Clik here to view.
Data Protection Day, January 28th
Thought some readers of this blog might be interested in Data Protection Day, tomorrow, January 28. The Council of Europe established this day to raise awareness of data privacy and data protection...
View ArticleClik here to view.
Auditing in SQL Server 2008 white paper
In continuation to the post by Jack back in October, we've added Auditing in SQL Server 2008 to our list of security focused white papers (http://msdn.microsoft.com/en-us/library/dd392015.aspx). We'll...
View ArticleClik here to view.
Performance of Impact of Auditing in SQL Server 2008
Il-Sung Lee and Art Rask’s whitepaper, Auditing in SQL Server 2008, just hit the web. Congratulations! I just wanted to add to what Il-Sung already has said about this paper that this is a great...
View ArticleClik here to view.
Feedback requested: Default schemas for Windows groups
We would like your feedback on the scenarios where you need to assign default schemas to Windows groups. We have a post in the forums, but there has only been one reply so far. Please, if you have an...
View ArticleClik here to view.
Interested in Compliance?
I'm pretty sure that there are many of you who have to deal with regulatory compliance but how many of you are aware that we have a SQL Server Compliance web portal? Check out...
View ArticleClik here to view.
Enforce Windows Password Policy on SQL Server Logins
If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is worth to remind that SQL server does provide the option of enforcing window password policy on SQL...
View ArticleClik here to view.
SQL Server EncryptByKey cryptographic message description
Since the introduction of SQL Server 2008 extensible key management (EKM), new opportunities may arise to handle data encryption on the client while still making the plaintext data accessible to...
View ArticleClik here to view.
PCI DSS Compliance with SQL Server 2008
Since PCI Compliance seems to be popular subject for SQL Server users (by which I mean that a quite a few of you are forced to deal with it) here's something that may help. Parente Randolph is a PCI...
View ArticleClik here to view.
Thales/nCipher announces EKM support for SQL Server 2008
I'm very please to announce that last week during the RSA Conference, Thales announced their support for SQL Server 2008 with their nCipher product line of hardward security modules (HSMs)...
View ArticleClik here to view.
How To Choose Audit Action Group When Using Auditing in SQL Server 2008
SQL Sever 2008 introduces auditing feature which can audit both server-level events and database-level events and several specific database actions. Please check...
View ArticleClik here to view.
Arx the latest vendor to support EKM
With the increasing popularity of the EKM feature in SQL Server 2008, more vendors are adding their support for this great feature. I'm very happy to announce that Arx has just announced their...
View ArticleClik here to view.
Link to Lyudmila’s blog
My teammate Lyudmila is maintaining her own TechNet blog where she writes articles related to SQL Server security. You can access her blog at http://blogs.technet.com/lyudmila_fokina. Her blog is...
View ArticleClik here to view.
Filtering (obfuscating) Sensitive Text in SQL Server
A very common concern when dealing with sensitive data such as passwords is how to make sure that such data is not exposed through traces. SQL Server can detect and filter the SQL statements in...
View ArticleClik here to view.
How To: Share a Single EKM Credential among Multiple Users
SQL Server Extensible Key Management (EKM) requires the authentication information (user/password) to be stored in a credential mapped to the primary identity. This version of EKM cannot be used...
View ArticleClik here to view.
Consolidation Guidance for SQL Server
Sung Hsueh, a former SQL Engine Security team member, just published a whitepaper with co-authors Antony Zhong and Madhan Arumugam on Consolidation Guidance for SQL Server. Though it covers far more...
View ArticleClik here to view.
Quick security references (QSR) on Cross-Site scripting and SQL injection.
Recently the Security Development Lifecycle (SDL) team announced the release of new type of security guidance papers called Quick security references (QSRs). The first two papers focus on Cross-Site...
View ArticleClik here to view.
HIPAA Compliance with SQL Server 2008
Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and Accountability Act) from our customers than other regulations. Although there is no formal...
View ArticleClik here to view.
RSA Conference 2010
If anyone is planning to attend to the RSA Conference 2010 in San Francisco, please stop by and visit us at the Microsoft SQL Server booth and to the theater sessions we have prepared for the event:...
View ArticleClik here to view.
Open positions @ SQL Server
We wanted to post and let everyone know that the Microsoft SQL Server Base and Infrastructure (SBIA) team is hiring for various test positions. This includes the Security team (or Core Security...
View ArticleClik here to view.
Presentation on SQL Security
The SQL Security Team's Raul Garcia and Il- Sung Lee are presenting at 1 PM PST today on SQL Security in an online webcast....
View Article
