starting at 11:00 EDT on the 17th June, SPBiz brings insights and knowledge to help your business benefit from SharePoint, wherever you are. If you want to get the most out of your SharePoint platform, this is THE conference for you. Free to attend as a delegate, bringing influential speakers and direction setters in the SharePoint community directly to your device.
Microsoft Azure zmienia się. Jego częśc poświęcona bazie danych (Windows Azure SQL Database) zmienia się jeszcze szybciej. Podczas tej sesji chciałbym pokazac tym, którzy nie widzieli, oraz przypomniec tym, którzy już coś wiedzą - o co chodzi z WASD, jakie zmiany nastapiły i czego możemy po tej bazie oczekiwać. Dla odważnych będzie okazja podłączenia się do konta w chmurze i przetestowania ych rozwiązań samemu.
In this session, you'll gain invaluable guidance for optimizing your backup strategies. Actually that is a lie, I will be advocating the mind shift from backup strategies and the devastating affect they can have on a company and instead move you to thinking about implementing restore strategies. Things become much simpler when you consider the purpose of a backup, and the effects of the different recovery models and backup options have on your customers and effectively your livelihood. Using trace flags the session will also cover how SQL Server manages its own backup options and how you can tune them to make sure that you meet the time constraints of your enforced maintenance windows.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Understanding the Transaction Log, Your Key to Unlocking Greater ThroughputRichard Douglas
Does your application suffer from performance problems even though you followed best practices on schema design? Have you looked at your transaction log?
There's no doubt about it, the transaction log is treated like a poor cousin. The poor thing does not receive much love. The transaction log however is a very essential and misunderstood part of your database. There will be a team of developers creating an absolutely awesome elegant design the likes of which have never been seen before, but the leave the transaction log using default settings. It's as if it doesn't matter, an afterthought, a relic of the platform architecture.
In this session you will learn to appreciate how the transaction log works and how you can improve the performance of your applications by making the right architectural choices.
2AM. We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
Backup and Restore SQL Server Databases in Microsoft AzureDatavail
You’ll come to understand some of the advantages of using SQL Server in Azure by examining cloud-friendly SQL Server backup methods like backup to block blobs as well as finding workarounds to real-world issue like Azure’s throughput limitations.
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)Andre Essing
Best practices are recommendations for a rock solid system and high performance. These best practices are based on recommendations from vendors and countless experiences that were made in the community. All these experiences, tips and recommendations combined makes the manual how you should setup and configure a system. This also applies to SQL Server. Some of these best practices were already spotted on some PASS chapter meeting, SQL Saturdays and conferences.
Unfortunately, on the most SQL Servers you can find best practices only in rare cases. Most times performance issues or instability could be solved by implementing just these best practices. Starting at the BIOS settings, going through the Windows settings and for sure the SQL Server itself, I want to show you how to configure your SQL Server to make it a rock solid high performance data monster.
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION Elvis Muyanja
Today, data science is enabling companies, governments, research centres and other organisations to turn their volumes of big data into valuable and actionable insights. It is important to uncover hidden patterns, unknown correlations, market trends, customer preferences and other useful business information. According to the McKinsey Global Institute, the U.S. alone could face a shortage of about 190,000 data scientists and 1.5 million managers and analysts who can understand and make decisions using big data by 2018. In coming years, data scientists will be vital to all sectors —from law and medicine to media and nonprofits. Has the African continent planned to train the next generation of data scientists required on the continent?
Enabling the Real Time Analytical EnterpriseHortonworks
Combining IOT, Customer Experience and Real-Time Enterprise Data within Hadoop. What if you could derive real-time insights using ALL of your data? Join us for this webinar and learn how companies are combining “new” real-time data sources (i.e. IOT, Social, Web Logs) with continuously updated enterprise data from SAP and other enterprise transactional systems, providing deep and up-to-the-second analytical insights. This presentation will include a demonstration of how this can be achieved quickly, easily and affordably by utilizing a joint solution from Attunity and Hortonworks.
A Whistleblowing Report to the United States of Congress submitted by Scott Bennett, 2LT, United States Army (Reserve), 11th Psychological Operations Battalion to the Department of Defense Inspector General, Memorial Day, May 27, 2013
The Betrayal and Cover-Up by the U.S. Government of the Union Bank of Switzerland - Terrorist Threat Financia Connection to Booz Allen Hamilton and U.S. Central Command
Scott Bennett - Shell Game (pdf source - http://projectcamelotportal.com/files/SHELL_GAME.pdf
On my first session I would to introduce everyone to formerly known SQL Azure (actually Windows Azure SQL Database). Under Tips and Trick session I will show which points, features, compatibility and non-compatibility for SQL Azure are important for DBA's. I will cover functionalities, performance, cost, and sla and security aspects.
After break I will show how we can work with our data in the Cloud using SQL Azure, Blob Storage, what functionality of backup, restore, encryption and availability are available for us, how we can implement hybrid environment and when an why it is (or not) good practice.
And finally I hope we will find few minutes for discussion about Future of the DBA (not only in AD 2016)
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLATobias Koprowski
To druga prezentacja w cztero-częściowym cyklu omawiającym znaczenie wysokiej dostepności w kontekście umów SLA. Prezentacje przeznaczone są dla odbiorców z kręgu ITPro, a publikowane na zywo na portalu VirtualStudy.pl
***
This is second part of my four-parts cycle about Service Level Agreement for ITPros. It a session for Virtualstudy.pl education portal.
Secure by design: Scaling security across the enterpriseMuleSoft
By 2020, Gartner predicts 60% of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. As security failures quickly become headline news, CIOs and CISOs are under tremendous pressure to keep the business secure -- without slowing the business down. That's why incorporating security by design into applications and services is so crucial for the enterprise. In this session, we will discuss how applications networks are helping organizations federate security best practices, leverage machine learning to more proactively respond to threats and deliver defense in depth.
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
The first part of this presentation is designed to scare the cloud out of you by talking about some of the common and often overlooked concerns with cloud security. Then we'll bring you right back by showing you how cloud technology publishers as well as VARS, like BCS Prosoft are taking steps to mitigate potential threats and keep you business up and running 24/7/365.
Justin Fox from NuData Security, A Mastercard Company presents at the Canadian Executive Cloud & DevOps Summit in Toronto, June 9, 2017 on the topic "Security your DevOps Pipeline".
BP101 - Can Domino Be Hacked? Lessons We Can Learn From the Security Community from MWLUG-2017 with Howard Greenberg and Andrew Pollack
The Open Web Application Security Project (OWASP) is an open source community dedicated to improving software security. OWASP publishes a Top 10 list of common security issues in web applications with suggestions on how to alleviate them. This session will examine the OWASP Top Ten list of security suggestions and relate them to the Domino world and how you can better secure your Notes and Domino applications. Both administrators and developers will gain valuable insights into how to best protect sensitive information we maintain in our Domino environments!
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Beau Bullock
Does the blue team got you feeling down because they are on you like Windows Defender on a Mimikatz binary? Have you lost sleep at night because their logging and alerting levels are so well tuned that if they were vocals, auto-tune couldn’t make them any better? Do you like surprises? Well you are in luck!
Over the last few months we’ve been doing a bit of research around various Microsoft “features”, and have mined a few interesting nuggets that you might find useful if you’re trying to be covert on your red team engagements. This talk will be “mystery surprise box” style as we’ll be weaponizing some things for the first time. There will be demos and new tools presented during the talk. So, if you want to win at hide-n-seek with the blue team, come get your covert attack mystery box!
FOSSASIA PGDAY ASIA 2017 presentation material.
FOSSASIA PGDAY ASIA 2017 の発表資料です。
In this presentation, I will talk about the following two topics.
* Considerations for securing a database system.
* Current status of database audit on PostgreSQL
FOSSASIA 2017
http://2017.fossasia.org/
PGDAY ASIA 2017
http://2017.pgday.asia/
NTT pgaudit
https://github.com/ossc-db/pgaudit
When thinking about moving your PHP application to PaaS (if it's bluemix, heroku or others), you should take into account several architectural differences that will affect your application. This presentation is a good place to start your migration plan to PaaS.
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...Amazon Web Services
Discover how your CI/CD can be automated to create consistency and repeat-ability across environments with less reliance on individual team members, confidence in releases and less issues in production.
Using CI to create code pipelines is well understood. However, when it comes to creating the pipelines, reuse, version control and dependencies can cause problems. This can be overcome by turning all your CI into code, not just the pipeline. Learn real-world scenarios of how to incorporate these techniques into your current CI/CD capabilities taking advantage of Jenkins, AWS CodeDeploy, CloudFormation and ECS.
Speaker: Aaron Walker, Technology Director, base2Services
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?TechWell
When you’re building the next killer mobile app, how can you ensure that your app is both stable and capable of near-instant data updates? The answer: Build a backend! Siva Katir says that there’s much more to building a backend than standing up a SQL server in your datacenter and calling it a day. Since different types of apps demand different backend services, how do you know what sort of backend you need? And, more importantly, how can you ensure that your backend scales so you can survive an explosion of users when you are featured in the app store? Siva discusses the common scenarios facing mobile app developers looking to expand beyond just the device. He’ll share best practices learned while building the PlayFab and other companies’ backends. Join Siva to learn how you can ensure that your app can scale safely and affordably into the millions of concurrent users and across multiple platforms.
More and more enterprises are restructuring their development teams to replicate the agility and innovation of startups.
In the last few years, microservices have gained popularity for their ability to provide modularity, scalability, high availability, as well as make it easier for smaller development teams to develop in an agile way.
But how do they deal with security? what about security contexts?
This talk will give insights about the most interesting issues found in the last years while testing the security of multilayered microservices solutions and how they were fixed.
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Session form series of conferences during Data Relay (formerly SQL Relay) 2018 in Newcastle, Leeds, Birmingham, Reading, Bristol. The session contains only slides form the talk (no videos included).
Slides from data MindsConnect 2018 Conference hosted at Ghelamnco Arena in Ghent by Belgian SQL Server USer Grup. SECDev(OPS) How to embrace your security.
Session from SQLDay 2016 Conference in Wroclaw.
2 AM. We're sleeping well and our mobile is ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talking about the potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Does virtual or physical SQL Server matter? We talk about systems, databases, people, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server environment are critical and how to be prepared for disaster. In some documents, I'll show You how to be BEST prepared.
SQLSaturday je jednodňová konferencia určená pre SQL Server profesionálov a aj pre tých, ktorí sa chcú dozvedieť niečo o SQL Servri. Na konferencii budú prednášať domáci aj zahraniční prednášatelia a vďaka našim sponzorom je vstup na konferenciu voľný. Podmienkou je len registrácia. Konferencia sa uskutoční dňa 20. júna 2015 v priestoroch spoločnosti Microsoft Slovakia, Apollo Business Center II, Prievozská 4D, 821 09 Bratislava.
DELIVERED: Whitehall Media’s 3rd Enterprise Security and Risk Management conference | April, 28th London {http://www.whitehallmedia.co.uk/esrm/}
ABSTRACT: Cloud Computing is ready. Industry and government are already embarking on a journey towards Cloud. But… Trust is the Primer. How much trust can we place in cloud providers? What is the nature of this trust? How important is it and what is the future of trust?
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Maintenance Plans for Beginners | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
3. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
AGENDA
1 | Security in a Nutshell
2 | SQL Server Security Best Practices
3 | SQL Server 2014 Security Enhacement
4 | SQL Server 2016 Security Enhacement
5 | SQL Server Security in The Cloud
6 | Summary
Appendix
7. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security? What is this?
• Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and
valuable asset, such as a person, dwelling, community, nation, or organization.
• As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3
(Open Source Security Testing Methodology Manual), security provides "a form of protection
where a separation is created between the assets and the threat." These separations are
generically called "controls," and sometimes include changes to the asset or the threat.
8. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 1 {IT REALM}
• Application security | http://bit.ly/18u8J6p
• Computing security | http://bit.ly/1ARdRLd
• Data security | http://bit.ly/185wfph
• Information security | http://bit.ly/1ARe0ya
• Network security | http://bit.ly/1C443R8
10. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 3 {POLITICAL REALM}
• Homeland security | http://bit.ly/1AAwZhE
• Human security | http://bit.ly/1DhojtU
• International security | http://bit.ly/1MYoyli
• National security | http://bit.ly/1FEnldu
• Public security | http://bit.ly/1wqpX9P
11. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 4 {SQL SERVER REALM}
Application security Computing security
Data security Information security
Network security Home security
Infrastructure security Physical security
National security Public security
13. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server Security Best Practices
• Efficiency and security have an inverse relationship to one another.
• You can have high efficiency or high security, but not both.
Example: `Small Bank Company` tend to favor efficiency over security:
• Cost limitations. This is the first and obvious reason. Community banks are fighting a constant battle to remain
competitive. Implementing security in systems adds costs - there is no way around it.
• Risk. It's not always a conscious decision for a bank to improve efficiency by sacrificing security. Sometimes there's
a lack of understanding of the risks associated with the systems we deploy.
• Personnel limitations. The many-hats syndrome runs rampant in smaller community banks.
• Regulatory emphasis. The current regulatory environment stresses controls as they relate to policy and
procedures.
14. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
authentication
• SQL Server supports:
• Windows Authentication Mode which supports
• Kerberos
• NTLM (Windows NT Lan Manager)
• Mixed Mode Authentication which supports
• Windows Accounts
• SQL Server specific accounts
SECURITY
BEST
PRACTICES
Best Practice:
use Windows Authentication mode
unless legacy application require Mixed Authentication for backward compability
15. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
secure sysadmin account
• sysadmin account (sa) is most vulnerable account when it’s not changed
• potential SQL Server attackers, hackers aware of this
SECURITY
BEST
PRACTICES
Best Practice:
change name of sysadmin account after installation
SSMS>Object Explorer>Logins>Rename (right click) / T-SQL
16. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
use complex password
SECURITY
BEST
PRACTICES
Best Practice:
ensure that complex password are used for sa and other sql-server-specific logins.
Think about ENFORCE EXPIRATION & MUST_CHANGE for any new SQL login
17. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
use specific logins
Best Practice:
use different accounts for different sql-server oriented services
Component Windows Server 2008
Windows 7 and Windows
Server 2008 R2 and higher
Recommended
accounts
Database Engine NETWORK SERVICE Virtual Account SQL_Engine
SQL Server Agent NETWORK SERVICE Virtual Account SQL_Agent
SSAS NETWORK SERVICE Virtual Account SQL_srvAS
SSIS NETWORK SERVICE Virtual Account SQL_srvIS
SSRS NETWORK SERVICE Virtual Account SQL_srvRS
SQL Server Distributed Replay Controller NETWORK SERVICE Virtual Account SQL_DRContro
SQL Server Distributed Replay Client NETWORK SERVICE Virtual Account SQL_DRReplay
FD Launcher (Full-text Search) LOCAL SERVICE Virtual Account
SQL Server Browser LOCAL SERVICE LOCAL SERVICE
SQL Server VSS Writer LOCAL SYSTEM LOCAL SYSTEM
SECURITY
BEST
PRACTICES
18. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
sysadmin membership
• Member of sysadmin fixed-server role can do whatever they want on SQL Server
• by default sysadmin fixed-server role has CONTROL SERVER permission granted explicity
• do not explicitly grant CONTROL SERVER for Windows logins, Windows Group logins and SQL logins
SECURITY
BEST
PRACTICES
Best Practice:
carefully choose the membership of sysadmin fixed-server
19. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
general administration
• everything (almost always) works under sa account especially with CONTROL SERVER permission
• institute dedicated Windows logins for DBAs, and assign these logins sysadmin rights on SQL Server for
administration purposes.
SECURITY
BEST
PRACTICES
Best Practice:
use built-in fixed server roles and database roles or create your custom roles, then apply for specific logins
20. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
revoke guest access
• by default guest accounts exist in every user and system databases
• is a potential security risk in lock down environment
• those accounts could be targets for attackers
• asssign public server role membership if you will need explicit access to user databases
SECURITY
BEST
PRACTICES
Best Practice:
disable all gueast user access from all user and system databases (excluding msdb database)
21. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
limit public permission
• SQL Server has many Stored Procedures and many of them have public access permission:
• OLE AUTOMATION: sp_OACreate, sp_OAGetProperty, sp_OAStop, sp_OAMethod, sp_OAGerErrorInfo,
sp_OADestroy, sp_OASetProperty
• REGISTRY ACCESS: xp_regremovemultistring, xp_regaddmultistring, xp_regread, xp_regdeletekey,
xp_regdeletevalue, xp_regwrite
• OTHER ROUTINES: sp_sdidebug, xp_logevent, sp_sprintf, xp_dsninfo, xp_msver, sp_sscanf, xp_stopmail,
xp_grantlogin, xp_eventlog, xp_dirtree
SECURITY
BEST
PRACTICES
Best Practice:
revoke public role access for some extended procedures and check other store procedures
22. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
hardening sql server ports
• default sql server port 1433/1434 is well known as standard target for hackers
• by using SQL Server Configuration Manager you:
• can change default port
• can use specific TCP port intead of dynamic
• remeber about similar TCP/UDP ports (1433, 1434)
SECURITY
BEST
PRACTICES
Best Practice:
change default SQL Server port if it’s possible
23. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
disable sql server browser
• by default SQL Server Browser is disabled
• tt’s necessary to run when multiple instances are running on a single server
• any Windows user having the following rights would be capable to run the SQL Server Browser service:
• deny access to this computer from the network / deny logon locally / deny logon as a batch job
• Deny logon through Terminal Services / log on as a service / read and write the SQL Server registry keys
related to network communication (ports and pipes)
SECURITY
BEST
PRACTICES
Best Practice:
change default SQL Server port if it’s possible
24. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
secure service accounts
• different service accounts for different services
• dedicated low-privileges domain accounts
• check membership on a regular basis
• use strong and different passwords for each account
SECURITY
BEST
PRACTICES
Best Practice:
create good plan and make note about service accounts and passwords
27. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
transparent data encryption
• first introduced with SQL Server 2008 (!)
• protecting data by performing I/O encryption and decryption for database and log files
• passphrase (less secure),
• asymmetric key (strong protection, poor performance),
• symmetric key (good performance, strong enough protection),
• certificate (strong protection, good performance)
• New functionality for backup:
• takes non-encrypted backup data
• encrypt data before writing to disk
• compression is performed on the backup data first
• then encryption is applied to compressed data
• support for backup to Azure
SQL14 SECURITY
ENHACEMENTS
28. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
encryption key management
• Encryption options include:
• encryption algorithm
• certificate or asymmetric key
• only asymmetric key reside in EKM (Enterprise Key Management) is supported
• multiple algorithm up to AES-256 are supported
• manageable by PowerShell, SMO, SSMS, T-SQL
• VERY IMPORTANT:
• asymmetric key or certificate MUST be backed up
• location MUST be different than backup location
• No RESTORE without asymmetric key or certificate
SQL14 SECURITY
ENHACEMENTS
29. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
connect any database
new server-level permission
grant CONNECT ANY DATABASE to a login
that must connect to all databases currently exist and any new in future
does not grant any permission in any database beyond connect
to allow an auditing process to view all data or all database states CONNECT ANY DATABASE
may be combined with:
SELECT ALL USER SECURABLES
VIEW SERVER STATE
SQL14 SECURITY
ENHACEMENTS
30. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
impersonate any login
new server-level permission
when granted IMPERSONATE ANY LOGIN
allows a middle-tier process to impersonate the account of clients connecting to it
when denied IMPERSONATE ANY LOGIN
a high privileged login can be blocked from impersonating other logins
example:
CONTROL SERVER permission can be blocked
from impersonating other logins
SQL14 SECURITY
ENHACEMENTS
31. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
select all user securables
new server-level permission
when granted SELECT ALL USER SECURABLES a login (for example for auditing purposes)
can view data in all databases that the user can connect to
SQL14 SECURITY
ENHACEMENTS
32. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server Express Security
• by default:
• instance name: SQLExpress
• networking protocol: disabled
• sql server browser: disabled
• user (local) instances:
• separated instance generated from parent instance
• sysadmin privileges on SQL Express on local machine
• runs as user process not as service process
• only windows logins are supported
• RANU instance (run as normal user)
35. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
row-level security
• Restricting access to financial data based on an employee's region and role
• Ensuring that tenants of a multi-tenant application can only access their own rows of data
• Enabling different analysts to report on different subsets of data based on their position
SQL16 SECURITY
ENHACEMENTS
36. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
row-level security
• A hospital can create a security policy that allows nurses to view data rows for their own patients only.
• A bank can create a policy to restrict access to rows of financial data based on the employee's business division, or
based on the employee's role within the company.
• A multi-tenant application can create a policy to enforce a logical separation of each tenant's data rows from every
other tenant's rows. Efficiencies are achieved by the storage of data for many tenants in a single table. Of course,
each tenant can see only its data rows.
SQL16 SECURITY
ENHACEMENTS
37. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
dynamic data masking
• Default {Full masking according to the data types of the designated fields}
• Use XXXX or fewer Xs if the size of the field is less than 4 characters for string data types (nchar, ntext, nvarchar).
• Use a zero value for numeric data types (bigint, bit, decimal, int, money, numeric, smallint, smallmoney, tinyint, float,
real).
• Use 01-01-1900 for date/time data types (date, datetime2, datetime, datetimeoffset, smalldatetime, time).
• For SQL variant, the default value of the current type is used.
• For XML the document is used.
• Use an empty value for special data types (timestamp table, hierarchyid, GUID, binary, image, varbinary spatial types).
SQL16 SECURITY
ENHACEMENTS
38. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
dynamic data masking
• Credit card {Masking method which exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of a
credit card}. example: XXXX-XXXX-XXXX-1234
• Social security number {Masking method which exposes the last four digits of the designated fields and adds a constant string as a prefix in the
form of an American social security number.} example: XXX-XX-1234
• Email {Masking method which exposes the first letter and replaces the domain with XXX.com using a constant string prefix in the form of an
email address}. example: aXX@XXXX.com
• Random number {Masking method which generates a random number according to the selected boundaries and actual data types. If the
designated boundaries are equal, then the masking function will be a constant number}.
• Custom text {Masking method which exposes the first and last characters and adds a custom padding string in the middle. If the original string
is shorter than the exposed prefix and suffix, only the padding string will be used. example: prefix[padding]suffix
SQL16 SECURITY
ENHACEMENTS
39. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
always encrypted
• The new version of SQL Server include an additional layer of security that keeps:
valuable personal data such as:
• Social Security numbers
• private healthcare data
• credit card information
protected even when the data is being used
SQL16 SECURITY
ENHACEMENTS
42. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Cloud Security
Microsoft Cloud Security Approach in a Nutshell
• Principles, patterns, and practices
• Security engineering
• Threats and countermeasures
• Secure the network, host, and application
• Application scenarios and solutions
• Security frame
• People, process, and technology
• Application, infrastructure, and business http://bit.ly/1zmeYi2
45. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security Requirements for Azure Platform
ISO/IEC 27001:2005 Audit and Certification
ISO Scope: The following Azure features are in scope for the current ISO audit: Cloud Services (including Fabric and
RDFE), Storage (Tables, Blobs, Queues), Virtual Machines (including with SQL Server), Virtual Network, Traffic
Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Workflow, Multi-Factor
Authentication, Active Directory, Right Management Service, SQL Database, and HDInsight. This includes the
Information Security Management System (ISMS) for Azure, encompassing infrastructure, development, operations,
and support for these features. Also included are Power BI for Office 365 and Power Query Service.
SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations
Scope: The following Azure features are in scope for the current SOC 1 Type 2 and SOC 2 Type 2 attestations: Cloud
Services (includes stateless Web, and Worker roles), Storage (Tables, Blobs, Queues), Virtual Machines (includes
persistent virtual machines for use with supported operating systems) and Virtual Network (includes Traffic Manager).
46. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security Requirements for Azure Platform
And of course requirements for Data Centers:
• Physical security of the data centers (locks, cameras, biometric devices, card readers, alarms)
• Firewalls, application gateways and IDS to protect the network
• Access Control Lists (ACLs) applied to virtual local area networks (VLANs) and applications
• Authentication and authorization of persons or processes that request access to data
• Hardening of the servers and operating system instances
• Redundant internal and external DNS infrastructure with restricted write access
• Securing of virtual machine objects
• Securing of static and dynamic storage containers
49. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server Security in the Cloud
• Same security principals like SQL Server on premise
• Full responsibility for DBA with Virtual Machine
• Partial responsibility for DBA with Azure SQL Database
• Automatic updates for Azure SQL Database
• New functionality implemented by Microsoft
• Some incompabilities with t-sql, functions, store procedures
• Increased security by default on Azure platform
50. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server in Cloud: WASD vs VM
Choose Azure SQL Database, if:
• You are building brand new, cloud-based applications; or you want to migrate your existing SQL Server database to Azure and
your database is not using one of the unsupported functionalities in Azure SQL Database. For more information, see Azure
SQL Database Transact-SQL Reference. This approach provides the benefits of a fully managed cloud service and ensures the
fast time-to-market.
• You want to have Microsoft perform common management operations on your databases and require stronger availability
SLAs for databases. This approach can minimize the administration costs and at the same time provides a guaranteed
availability for the database.
Choose SQL Server in Azure VM, if:
• You have existing on-premises applications and wish to stop maintaining your own hardware or you consider hybrid solutions.
This approach lets you get access to high database capacity faster and also connects your on-premises applications to the
cloud via a secure tunnel.
• You have existing IT resources, need full administrative rights over SQL Server, and require the full compatibility with on-
premises SQL Server (for example, some features do not exist in Azure SQL Database). This approach lets you minimize costs
for development or modifications of existing applications with the flexibility to run most applications. In addition, it provides
full control on the VM, operating system, and database configuration.
51. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Three Pillars of a Secure Hybrid Cloud Environment
• Pillar One: risk assessment and management
• A definition of the risks that apply to various asset(s), based on their business criticality.
• An assessment of the current status of each risk before it’s moved to the cloud. Using this information, each risk can be accepted,
mitigated, transferred or avoided.
• An assessment of the risk profile of each asset, assuming it has been moved to the cloud.
• Pillar Two: policy and compliance
• Cloud providers need to understand that simply listing compliance certifications isn’t sufficient. In line with the mantra of transparency
explored in the previous point, providers should take a proactive stance to sharing their security implementations and controls.
Dimension Data often assists clients by providing them with a list of questions
that we believe they should be posing to cloud providers as part of the
evaluation process, to ensure they’re covering all the bases.’
52. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Three Pillars of a Secure Hybrid Cloud Environment
Pillar Three: provider transparency
• Governance: the ability of an organisation to govern and measure enterprise risk introduced by cloud.
• Legal issues: regulations, and requirements to protect the privacy of data, and the security of information and computer systems.
• Compliance and audit: maintaining and proving compliance when using the cloud.
• Information management and data security: managing cloud data, and responsibility for data confidentiality, integrity and availability.
• Portability and interoperability: the ability to move data or services from one provider to another, or bring them back in-house.
• Business continuity and disaster recovery: operational processes and procedures for business continuity and disaster recovery.
53. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Three Pillars of a Secure Hybrid Cloud Environment
Pillar Three: provider transparency
• Data centre: evaluating any elements of a provider’s data centre architecture and operations that could be detrimental to ongoing services.
• Incident response, notification and remediation: adequate incydent detection, response, notification, and remediation.
• Application security: securing application software running on or developed in the cloud.
• Encryption and key management: identifying proper encryption usage and scalable key management.
• Identity and access management: assessing an organisation’s readiness to conduct cloud-based identity, entitlement, and access management.
• Virtualisation: risks associated with multi-tenancy, virtual machine isolation and co- residence, hypervisor vulnerabilities, etc.
54. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Recommendations (SharePoint Example)
• Create a new role for an Information Manager who owns information governance across environments
• Train and educate all stakeholders about risk and liability
• Assess the appropriateness of using SharePoint versus other document management tools
• Define information governance policies for access, retention, archival, and backup
• Automate risk controls
• Audit user and data activities
• Resources:
• Microsoft TechNet
• Microsoft MSDN
• Legal Sources for Compliance Requirements
55. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links
• ISECOM (the Institute for Security and Open Methodologies)
• http://www.isecom.org/about-us.html
• OSSTMM (Open Source Security Testing Methodology Manual)
• http://www.isecom.org/research/osstmm.html
• Library of Resources for Industrial Control System Cyber Security
• https://scadahacker.com/library/index.html
• patterns & practices: Cloud Security Approach in a Nutshell
• https://technet.microsoft.com/en-us/ff742848.aspx
• Microsoft Azure Trust Center: Security
• http://azure.microsoft.com/en-us/support/trust-center/security/
• 10 Things to know about Azure Security
• https://technet.microsoft.com/en-us/cloud/gg663906.aspx
• Security Best Practice and Label Security Whitepapers
• http://blogs.msdn.com/b/sqlsecurity/archive/2012/03/07/security-best-practice-and-label-security-
whitepapers.aspx
56. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links
• Hello Secure World
• http://www.microsoft.com/click/hellosecureworld/default.mspx
• SQL Server Label Security Toolkit
• http://sqlserverlst.codeplex.com/
SQL Server Best Practices Analyzer
• Microsoft Baseline Configuration Analyzer 2.0
• http://www.microsoft.com/en-us/download/details.aspx?id=16475
• SQL Server 2005 Best Practices Analyzer (August 2008)
• http://www.microsoft.com/en-us/download/details.aspx?id=23864
• Microsoft® SQL Server® 2008 R2 Best Practices Analyzer
• http://www.microsoft.com/en-us/download/details.aspx?id=15289
• Microsoft® SQL Server® 2012 Best Practices Analyzer
• http://www.microsoft.com/en-us/download/details.aspx?id=29302
57. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links• Microsoft Security Assessment Tool
• http://www.microsoft.com/downloads/details.aspx?FamilyID=6D79DF9C-C6D1-4E8F-8000-
0BE72B430212&displaylang=en
• Microsoft Application Verifier
• http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-
2619bd93b3a2&DisplayLang=en
• Microsoft Threat Analysis & Modelling Tool
• http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-
944703479451&DisplayLang=en
• How To: Protect From SQL Injection in ASP.NET
• http://msdn2.microsoft.com/en-us/library/ms998271.aspx
• Securing Your Database Server
• http://msdn.microsoft.com/en-us/library/aa302434.aspx
58. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links
• Threats and Countermeasures
• http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch00.mspx
• Configure Windows Service Accounts and Permissions
• https://msdn.microsoft.com/en-us/library/ms143504.aspx#Network_Service
• Select an Account for the SQL Server Agent Service
• https://msdn.microsoft.com/en-us/library/ms191543.aspx
• Server Configuration - Service Accounts
• https://msdn.microsoft.com/en-us/library/cc281953.aspx
59. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources: security
• Azure Security: Technical Insights
• Security Best Practices for Developing Azure Solutions
• Protecting Data in Azure
• Azure Network Security
• Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Microsoft Enterprise Cloud Red Teaming
• Microsoft Azure Security and Audit Log Management
• Security Management in Microsoft Azure
• Crypto Services and Data Security in Azure
60. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources: security & privacy
• Business Continuity for Azure
• Understanding Security Account Management in Azure
• Azure Data Security: Cleansing and Leakage
• Scenarios and Solutions Using Azure Active Directory Access Control
• Securing and Authenticating a Service Bus Connection
• Azure Privacy Overview (PDF)
• Azure Privacy Statement
• Law Enforcement Request Report
• Protecting Data and Privacy in the Cloud
61. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources: compliance & more
• Response to Cloud Security Alliance Cloud Controls Matrix (DOC)
• Azure HIPAA Implementation Guidance (PDF)
• Azure Customer PCI Guide (PDF)
• The Microsoft Approach to Cloud Transparency (PDF)
• Microsoft Trustworthy Computing
• Operational Security for Online Services Overview (PDF)
• Data Classification for Cloud Readiness
• CISO Perspectives on Data Classification (PDF)
• An Introduction to Designing Reliable Cloud Services (PDF)
• Deploying Highly Available and Secure Cloud Solutions (PDF)
62. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources
RESOURCE DESCRIPTION
MSDN: Azure SQL Database
MSDN: SQL Server in Azure Virtual Machines
Azure.com: Azure SQL Database
Links to the library documentation.
Azure SQL Database and SQL Server --
Performance and Scalability Compared and
Contrasted
This article explains performance differences and troubleshooting techniques when using Azure SQL
Database and SQL Server running on-premises or in a VM.
Application Patterns and Development
Strategies for SQL Server in Azure Virtual
Machines
This article discusses the most common application patterns that apply to SQL Server in Azure VMs
and also hybrid scenarios including Azure SQL Database.
Microsoft Enterprise Library Transient Fault
Handling Application Block
This library lets developers make their applications running on Azure SQL Database more resilient by
adding robust transient fault handling logic. Transient faults are errors that occur because of some
temporary condition such as network connectivity issues or service unavailability. Since Azure SQL
Database is a multitenant service, it is important to handle such errors to minimize any application
downtime.
63. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
credits
• Yes, 123456 is the most common password, but here’s why that’s misleading
http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats-
misleading/
• CIO’s are Listening, Security is Important…
https://communities.intel.com/community/itpeernetwork/blog/2014/05/20/cio-s-are-listening-security-is-
important
64. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
after session
CONTACT:
• MAIL: KoprowskiT@windowslive.com
• SOCIAL MEDIA: facebook, twitter, linkedin, xing, yammer, slack, github
SLIDES FROM SESSION:
• SlideShare Profile: http://www.slideshare.net/Anorak
• Difinity Conference Site
BLOGS:
• ITPRO Anorak’s Vision: http://itblogs.pl/notbeautifulanymore/
• My MVP Blog: http://koprowskit.eu/geek/