Security

The Top 15 SQL Server Security Myths

2023-06-122023-06-12
SQL Server Database Development, SQL Server Database Engine

As a SQL Server DBA, you are responsible for securing your organization’s critical data stored in SQL Server. However, there are many myths surrounding SQL Server security 🔒 that can lead to a false sense of security or even leave you vulnerable to attacks. In this blog post, I’ll be debunking the 15 most common security-related myths in SQL Server that every DBA should be aware of. So, grab a cup of coffee, and let’s get started! ☕

I’m speaking – The best of SQLbits 2023

2023-04-172023-05-03
SQL Server Database Development, SQL Server Database Engine

On May 10th, all Israeli experts who participated in the conference will share their experience with the Israeli community and convey the best sessions they attended in #SQLBits 2023! I will also be one of them and deliver my favorite session!

Detect Application Bugs and Vulnerabilities You Didn’t Even Know About

2022-12-052022-12-11
SQL Server Database Development, SQL Server Database Engine, T-SQL, Tools and Scripts
2 Comments

In this post, I will introduce you to a special T-SQL script that you can use for detecting potential SQL injection attacks in your database, as well as application-level bugs that you didn’t necessarily know you had.

Resolved: Login failed for user NT AUTHORITY\ANONYMOUS LOGON – Delegation Step-by-Step

2022-11-022023-08-10
SQL Server Database Engine, Tools and Scripts
3 Comments

Sometimes when trying to access a linked server, you’d get an error saying “Login failed for user NT AUTHORITY\ANONYMOUS LOGON”. This happens because you’re connected using Windows authentication, and SQL Server fails to “forward” your credentials to the linked server.

Hopefully, with this blog post, I’ll provide you with an easy-to-understand step-by-step guide, which would help you resolve the issue the right way, without any workarounds.

Detect Weak Passwords in SQL Server

2022-02-012022-12-25
T-SQL, Tools and Scripts
2 Comments

This is a T-SQL script that I’m cross-publishing with the official Madeira Data Solutions blog.

This script generates various permutations and variations of common and weak passwords and uses the PWDCOMPARE function to check whether there are any enabled SQL logins that have these passwords.

SQL Vulnerability Assessment Tool Reference List – Updated!

2020-11-11
Microsoft Azure, SQL Server Database Engine, Tools and Scripts
1 Comment

Way back at January 16, 2020, I published a blog post containing a reference list for the many rules checked by the SQL Vulnerability Assessment Tool. The next month, I created a separate, dedicated page for the reference list so that it’d be easier to find and maintain. Today I learned that a few months later, around the beginning of May, Microsoft themselves have also published such a reference list on the Microsoft Docs page.

Overriding the Authentication in SSRS for External Access

In this post, I hope to summarize the various methods that we have, in order to get rid of that annoying authentication prompt. Each method has its own advantages and disadvantages in terms of complexity of implementation, versatility, and the level of security that it provides. More specifically: the more secure and versatile a method is – the more complicated it is to implement.

How to Protect SQL Server from Hackers and Penetration Tests

2020-07-28
SQL Server Database Development

On June 3rd, the InfosecMatter blog published a post titled “Top #10 Vulnerabilities: Internal Infrastructure Pentest“. This blog post detailed the top most common vulnerabilities in Windows servers and networks found during more than 60 internal infrastructure penetration tests around the world. After reading this article, I was prompted to actively look for similar resources on SQL Server penetration testing, and I got some interesting findings. Check out my blog post at the Madeira Data Solutions website for the details.

Finding the Details Missing from the SQL Server Failed Logins Audit

2020-03-09
T-SQL, Tools and Scripts

We all know the error log used by SQL Server to audit failed logins by default. But is it good enough? For many scenarios, it isn’t. It’s actually missing a lot of important information. But, worry not, for there are better solutions!

SQL Vulnerability Assessment Tool – Rules Reference List

I never managed to find an online reference page for the rules run by the SQL Vulnerability Assessment tool. So I figured “why not do it myself?”. Cool script attached!