Hiding (mostly) in plain sight: Dynamic Data Masking

Masks on!

One of the more recent additions to SQL Server security features is the Dynamic Data Masking (DDM), included with the 2016 version. Like the Transparent Data Encryption I blogged about recently, DDM is a feature that is relatively easy to implement, and doesn’t require a lot of changes to the application. And just like pretty much everything is easy in a real life, it too has some limitations.

Continue reading “Hiding (mostly) in plain sight: Dynamic Data Masking”

Protecting Data at Rest: Transparent Data Encryption

I recently read an article which stating that since the GDPR came in force, there has been 59,000 data breaches reported in the EU. I must admit, that while I did anticipate that we’d see a surge in these numbers, due to reporting requirements in the legislation. I really did not expect the numbers to look that terrifying.

From the point of view of a SQL Server DBA, there is a number of different ways to protect your data. Some of them are even quite easy to setup, such as Transparent Data Encryption (TDE). So let’s have a look at how to set that up!

Continue reading “Protecting Data at Rest: Transparent Data Encryption”

Undeprecated SQL Server features

The Feature Reaper!
The Feature Reaper!

As we all know there are many features in SQL Server that have been deprecated over the time by Microsoft for one reason or another. In fact, there is a long list of features that are deprecated in the latest SQL Server 2017 release.

It is far less often that any of these features make a comeback, however that can apparently happen, as I just witnessed last week.

Continue reading “Undeprecated SQL Server features”

Windows Firewall and antivirus software configurations for SQL Server.

One of the more important duties of a DBA is to make sure that their databases and the data is secure. In this post we’ll be looking at two utilities to increase the security of your server, the Windows Firewall and an antivirus software. Like with about everything else related to servers, you can’t just switch these on (well, you could, but…) and forget about them to get the best possible experience. They need to be properly configured for servers running Microsoft SQL Server. If you’re a DBA you might not be doing the configuration yourself, but you still need to tell your Windows administrators what they need to do.

Continue reading “Windows Firewall and antivirus software configurations for SQL Server.”

End of Lifecycle for Windows 2003 R2 and SQL Server 2005

Just a friendly reminder to everyone that just like all good things come to and end so does the extended support for these two Microsoft products. First will be the Windows 2003 R2 with the end of lifecycle date set to July 14 2015 and soon after that SQL Server 2005 with it’s end of lifecycle date set to April 12 2016.

You can still run these products after these dates of course but it’s definitely not recommended and the reason is simple. End of the extended support means that neither of these products will be receiving any patches or security updates, ever. So if you’re not already working on upgrading them, now would be a good time to start.

Continue reading “End of Lifecycle for Windows 2003 R2 and SQL Server 2005”

RSS feeds about Microsoft KB articles

Just a quick tip this time, but one that can save you lot of time and manual work.

One of the information sources that all administrators, both Windows and SQL Server alike, should follow is the Microsoft Knowledge Base. However as there are new articles coming in daily, going to Knowledge Base and manually searching for them isn’t really a viable option. Even less so if you’re responsible for administering multiple versions of Microsoft software.

Continue reading “RSS feeds about Microsoft KB articles”

IPSEC settings for the client

After setting up the SQL Server ready for encrypted connections, it’s time to do the same for the clients. This is basically the same process that we already did at the server end, but let’s go through it once more. Instead of inbound firewall rule, we’ll create an outbound rule (surprise!) and connection security rule.

Continue reading “IPSEC settings for the client”