Friday, February 17, 2012

SSWUG Expo: Understanding Database Security Threats and Countermeasures

SQL Server Security and Intrusion Prevention


Today was my first experience being part of a Virtual Conference. I will definitely admit, it was an interesting experience. I'd like to thank those that watched the sessions and here some details for that talk.
Below you'll find the Slide deck and the link to the scripts used

Scripts


l33t Password Generator
You can download the source code project and even contribute to the project by checking out the shource code from my GitHub.
https://github.com/extofer/l33tPassGen



Slide Deck
SQL Server Security and Intrusion Prevention
View more PowerPoint from Gabriel Villa

Speaker Rate
I haven't done many presentation, but I'd like to here how I'm doing. Please take a moment to rate my talk and I appreciate constructive criticism.




Posted by at Friday, February 17, 2012 1 comments
Links to this post

Wednesday, February 08, 2012

Extofer Bits - Episode 00110001

I wanted to try something new when it comes to posting, so I created a screencast, and decided I will do more of these, "quick tip" posts. Today, I shared a site I use regularly, most importantly, it’s a must visit site for new installs. I recently re-installed Windows 7 on my machine and I visited Ninite to install my everyday software.
Unable to display content. Adobe Flash is required.
Posted by at Wednesday, February 08, 2012 0 comments
Links to this post Labels:

Thursday, December 08, 2011

Christmas in Colorado Springs SQL Server User Group: 2011 Year in Review

Thank you SQL Family
Meet Andrew, Troy and Gary
In 2011 there's been a lot of noise regarding the SQL Family, and a lot of it has to do with friends and a shared passion - with SQL Server.

For eleven months out of this past year, fellow professionals - now friends - gathered every third Wednesday of the month to share that passion and discuss and learn about SQL Server technologies.  When I moved to Colorado Springs in 2010, I attended their last meeting that was held in a public library. The following January, 2011 we had our first meeting at Mr. Biggs Family Fun Center, a smart move - it has become our safe haven for SQL Saturdays and two Christmas Parties.  So this year, we have had a great line up of speakers and presentations since then, including:

Tim Mitchell
Kevin Cox
Tom Norman
Mike Fal
Paul Nielsen
Chris Shaw
Troy Ketsdever
Doug Lane
Mark Halstead

Upcoming SQL Events
Ski Attire
As the year winds down, we sincerely thank our SQL Family for coming to the meetings, for sharing and participating, and for growing our SQL community.   Our membership has grown and so has the attendance.

The Springs SQL Server User Group has a great following and is looking bright for the future.  If you haven’t heard already, we have a great event coming up in the beginning of 2012. We are kicking off the SQL Year with SQL Saturday #104, again including some awesome events:

Women in Technology with Karen Lopez ( b | t ), Meredith Ryan-Smith ( b | t ) and Thomas LaRock ( b | t ).
And Pre-Cons:

1. "Scaling SQL Server" (Glenn Berry)
2. "Data Warehouse Dimensional Design and Architecture Planning" (Erik Veerman)
3. "What's In Your Utility Belt?" (Chris Shaw and TJay Belt)

To top it off, we will have a Ski Trip to Monarch the day after the conference.
Why do I mention all of this?   It would not be possible without the hard work of SQL community members who are making this happen, FOR the people and BY the people.  That is why we commemorate our Colorado Springs SQL Family with an Annual Christmas Party.
Christmas Party 2011

Red Gate SQL Christmas Party

Our very own Rebecca Mitchell, you all can refer her as her royal highness SQLPrincess, was contacted about an opportunity for our user group Holiday party to be sponsored by Red Gate.

We would like to extend a special thanks to Red Gate for awarding us funds to have an awesome party, Colorado Springs Style. Last night at Mr. Biggs Family Fun Center we had a blast with our members.  We didn't just have appetizers and drinks - Nay Nay No No!  We had BBQ ribs and all the fixin’s.   We had reserved the VIP bowling alley, as members and their guests enjoyed unlimited bowling on half a dozen lanes.  Then we had a great time playing Laser Tag.  Why laser tag? our fearless Princess explained to Red Gate, "There's nothing quite like taunting, err.. chasing after fellow database professionals in a round of Laser Tag."

SQL Blue Team

We'll call them "Red Gate" Team
For two rounds the Blue Team dominated, finding the Red Team’s fort and annihilating it.  I was able to take a few good shots at some Blue Team soldiers but we were still defeated - All in Good Fun!   I hope our members enjoyed their time playing Laser Tag and eating great food.
We anticipate another banner year in 2012.

Christmas Party Pictures
SpringsSQLParty

I leave you with this, Happy Holidays and thanks again to our wonderful sponsor, Red Gate and our Colorado Springs SQL Family. Enjoy the shared photos as well, taken by Troy, Rebecca and myself.
Posted by at Thursday, December 08, 2011 0 comments
Links to this post

Monday, August 22, 2011

Call to Action: SecureKidsWeb


In recent news in the city I live in, a 12 and a half year old boy was severely injured at home. After a five day battle, the young man was taken off life support. This really hit home for us when we first heard of the news because it was my son's first day of school and the young man went to the same school. The parents kept the accident private, but encourage these words:


"Please take good care of all your children and loved ones.
Watch closely what they look at on the Internet and things they talk about with friends. We feel we did not know enough and this lack of knowledge made us pay a high price !!"

It's a shame when families don't know enough about parental control. It is a vary sad thing to think this could of been prevented with simple, free Internet security tools or sites. I been using OpenDNS since my young ones were freely able to surf the web on their own computers. Not to mention, I was able to block out unwanted information from their Wii game console as well.

I want to share my quick lesson to anyone listening, and I encourage friends and families with children to do the same right now. I would also challenge and ask all my acquainted IT professionals that I know, personally or via Social Network, that we come forth and help. Please take a minute and share your Internet Parental Control knowledge and post and tag it #SecureKidsWeb



Create a free Opendns account at http://www.opendns.com/.

Go to the Set up page and follow the instructions to set up your home router: https://store.opendns.com/setup/

When set up, go to your OpenDNS Dashboard. You should be able to see a network address in the form of ###.###.###.####. That is called an IP address. Click the "Add Network" button and name your network.

Once you have added the Network, click on the Settings tab, and you will find the Web Content Filtering section. At this point, you can choose your filtering level, or customize your setting. By doing so, you can block content by category, i.e. Adult content, Sexuality, Drugs, Hate/Discrimination.

Once you have set up your OpenDNS, you may manage to see reports of site visited and judge for yourself whether you want to block addition site by name in the same manner by going to the Manage individual domains section.

Now you can have the ease to monitor and manage Web Traffic and content.

Posted by at Monday, August 22, 2011 0 comments
Links to this post Labels:

Tuesday, July 12, 2011

TSQL Tuesday #20: T-SQL Best Practices

It's T-SQL Tuesday again, and although I seldom write on Tuesday, I attempt to participate. The brainchild of Adam Machanic (Blog|Twitter), T-SQL Tuesday invites new and existing SQL Server bloggers to post about the same topic on the same day.  This time around, the topic is “T-SQL Best Practices”, hosted by Amit Banerjee (Blog|Twitter)

What is T-SQL, anyway?
T-SQL, or Transact-SQL, is Microsoft and Sybase’s proprietary extension to SQL.All applications that talk to a SQL instance use T-SQL statements to talk to the server, regardless of the user interface or the application.

T-SQL is a proprietary top-down procedural programming language. It was originally developed jointly by Microsoft and Sybase for Sybase SQL Server on UNIX until 1993. From that point forward, Microsoft SQL Server was developed for NT Server. T-SQL is not an object-oriented programming language with object or methods and it does not compile into binaries. It is, however, a Server Side processing code used to query data. When I develop T-SQL, I treat it as any other programming language.
For T-SQL best practices, I recommend using programming guidelines similar to those of C#, Java or VB.Net.

User Defined Functions
I have always been a fan of functions. To “bring out the Fun in Functions”, I learned that in any programming language, if you write it more than once, write a function; if you write it three times, stop programming and start a new career. In T-SQL, a UDF can return a single value (Scalar Function) or return a set of data (Table Value).

Use naming conventions
Use common naming conventions to name your variables. This standardization allows any programming to read your code and understand what is being processed. First, figure out the purpose of the variable, then give the variable a precise name, and finally, imply its Data Type. For instance, the date variable @BirthDate [datetime] is easy to understand. However, if you named it @BornColumn [datetime], somebody down the line would be thinking “Huh?”It would not be so interpretive.

Legible Code
Like most word processing programs, SSMS will automatically wrap your lines of code we all write lengthy blocks of code if you don’t press at certain points you could theoretically have only one long line of code the best thing to do is to turn off word wrap for better legibility to do this, select Tools, Options, Text Editor, Transact-SQL, under Settings Turn off Word Wrap for legibility.


Commenting Code
In T-SQL, make concise comments describing the stored procedure or trigger. Best practice for commenting code is to make it understandable when you revisit this code years later. Dates and initials on comments can also alleviate problems.
There are two ways to comment code in T-SQL:

-- Two hyphens create one line for commenting
GO
CREATE PROCEDURE sp_TSQL2sDay

/* This is a block of comments
The end delimiter of this comment
is an asterisk and front slash */
GO
ALTER PROCEDURE sp_TSQL2sDay

Version Control
SVN, Mercurial, Git, and SourceSafe are a few well-known version control systems to apply to source code. Although how do you source control T-SQL? It is not common to build the scripts in a programming IDE (Integrated Development Environment). Red-Gate has a product to source control schemas and data, but T-SQL saves in the database as a Server Side Script. I don’t use Red-Gate’s product, but I recommend that you save the scripts, whether stored procedures, triggers, or UDF, as a .sql file, and add them to your version control of choice.

If ifs and buts were candy and nuts, we’d all have a Merry Christmas. If pigs could fly, we’d all need stronger windshield wipers….As much as I wish this could be a feature rich post on how to create a UDF or implement version control on .sql files, it’s not. My sincere hope is that this will soon lead to that. In the meantime, these are just a few of my most recommended rules of thumb when developing T-SQL.


Posted by at Tuesday, July 12, 2011 0 comments
Links to this post Labels: ,
Subscribe to: Posts (Atom)