I wrote Only as Good as Your Auditor for SQLServerCentral because its something I’ve explained to people over and over again. For most of us in IT audits are something we tolerate and try to get done as quickly as we can, a test to pass, and because of that we don’t get to see […]Read more "Only as Good as Your Auditor"
Compliance training, never a fun topic and I think that is too bad. A combination of companies checking the box, lacking imagination, and being stuck with rules that require doing it annually. Do we really need to review the employee manual if it hasn’t changed since last time? Or if we were notified of updates […]Read more "SSC Editorial: Annual Security Compliance Training"
No, I still have both of mine. Yesterday I stopped at lunch for Wendy’s. One person in line in front of us. Guy places his order, hands over the credit card, and the cashier is just about to hand the card back when he decides he wants two more of something. Rather than just doing […]Read more "I Need a Thumb"
Two weeks ago on Saturday morning I got a push notification on my phone from American Express that a potential fraudulent use of my card had been attempted and denied 14 seconds earlier. I had loaded the phone app just to try it out and I think I had used it once, so it was […]Read more "Someone Stole My Credit Card Number"
Would a Duress Password be a Good Idea? ran on April 21, 2015 in the SQLServerCentral.com newsletter. Good editorials should provoke thought and discussion. I rate it as partially successful. I knew when I wrote it that the idea of coercing a password from someone was an edge case that’s easy to dismiss, but those […]Read more "SSC Editorial: Would a Duress Password be a Good Idea?"
Not comprehensive, but perhaps useful next time: Verify that the SPN’s are correct for the server that has the Reporting Services database. Many ways to do this, but I like the Kerberos Configuration Manager. The SPN tab should show “Good” for the instance that hosts the database. If not, fix (typically requires domain admin). Don’t […]Read more "Notes on Setting Up & Troubleshooting Reporting Services Using Kerberos"
Proxies and web content filtering are common, maybe even required, but it can be annoying, and sometimes you need to test to see if the proxy is the problem. Usually you can change this via the Connections tab in IE, but I ran into a case where it was gone, doubtless turned off by some […]Read more "Disable the IE Proxy, At Least in IE9"
If you have a central management server set up, or a similar way to run a query against a list, the query below will identify those that are using NTLM instead of Kerberos (or just run on each instance individually). Not necessarily a big deal depending on what you’re doing, but sometimes being able to double […]Read more "Finding Instances That Aren’t Using Kerberos"
As someone who lives the data world I know that we work hard at protecting certain types of data more than others. PII, PCI, HIPPA, they all get extra attention, or perhaps the “other” data just gets less attention. We think of the worst case as a breach that leads to millions of credit cards […]Read more "The Sony Breach Lesson For SQL Professionals (And Everyone Else Too)"
I’ve had this task on the list for a while. I wanted to do a refresh on the basics of SSL and certs, plus I’m in favor of using SSL everywhere, even personal blogs. I ended up using The complete guide to loading a free SSL certificate into an Azure website by Troy Hunt as […]Read more "Adding SSL to SQLAndy.com"