SQL Server 2016 provides several new security features for developers and architects. Features such as Dynamic Data Masking (DDM), "Always Encrypted", and Row-Level Security provide an additional level of security natively through the database server. We'll explore the implementation of these features on the client/server for data in transmission or at rest. In addition, we'll examine built-in features and custom implementations.
The license associated with the Belarc Advisor product allowsMikeEly930
The license associated with the Belarc Advisor product allows for free personal use only. Use on computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.
About Belarc Commercial and Government Products
Back to Profile Summary
Click any benchmark setting at right for documentation.
Why are security benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here.
What is the USGCB Benchmark? The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8. Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus. Click here for details.
What are FDCC Benchmarks? The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP. The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST. The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0. Click here for details.
What is the Security Benchmark Score? The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.
How can you reduce your security vulnerability? The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer. Windows home editions don't include that editor, but most security settings can also be made with registry entries instead. Warning: Applying these security settings may cause some applications to stop working correctly. Back up your system prior to applying these security te ...
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
The license associated with the Belarc Advisor product allowsMikeEly930
The license associated with the Belarc Advisor product allows for free personal use only. Use on computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.
About Belarc Commercial and Government Products
Back to Profile Summary
Click any benchmark setting at right for documentation.
Why are security benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here.
What is the USGCB Benchmark? The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8. Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus. Click here for details.
What are FDCC Benchmarks? The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP. The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST. The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0. Click here for details.
What is the Security Benchmark Score? The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.
How can you reduce your security vulnerability? The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer. Windows home editions don't include that editor, but most security settings can also be made with registry entries instead. Warning: Applying these security settings may cause some applications to stop working correctly. Back up your system prior to applying these security te ...
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
Is your data secured? Are you a victim of SQL Injection? You'll discover some commonly overlooked practices in securing your SQL Server databases. Learn about physical security, passwords, privileges and roles, and preventative best practices. I'll demonstrate auditing and we will take a quick look at some .Net code samples to use on your applications. Get up to speed on the new security features in "Denali", the next version of SQL Server. Takeaway the 20/20 vision to identify SQL Injection and other database vulnerabilities and how to prevent them.
Application Security Testing for Software Engineers ,Developers and testersGustavo Nieves Arreaza
Gustavo Nieves Arreaza
1. Application Security Testing for Software Engineers ,Developers and testers.
2. Who Am I? • Software Engineer based in Chile • OWASP Viña del mar Chapter Leader • Recurrent Speaker on Application Security conferences • Head of Software Development
https://www.appsec.cl
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...Michael Noel
One of the biggest advantage of using SharePoint as a Document Management and collaboration environment is that a robust security and permissions structure is built-in to the application itself. Authenticating and authorizing users is a fairly straightforward task, and administration of security permissions is simplified. Too often, however, security for SharePoint stops there, and organizations don’t pay enough attention to all of the other considerations that are part of a SharePoint Security stack, and more often than not don’t properly build them into a deployment. This includes such diverse categories including Edge, Transport, Infrastructure, Data, and Rights Management Security, all areas that are often neglected but are nonetheless extremely important. This session discusses the entire stack of Security within SharePoint, from best practices around managing permissions and ACLs to comply with Role Based Access Control, to techniques to secure inbound access to externally-facing SharePoint sites. The session is designed to be comprehensive, and includes all major security topics in SharePoint and a discussion of various real-world designs that are built to be secure. • Understand how to use native technologies to secure all layers of a SharePoint environment, including Data, Transport, Infrastructure, Edge, and Rights Management. • Examine tools and technologies that can help secure SharePoint, including AD Rights Management Services, Forefront Unified Access Gateway, SQL Transparent Data Encryption, and more. • Understand a Role-Based Access Control (RBAC) permissions model and how it can be used to gain better control over authorization and access control to SharePoint files and data
Get up to speed on the new security features in "Denali", the next version of SQL Server. Disclose the new permissions, roles and encryption added to Denali. You'll discover some commonly overlooked practices in securing your SQL Server databases. Learn about physical security, passwords, privileges and roles, and preventative best practices. I'll demonstrate auditing and .Net code samples to use on your applications to prevent vulnerabilities.
A walkthrough on implementing Always Encrypted Encryption on sensitive information to reduce your attack surface area and develop an active data security posture.
Security Architecture Consulting - Hiren ShahNSConclave
In modern age it has become crucial to perform secure architecture review along with regular pentest practice. Application architecture review can be defined as reviewing the current security controls in the application architecture. This helps a user to identify potential security flaws at an early stage and mitigate them before starting the development stage.
[CQURE] Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Designing a secure architecture can always be more expensive, time-consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Learn what mistakes we eliminated when working with our customers.
Organizational compliance and security SQL 2012-2019 by George WaltersGeorge Walters
The compliance and security aspects of SQL Server, and the greater platform, are covered here. This goes through CTP 2.3 of SQL 2019. I start with the history of security in SQL Server, from the changes with SQL 2005, then into SQL 2008, 2008r2, 2012, 2014, 2016, 2017. We cover the requirement for installation, auditing, encryption, compliance, and so forth.
Cloud computing is rapidly emerging due to the provisioning of elastic, flexible, and on demand storage and computing services for customers. The data is usually encrypted before storing to the cloud. The access control, key management, encryption, and decryption processes are handled by the customers to ensure data security. A single key shared between all group members will result in the access of past data to a newly joining member. The aforesaid situation violates the confidentiality and the principle of least privilege.
Black Hat USA Arsenal 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
Video: https://youtu.be/LsYSePobFWA
Conference: Black Hat USA Arsenal 2023
Presentation Title: Abusing Microsoft SQL Server with SQLRecon
Presenter: Sanjiv Kawa
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Is your data secured? Are you a victim of SQL Injection? You'll discover some commonly overlooked practices in securing your SQL Server databases. Learn about physical security, passwords, privileges and roles, and preventative best practices. I'll demonstrate auditing and we will take a quick look at some .Net code samples to use on your applications. Get up to speed on the new security features in "Denali", the next version of SQL Server. Takeaway the 20/20 vision to identify SQL Injection and other database vulnerabilities and how to prevent them.
Application Security Testing for Software Engineers ,Developers and testersGustavo Nieves Arreaza
Gustavo Nieves Arreaza
1. Application Security Testing for Software Engineers ,Developers and testers.
2. Who Am I? • Software Engineer based in Chile • OWASP Viña del mar Chapter Leader • Recurrent Speaker on Application Security conferences • Head of Software Development
https://www.appsec.cl
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...Michael Noel
One of the biggest advantage of using SharePoint as a Document Management and collaboration environment is that a robust security and permissions structure is built-in to the application itself. Authenticating and authorizing users is a fairly straightforward task, and administration of security permissions is simplified. Too often, however, security for SharePoint stops there, and organizations don’t pay enough attention to all of the other considerations that are part of a SharePoint Security stack, and more often than not don’t properly build them into a deployment. This includes such diverse categories including Edge, Transport, Infrastructure, Data, and Rights Management Security, all areas that are often neglected but are nonetheless extremely important. This session discusses the entire stack of Security within SharePoint, from best practices around managing permissions and ACLs to comply with Role Based Access Control, to techniques to secure inbound access to externally-facing SharePoint sites. The session is designed to be comprehensive, and includes all major security topics in SharePoint and a discussion of various real-world designs that are built to be secure. • Understand how to use native technologies to secure all layers of a SharePoint environment, including Data, Transport, Infrastructure, Edge, and Rights Management. • Examine tools and technologies that can help secure SharePoint, including AD Rights Management Services, Forefront Unified Access Gateway, SQL Transparent Data Encryption, and more. • Understand a Role-Based Access Control (RBAC) permissions model and how it can be used to gain better control over authorization and access control to SharePoint files and data
Get up to speed on the new security features in "Denali", the next version of SQL Server. Disclose the new permissions, roles and encryption added to Denali. You'll discover some commonly overlooked practices in securing your SQL Server databases. Learn about physical security, passwords, privileges and roles, and preventative best practices. I'll demonstrate auditing and .Net code samples to use on your applications to prevent vulnerabilities.
A walkthrough on implementing Always Encrypted Encryption on sensitive information to reduce your attack surface area and develop an active data security posture.
Security Architecture Consulting - Hiren ShahNSConclave
In modern age it has become crucial to perform secure architecture review along with regular pentest practice. Application architecture review can be defined as reviewing the current security controls in the application architecture. This helps a user to identify potential security flaws at an early stage and mitigate them before starting the development stage.
[CQURE] Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Designing a secure architecture can always be more expensive, time-consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Learn what mistakes we eliminated when working with our customers.
Organizational compliance and security SQL 2012-2019 by George WaltersGeorge Walters
The compliance and security aspects of SQL Server, and the greater platform, are covered here. This goes through CTP 2.3 of SQL 2019. I start with the history of security in SQL Server, from the changes with SQL 2005, then into SQL 2008, 2008r2, 2012, 2014, 2016, 2017. We cover the requirement for installation, auditing, encryption, compliance, and so forth.
Cloud computing is rapidly emerging due to the provisioning of elastic, flexible, and on demand storage and computing services for customers. The data is usually encrypted before storing to the cloud. The access control, key management, encryption, and decryption processes are handled by the customers to ensure data security. A single key shared between all group members will result in the access of past data to a newly joining member. The aforesaid situation violates the confidentiality and the principle of least privilege.
Black Hat USA Arsenal 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
Video: https://youtu.be/LsYSePobFWA
Conference: Black Hat USA Arsenal 2023
Presentation Title: Abusing Microsoft SQL Server with SQLRecon
Presenter: Sanjiv Kawa
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
2. Cleveland C#/VB.Net User Group
Meets every month
Free of charge , open to the public
Meeting info: https://www.meetup.com
Meeting Space courtesy of
Pizza and drinks courtesy of
4. Introduction
Sam Nasr (@SamNasr)
Software Developer (since 1995)
Sr. Software Engineer (NIS Technologies)
Certifications: MCSA, MCAD, MCT, MCTS
President - Cleveland C#/VB.Net User Group
President - .Net Study Group
INETA Community Champ (2010, 2013)
Author for Visual Studio Magazine
Microsoft Most Valuable Professional (since 2013)
6. DDM (Dynamic Data Masking)
Hide specific portions of a column
Users can be granted UNMASK rights
Can be added to existing tables or during CREATE
Does not work with encrypted values
Implemented as schema change on the underlying
table
7. DDM Functions
Default: full masking per data type
String: XXXX
Numeric/Binary: 0000
Date/time: 01.01.1900 00:00:00.0000000
Email: aXXX@XXXX.com
Random: mask numeric values using a random
value.
Partial:
9. Always Encrypted
A client-side encryption technology
Auto encrypt when data is written/read by app
Requires client app to use an Always Encrypted–
enabled driver
Client requires access to the encryption key.
Other apps can query data but cannot use it without
encryption key
SQL Server instance never sees the unencrypted
version of the data.
11. Column Master Key
Stored in a Windows certificate store
3rd
Party Hardware Security Module (HSM)
Requires Enterprise Edition
Azure Key Vault
Created via SSMS or T-SQL
12. Column Master Key - Setup
Create on Trusted Machines, but not on Server
RT-Click CMK Folder -> New Column
Export CMK to all clients
Web Server for web apps
17. Gotchas
Random DDM may display actual value if random
value matches actual value.
Use SSMS v17.4 for Row Level Security
Parameterization
Always Encrypted: Other apps can query data but
cannot use it without encryption key
DDM is subject to bypassing using inference or brute-
force techniques
19. References
Editions and supported features of SQL Server 2016
https://docs.microsoft.com/en-us/sql/sql-server/editions-and-components-of-sql-serv
Configure Always Encrypted using SQL Server
Management Studio
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/config
Always Encrypted (client development)
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always
DDM does not work with encrypted values (encrypted in app or Always Encrypted).
DDM can be configured on the database to hide sensitive data in the result sets of queries over designated database fields, while the data in the database is not changed.
Dynamic data masking is easy to use with existing applications, since masking rules are applied in the query results. Many applications can mask sensitive data without modifying existing queries
Using Always Encrypted with the .NET Framework Data Provider for SQL Server
Using Always Encrypted with the JDBC Driver
Using Always Encrypted with the Windows ODBC Driver
RT-Click in Query Window (not menu) ->Options
Execution -> Advanced
Introducing SQL Server 2016 (Free e-book)
https://blogs.msdn.microsoft.com/microsoft_press/2016/02/02/free-ebook-introducing-microsoft-sql-server-2016-mission-critical-applications-deeper-insights-hyperscale-cloud-preview-2/
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking