Security – Page 12 – Curated SQL

Microsoft Fabric GitHub Integration Security Considerations

Published 2024-07-30 by Kevin Feasel

I know the option to work with GitHub has got a lot of people excited. Which I why wanted to share my initial thoughts about security with you all. Because a lot of things have come to mind whilst testing this.

I want to highlight immediate implications and options before you all get too involved with testing. To make sure you test working with GitHub safely.

Plus, this post is really useful for those of you looking to test this in a regulated GitHub Enterprise environment. Because it will allow you to explain things to your GitHub administrators better, and/or forward them this post. To explain what you want to achieve.

Read on for Kevin’s thoughts on the matter.

Comments closed

Working with Managed Entities in Azure SQL DB

Published 2024-07-26 by Kevin Feasel

Josephine Bush creates and uses a managed identity:

Benefits of Using Managed Identities and Entra Groups

Enhanced Security: Using managed identities eliminates the need to manage credentials, reducing the risk of credential theft.

Simplified Management: Entra Groups streamline the management of permissions for multiple users or managed identities, making it easier to apply consistent access policies.

Scalability: As your organization grows, you can easily manage access by adding new users or managed identities to Entra Groups without needing to update database permissions individually.

Read on to see how you can create one and what you can do with it.

Comments closed

Choosing between Azure SQL DB Ledger and Azure Confidential Ledger

Published 2024-07-18 by Kevin Feasel

Pieter Vanhove reminds me that ledger tables exist:

Ledger technology is a way of storing data that ensures its integrity, immutability, and verifiability. It can be used for scenarios where trust and transparency are essential, such as financial transactions, supply chain tracking, or regulatory compliance. Azure offers two services that leverage ledger technology to provide tamper-proof data storage: ledger in Azure SQL Database and Azure Confidential Ledger. In this blog post, we will compare these two services and help you decide which one is best suited for your needs.

Read on for the comparison. I think the answer for most cases is “neither” but there are specific times when ledger tables could make a good amount of sense.

Comments closed

Auditing and Access Monitoring in Postgres

Published 2024-07-11 by Kevin Feasel

Umair Shahid looks at some capabilities in Postgres:

This blog aims to provide an in-depth guide on auditing and monitoring access in PostgreSQL. We will explore various tools, techniques, and best practices to help you implement effective auditing and monitoring strategies in your PostgreSQL environment.

Read on to learn more about pgAudit and PostgreSQL logging.

Comments closed

Access Controls in PostgreSQL

Published 2024-07-10 by Kevin Feasel

Umair Shahid talks about access rights:

Access control is a fundamental aspect of database security, ensuring that only authorized users can perform specific actions on the data. Effective access control helps protect sensitive information from unauthorized access and prevents data breaches, which can have severe legal and financial repercussions for organizations.

PostgreSQL has a strong reputation for reliability, feature robustness, and performance. One of its notable strengths is its comprehensive support for various access control mechanisms, which allow database administrators to finely tune who can access what data and how.

It turns out that there’s a lot of overlap in how these work between SQL Server and Postgres, though the exact syntax may be a bit different for certain items.

Comments closed

Microsoft Fabric Warehouse Access Control

Published 2024-07-02 by Kevin Feasel

Koen Verbeeck talks permissions:

We are starting a new analytics project in Microsoft Fabric, and our data will land in a warehouse. This is the first time we’re using Fabric, and we are wondering about the different options for sharing access to a warehouse we developed in a workspace.

Click through for more information on providing and limiting access to data in a Microsoft Fabric warehouse.

Comments closed

SQL Server Security Series Wrap-Up

Published 2024-07-01 by Kevin Feasel

Mike Walsh puts a bow on it:

Thanks for tuning into our posts for the 30 SQL Server security checks in 30 days series this month. I want to recap the entire month of posts with a few homework assignments to get you started today.

Read on for those three assignments, including adopting a security mindset, remembering that humans tend to be the weak points of security, and trying out sp_CheckSecurity.

Comments closed

Connecting to Azure SQL DB using a Managed Identity

Published 2024-07-01 by Kevin Feasel

Jaime Garcia de Alba makes a connection:

In this guide I am going to show steps to connect Windows Azure VM to Azure SQL DB using Managed Identity covering create user in Azure SQL DB , connect using SSMS and connect using powershell

Click through to see how you can get this information from an Azure VM and connect to the SQL Server instance either via SSMS or Powershell.

Comments closed

Configuring TLS Encryption for SQL Server

Published 2024-06-28 by Kevin Feasel

Sagheer Ahmed sets up TLS encryption:

This technical guide provides detailed instructions on how to configure SSL/TLS encryption for SQL Server using a self-signed or CA-issued certificate. Secure your data transmissions and enhance your security posture with these essential steps.

Read on for the instructions.

Comments closed

A Reason to Avoid Database Chaining in SQL Server

Published 2024-06-28 by Kevin Feasel

Jeff Iannucci gives us the details:

SQL Server database ownership may seem like an insignificant concern, but choosing the wrong owner for your database can be a main contributor to security disasters like ransomware. Let’s talk a bit about how to choose an owner that doesn’t create a huge security vulnerability for you and your SQL Server instance.

(Note: this isn’t the same as being in the db_owner role, although we will look at that later in this post.)

Click through for more information. This is one of the big reasons to avoid cross-database ownership chaining or setting TRUSTWORTHY on any database. Jeff has another way of resolving this particular problem that works, but the best solution is not to use either of those features.

Comments closed

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Category: Security