The document provides an overview of SQL Server security best practices. It recommends turning off unnecessary services, using Windows authentication over mixed mode if possible, securing the 'sa' account with a strong password, enabling auditing of failed logins, disabling unnecessary features like xp_cmdshell, and using schemas and stored procedures to implement the principle of least privilege for user access. It also discusses topics like encrypting data at the column level using keys and certificates. The goal is to harden SQL Server security without making it inaccessible to legitimate users and applications.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
2AM. We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
On my first session I would to introduce everyone to formerly known SQL Azure (actually Windows Azure SQL Database). Under Tips and Trick session I will show which points, features, compatibility and non-compatibility for SQL Azure are important for DBA's. I will cover functionalities, performance, cost, and sla and security aspects.
After break I will show how we can work with our data in the Cloud using SQL Azure, Blob Storage, what functionality of backup, restore, encryption and availability are available for us, how we can implement hybrid environment and when an why it is (or not) good practice.
And finally I hope we will find few minutes for discussion about Future of the DBA (not only in AD 2016)
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
2AM. We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
On my first session I would to introduce everyone to formerly known SQL Azure (actually Windows Azure SQL Database). Under Tips and Trick session I will show which points, features, compatibility and non-compatibility for SQL Azure are important for DBA's. I will cover functionalities, performance, cost, and sla and security aspects.
After break I will show how we can work with our data in the Cloud using SQL Azure, Blob Storage, what functionality of backup, restore, encryption and availability are available for us, how we can implement hybrid environment and when an why it is (or not) good practice.
And finally I hope we will find few minutes for discussion about Future of the DBA (not only in AD 2016)
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 13 2015 at Hochschule Bonn-Rhein-Sieg, Grantham-Allee 20, St. Augustin, Rheinland, 53757, Germany. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
###
Maintenance Plans for Beginners (but not only) | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
You have lots of data you have painstakingly collected over the years. How do you ensure that data is protected from hackers, spies and other ne’er-do-wells? Understanding the vast array of security features available in SQL Server is the first step in helping you determine what actions you need to take now to protect your data.
Fonts used: SkyFall Done
Calibri
• We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: And what NOW? New version old my old well-known session updated for whole changes which happened in DBA World in last two-three years.
• So, from the ground to the Sky and further - everything for surviving disaster. Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users.
• In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
BizTalk Server 2013 in Windows Azure IaaSBizTalk360
Biztalk Server 2013 windows azure in this session will take a look at Windows Azure IaaS and how best to leverage it with BizTalk Server 2013. This session will start with a quick IaaS primer so someone new to Azure IaaS will not miss out. Next we will take a look at how best to use BizTalk Server 2013 in Azure IaaS and the new scenarios that are now available. We will see how simple it can be to script via PowerShell the creation of a fully configured standalone BizTalk Server or even an entire isolated BizTalk Domain. Last we will take a look at some of the basics for administration and supporting your Virtual Machines running in IaaS.
Brought to you by BizTalk360
KACE Endpoint Systems Management Appliances - What’s New for 2017Quest
Quest endpoint systems management experts Sean Musil and Bruce Johnson will show you how securing your network can be made faster, safer and easier with the newest capabilities added to KACE Endpoint Systems Management Appliances. Watch the webcast here: http://bit.ly/2gIOc50.
With Microsoft Cloud Solutions Azure, Enterprises now has four options to host SQL Server in environment
SQL Server on Physical Machines
SQL Server on VMs in DataCenters
SQL Server on Azure VMs (IaaS)
SQL Server on Azure SQL Database (PaaS)
The Slide can be used as a decision matrix for where to host my SQL Server instance
In Microsoft CSS, Setting up and Configuring Kerberos for MSBI is one of the top call volume generators which makes us realize there is definitely some gap in Understanding on how to setup and configure Kerberos for MSBI stack in a multi-server farm environment. In the session, we intend to explain and more importantly simplify the steps to setup Kerberos for SQL Server, SSAS, SSRS & Sharepoint along with the Demo of the issues which can occur based on real live experiences with troubleshooting and configuring for Customers.
If SQL Server is heart of our environment, his health should be very important, right? If SQL Server is important, his availability for our businesses (internal and external) is important to. For our customers doesn't matter where data are stored, how are stored and what we do with those data. Especially for our managers. The data must be available on demand, on time, at he moment of request. High Availability is our responsibility. How we can prepare our environment for HA? How HA is connected for with SLA? And why Service Level Agreement are important for us? In this session I want to discuss about HA options for SQL Server (2008, 2012), about our different customers, and about Service Level Agreement (formal or not).
WebLogic Scripting Tool allows easy management of many Weblogic Server based products. Oracle has strategically implemented WLST in many products to make provisioning and configuring of environments easy and reproducible. This among other things enables tools like Chef and Puppet to do their magic. WLST is based on Jython. Jython is an implementation of Python running on the Java VM. Both Python and the Java VM provide many options for extending WLST functionality beyond what is commonly done. This will be elaborated and demonstrated with several advanced use cases and their implementations. This technical presentation will provide you with the knowledge to get most out of your investment in Oracle products!
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 13 2015 at Hochschule Bonn-Rhein-Sieg, Grantham-Allee 20, St. Augustin, Rheinland, 53757, Germany. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
###
Maintenance Plans for Beginners (but not only) | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
You have lots of data you have painstakingly collected over the years. How do you ensure that data is protected from hackers, spies and other ne’er-do-wells? Understanding the vast array of security features available in SQL Server is the first step in helping you determine what actions you need to take now to protect your data.
Fonts used: SkyFall Done
Calibri
• We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: And what NOW? New version old my old well-known session updated for whole changes which happened in DBA World in last two-three years.
• So, from the ground to the Sky and further - everything for surviving disaster. Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users.
• In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
BizTalk Server 2013 in Windows Azure IaaSBizTalk360
Biztalk Server 2013 windows azure in this session will take a look at Windows Azure IaaS and how best to leverage it with BizTalk Server 2013. This session will start with a quick IaaS primer so someone new to Azure IaaS will not miss out. Next we will take a look at how best to use BizTalk Server 2013 in Azure IaaS and the new scenarios that are now available. We will see how simple it can be to script via PowerShell the creation of a fully configured standalone BizTalk Server or even an entire isolated BizTalk Domain. Last we will take a look at some of the basics for administration and supporting your Virtual Machines running in IaaS.
Brought to you by BizTalk360
KACE Endpoint Systems Management Appliances - What’s New for 2017Quest
Quest endpoint systems management experts Sean Musil and Bruce Johnson will show you how securing your network can be made faster, safer and easier with the newest capabilities added to KACE Endpoint Systems Management Appliances. Watch the webcast here: http://bit.ly/2gIOc50.
With Microsoft Cloud Solutions Azure, Enterprises now has four options to host SQL Server in environment
SQL Server on Physical Machines
SQL Server on VMs in DataCenters
SQL Server on Azure VMs (IaaS)
SQL Server on Azure SQL Database (PaaS)
The Slide can be used as a decision matrix for where to host my SQL Server instance
In Microsoft CSS, Setting up and Configuring Kerberos for MSBI is one of the top call volume generators which makes us realize there is definitely some gap in Understanding on how to setup and configure Kerberos for MSBI stack in a multi-server farm environment. In the session, we intend to explain and more importantly simplify the steps to setup Kerberos for SQL Server, SSAS, SSRS & Sharepoint along with the Demo of the issues which can occur based on real live experiences with troubleshooting and configuring for Customers.
If SQL Server is heart of our environment, his health should be very important, right? If SQL Server is important, his availability for our businesses (internal and external) is important to. For our customers doesn't matter where data are stored, how are stored and what we do with those data. Especially for our managers. The data must be available on demand, on time, at he moment of request. High Availability is our responsibility. How we can prepare our environment for HA? How HA is connected for with SLA? And why Service Level Agreement are important for us? In this session I want to discuss about HA options for SQL Server (2008, 2012), about our different customers, and about Service Level Agreement (formal or not).
WebLogic Scripting Tool allows easy management of many Weblogic Server based products. Oracle has strategically implemented WLST in many products to make provisioning and configuring of environments easy and reproducible. This among other things enables tools like Chef and Puppet to do their magic. WLST is based on Jython. Jython is an implementation of Python running on the Java VM. Both Python and the Java VM provide many options for extending WLST functionality beyond what is commonly done. This will be elaborated and demonstrated with several advanced use cases and their implementations. This technical presentation will provide you with the knowledge to get most out of your investment in Oracle products!
Run Book Automation with PlateSpin OrchestrateNovell
his session will describe how to use PlateSpin Orchestrate for tasks beyond virtualization management. Run Book Automation can support the IT operation in a variety of processes, including monitoring, ticket enrichment, problem diagnosis, change and repair, optimization and virtualization, system management and disaster recovery. IDC predicts that data center management will be required to implement higher automation in all fields of system operation.
This session will show what the typical use cases for Run Book Automation are, how PlateSpin Orchestrate fits the requirement for an automation implementation platform, and where in the enterprise IT infrastructure it can be implemented organically and in manageable steps.
A number of implementation examples, such as a disaster recovery implementation for SAP components, prove that automation is not necessarily a huge step, and that even limited projects can lead to a quick return on investment. Implementation details in code and project examples, a technical demo and a tour of the existing example code will conclude the session.
Run Book Automation with PlateSpin OrchestrateNovell
This session will describe how to use PlateSpin Orchestrate for tasks beyond virtualization management. Run Book Automation can support the IT operation in a variety of processes, including monitoring, ticket enrichment, problem diagnosis, change and repair, optimization and virtualization, system management and disaster recovery. IDC predicts that data center management will be required to implement higher automation in all fields of system operation.
This session will show what the typical use cases for Run Book Automation are, how PlateSpin Orchestrate fits the requirement for an automation implementation platform, and where in the enterprise IT infrastructure it can be implemented organically and in manageable steps.
A number of implementation examples, such as a disaster recovery implementation for SAP components, prove that automation is not necessarily a huge step, and that even limited projects can lead to a quick return on investment. Implementation details in code and project examples, a technical demo and a tour of the existing example code will conclude the session.
Run Book Automation with PlateSpin OrchestrateNovell
This session will describe how to use PlateSpin Orchestrate for tasks beyond virtualization management. Run Book Automation can support the IT operation in a variety of processes, including monitoring, ticket enrichment, problem diagnosis, change and repair, optimization and virtualization, system management and disaster recovery. IDC predicts that data center management will be required to implement higher automation in all fields of system operation.
This session will show what the typical use cases for Run Book Automation are, how PlateSpin Orchestrate fits the requirement for an automation implementation platform, and where in the enterprise IT infrastructure it can be implemented organically and in manageable steps.
A number of implementation examples, such as a disaster recovery implementation for SAP components, prove that automation is not necessarily a huge step, and that even limited projects can lead to a quick return on investment. Implementation details in code and project examples, a technical demo and a tour of the existing example code will conclude the session.
Run Book Automation with PlateSpin OrchestrateNovell
This session will describe how to use PlateSpin Orchestrate for tasks beyond virtualization management. Run Book Automation can support the IT operation in a variety of processes, including monitoring, ticket enrichment, problem diagnosis, change and repair, optimization and virtualization, system management and disaster recovery. IDC predicts that data center management will be required to implement higher automation in all fields of system operation.
This session will show what the typical use cases for Run Book Automation are, how PlateSpin Orchestrate fits the requirement for an automation implementation platform, and where in the enterprise IT infrastructure it can be implemented organically and in manageable steps.
A number of implementation examples, such as a disaster recovery implementation for SAP components, prove that automation is not necessarily a huge step, and that even limited projects can lead to a quick return on investment. Implementation details in code and project examples, a technical demo and a tour of the existing example code will conclude the session.
Run Book Automation with PlateSpin OrchestrateNovell
This session will describe how to use PlateSpin Orchestrate for tasks beyond virtualization management. Run Book Automation can support the IT operation in a variety of processes, including monitoring, ticket enrichment, problem diagnosis, change and repair, optimization and virtualization, system management and disaster recovery. IDC predicts that data center management will be required to implement higher automation in all fields of system operation.
This session will show what the typical use cases for Run Book Automation are, how PlateSpin Orchestrate fits the requirement for an automation implementation platform, and where in the enterprise IT infrastructure it can be implemented organically and in manageable steps.
A number of implementation examples, such as a disaster recovery implementation for SAP components, prove that automation is not necessarily a huge step, and that even limited projects can lead to a quick return on investment. Implementation details in code and project examples, a technical demo and a tour of the existing example code will conclude the session.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Sql Server Security Best Practices
1. 11/5/2009
How do you ensure SQL Server is 100%
Secure?
• Simple …….. You turn it off.
SQL Server Security Best • 100% security is not possible
Practices • There are a number of best practices that you
Part 1 can take to make your SQL Server instance
k k SQ S i
Fall 2009 Ohio Behavioral Health MIS more secure
Users Group • The goal is to harden your SQL Server in a way
Jody McCluggage that it discourages attackers (e.g. don’t be the
low hanging fruit)
Overview Physical Security
• The primary focus will be on 2005/08 • Server housing production SQL Server should
• Will mention some best practices for 97/2000 be secured and only accessible to those who
(but really, you should be using 2005/08 now) need access
• This will be a high‐level overview. If you have
hi ill b hi h l l i f h
any questions on the details of anything in this
presentation, please let me know. Can do a
follow‐up with all the gory details if enough
people are interested.
Disclaimer and Warning Turn off/Disable any unnecessary
(Warning! Warning! Will Robinson) services
• Use care and thoroughly think through and • Turn off unnecessary services
• 2005/2008
test before implementing any of the – Most unnecessary services are turned off by default
suggestions in this presentation. – SQL Server Configuration Manager
– SQL Server Surface Area Configuration Manager (2005)/
Q g g ( )/
• I will not be held responsible if you break your
I will not be held responsible if you break your Policy manager (2008)
system (and will probably deny even knowing • 97/2000
you) – Services MMC snap‐in Administrator Tools
• SQL Browser service is not needed if there is only a
default instance
– Can also be disabled if you explicitly define and map ports
from application to named instances
1
2. 11/5/2009
SQL Server Service Accounts
SQL Server Service Accounts (cont.)
• Run SQL services under a low privilege local • Monitor services accounts for failed logons and
domain user account(s) account lockouts (account lockout will not prevent a
currently running SQL Server from running)
• Do not run under the context of the local • 97/2000
y , , ( p
system, local administrator, or (heaven help – Takes a little work but can be done
Takes a little work but can be done
you) a Domain Administrator account – May require changing some directory and registry
• Service account for SQL Server requires Full permissions
Control permission on the directories where • 2005/2008
data will be read and written to – Configured by default to not run under an
administrator/system account
– Data, log, backup, and replication snapshot – Change using SQL Server Configuration Manager
Port Security Authentication Mode
• Block/filter ports SQL Server is listening on • Windows Authentication only (Integrated Security) or SQL Server
and Windows Authentication (Mixed‐Mode)
perimeter devices • If able to, use Windows Authentication only (may not be possible
• 1433 (TCP) / 1434 (UDP) depending upon the applications that will be connecting)
– Can take advantage of controls built into windows (AD, Group Policy,
• Default instance account policies, groups, etc)
• Any additional named instances will listen on a – B
Better management and auditing controls
d di i l
different port • Mixed Mode (if you have to) recommendation
– 2000 or less ‐ incremented default port by one for each – Use SQL Accounts only for applications that don’t support Windows
Authentication
named instance
– Don’t use sa account for administration. Assign long complex
– SQL Server 2005 and higher – uses SQL Browser service to password and lock away.
listen on 1434 UDP and direct requests to dynamically created – Use Windows accounts with appropriate permissions for
ports administration
• Can be manually changed and set – Take advantage of Windows password policies (2005/08 only)
The Infamous “sa” account Auditing (more about setting up
custom auditing later)
• All powerful SQL Server account
• Needs to be assigned a very strong password
• By default no auditing is turned on
– Especially if running in Mixed Mode since account cannot be disabled • At a minimum turn on auditing for failed logon
or locked out
– Should not be used. Every administrator should have their own
administrator level account (preferably tied to the Windows account)
attempts
– Give it a long and complex password and put the password in a giant
l d l d d h d –B tt t
Best to turn on for both failed and successful
f b th f il d d f l
lockbox (preferably not the one that houses the social security
deposits). attempts
• 2005/08 – if Windows authentication is specified, the sa account is
disabled and a cryptographically random password is assigned. This
prevents the re‐enabling of the account without having to assign a
new password. It also ensures that there is never a blank sa
password (as was the case with some unpatched earlier versions)
2
3. 11/5/2009
Disable unnecessary features
Secure End Points
• Common dangerous and dangerous and/or • All connections pass through end points
unneeded services: • Can create and configure new end‐points
– xp_cmdshell
(2005/08 only)
– OPENROWSET & OPENDATASET
– OLE Automation • Can filter traffic by protocol and origination
fil ffi b l d i i i
– SQL Mail (use Database Mail instead) – System (most common one that users will deal
with. Created by default)
• Most can be managed through Surface
Configuration manager (2005)/Policy manger – TCP (must be created)
(2008) and sp_configure – HTTP (must be created)
Secure End Points (cont.) TCP end point (default and custom)
• System end point • Configurable options
– Shared Memory Protocol – Listening port
– Default TCP
– Listening IP address
– Named Pipes
– VIA – Traffic encryption
Traffic encryption
– Dedicated Admin Connection ‐ DAC (specialized • All login packets are by default encrypted. All other
emergency admin access. Cannot be disabled) traffic is not.
• Requires certificate installed on server
• Only enable/create those that you need. In most
production systems you need only TCP and – Hide instance
Shared Memory.
User Account management User Account management
• Manage groups not users • Filter all data access through Stored
– Assign all users to meaningful logical groups Procedures
– Assign permissions to groups – Finer control
– More robust and flexible
More robust and flexible – Eliminates the need to give the user direct access
Eliminates the need to give the user direct access
• Follow the principle of least privilege when to the underlying tables and views
managing users. Should only give users • Take advantage of Schemas to control
privileges they need to do their job and permissions.
nothing more (don’t be handing out sysadmin
or db owner privileges like there candy from a
Pez dispenser)
3
4. 11/5/2009
Schemas (the most under
Schemas (cont)
appreciated security feature)
• Container of SQL objects (tables, views, stored • Each object is a assigned to only one schema
procedures, functions, etc). • Schemas if setup correctly can create valuable
• Prior to 2005, schema = owner. 2005 security boundaries
decoupled the schema from the owner and
decoupled the schema from the owner and
brought it closer to the ANSI standard
• Schemas are now separate from users. A user
can be assigned to more than one schema and
a schema can be assigned to more than one
user
Schema example Schema example (cont.)
Example: Julie, John, and Jerry from the
Accounting_Group
accounting department need to have execute Julie, Jim, and Jerry
permissions on a group of stored procedures.
You could assign execute permission to the
You could assign execute permission to the Accounting Schema
A ti S h
Accounting group (remember its best to work db.Accounting.usp_getBalance
db.Accounting.usp_insertEntry
with groups) on each individual stored db.Accounting.usp_enterClient
procedure. Or you could assign all the needed
stored procedures to an “Accounting” schema GRANT EXECUTE ON SCHEMA::Accounting TO
and just give the accounting group execute Accounting_Group
permission on the “Accounting” schema.
Permissions are hierarchical
Permissions
(2005/08)
• Permissions can be assigned to “Securables” • Instance level and database level permissions
• Securable Hierarchy are grouped into hierarchies. Permissions
– Instance lower in an assigned hierarchy are also
– Database
b granted (unless explicitly revoked)
granted (unless explicitly revoked)
– Schemas • Database level permission example:
– Database Objects (tables, views, stored – Create Table
procedures, functions, etc) • Insert
• Update
• Permissions can be granted or revoked
• Delete
• Select
4
5. 11/5/2009
Column Level Encryption Column Level Encryption Key
(warning: technical data ahead) Hierarchy
• Starting with SQL Server 2005, column level • Service Master Key
encryption was supported – Created automatically when SQL Server Instance first
started
• Any encryption strategy needs to be well – Should backup to a secure location before implementing
planed before implementing. Good key
planed before implementing Good key data level encryption.
data level encryption
management is a must or you may just end up • Database Master Key
locking your self out of your data. – Created manually for each database you want to encrypt
data items
– Not required but recommended
– Encrypted by Service Master Key
– Should backup to a secure location before implementing
data level encryption.
Column Level Encryption
Column Data Encryption (Cont.)
Continued
• Data Level Encryption Keys Most common scenario when used:
– Asymmetric Keys An Asymmetric Key encrypted by a certificate is
• Single key for both encryption and decryption used to encrypt desired data elements. An
• Fast encryption function is created that is called
encryption function is created that is called
• Securing the key is an issue
within a stored procedure.
– Asymmetric Key/Certificate
• Two keys (Public and Private) are used
• Data encrypted by one key can only be decrypted by
the other and vice‐versa.
Database Level Encryption Database Level Encryption (Cont.)
• This column‐level encryption seems complex • Any data saved to EFS protected directories
and messy, why not just encrypt the entire would be encrypted. Encryption is at the
database when at rest? directory level
• Prior to 2008 this could be done using EFS
Prior to 2008 this could be done using EFS – Data moved out of protected directories would no
Data moved out of protected directories would no
(make sure you have a domain EFS recovery longer be encrypted.
agent in place before doing this). The • SQL Server 2008 to the rescue with
directories that housed the database and Transparent Data Encryption (TDE)
backups (don’t forget the backups) need to – Encryption at the database level.
have EFS enabled on them. – Database encrypted with Database Master Key
– Backups automatically encrypted also
5
6. 11/5/2009
Auditing Auditing (Cont.)
• DML (database manipulation language) • DDL (data definition Language) trigger
Triggers – A cool feature introduced in SQL 2005 that allows
– Actions can be taken or recorded based on DML you to take action based on a DDL event (Create,
events (INSERT, UPDATE, DELETE, etc)
events (INSERT UPDATE DELETE etc) Drop, Alter, etc).
p, , )
• An example would be to create a DML Trigger that – For example you could create a trigger that could
records writes to a special log table when, who, and intercept a create table command, log who, when,
what data was modified in a designated table. and what to a special log file, roll‐back the
transaction, and fire off an email.
Auditing (Cont.) Part 2
• SQL Server 2008 added two new auditing • Mitigating SQL Injection risks
features • Securing SSIS, SSRS, and SSAS
– Audit Object • Scripting SQL Server (more PowerShell fun)
– Identify a collection of actions to be tracked
Identify a collection of actions to be tracked
– Only available in Enterprise edition
• D*mn you Microsoft!
• Policy‐Based Management
– Replaces Surface Area Configuration Management
– Can be configured to monitor and enforce a
baseline configuration
Some useful resources
• SQL Server Books Online
• Google
• Microsoft SQL Server News groups
• How to Cheat at Securing Server 2005
• The Rational Guide to SQL Server 2005
Security
• Professional SQL Server 2008 Administration
6