Speaking next Wednesday, Vermont SQL PASS group, thanks to Roman Rehak for the invite! http://www.meetup.com/VTCode/events/223946011/
I'll be doing an update to Database Security Best Practices for the Vigilant DBA and Developer, with a look at SQL 2016 CTP2.1 Always Encrypted option.
UPDATE: Post presentation link to download Slide Deck
sql server optimisation, sql server database management, sql discussions, help, clusters, backups, expansion, usefull tools, mcitp certification, server management, meilleures pratiques sql server, best practices.disaster recovery, deployment management, mirroring best practices and high availability, database security best practices
Friday, July 17, 2015
Wednesday, June 17, 2015
MySQL Database Security Best Practices for the Vigilant: The Terse Top XV
1. Strong passwords, there is no excuse, use online tools for generation of 15 alphanumeric or more.
2. Rename root account (update user set user=”NewName” where user=”root”)
3. Apply the latest MySQL DB Server patches (see 12)
4. Restrict access to Program Data and log (slow, error) folders
5. Make sure users connect only from specific ids/IPS or application servers.
6. DB users, grant privileges from most restrictive upwards, not full access then down.
7. Use Skip-Networking in Configuration file if the server is to be only used locally.
8. Configure disaster recovery with Bin Log replication to remote site if server is critical, or replicate backups at the very least and load them to a standby server.
9. Use SSL connections only if sensitive data (Set Secure_Auth ON)
10. Change the TCP port to a non-standard one (thus not 3306)
11. Restrict the access and ownership of the DataDir in the Configuration to place data in a non-default place.
12. Use Versions that were after the Oracle purchase AND post known vulnerabilties, thus 5.6.26 and up, since (update) August 2015, new vulnerabilities were published for 5.6.24 and below (ouch).
13. Ensure root has not been granted to remote access (SHOW GRANTS)
14. Ensure there are no empty passwords
15. Groom your user lists frequently and disable/drop unused accounts
PS while on the subject, here's some awesome MySQL training http://youtu.be/TCt6IZCZTxc
2. Rename root account (update user set user=”NewName” where user=”root”)
3. Apply the latest MySQL DB Server patches (see 12)
4. Restrict access to Program Data and log (slow, error) folders
5. Make sure users connect only from specific ids/IPS or application servers.
6. DB users, grant privileges from most restrictive upwards, not full access then down.
7. Use Skip-Networking in Configuration file if the server is to be only used locally.
8. Configure disaster recovery with Bin Log replication to remote site if server is critical, or replicate backups at the very least and load them to a standby server.
9. Use SSL connections only if sensitive data (Set Secure_Auth ON)
10. Change the TCP port to a non-standard one (thus not 3306)
11. Restrict the access and ownership of the DataDir in the Configuration to place data in a non-default place.
12. Use Versions that were after the Oracle purchase AND post known vulnerabilties, thus 5.6.26 and up, since (update) August 2015, new vulnerabilities were published for 5.6.24 and below (ouch).
13. Ensure root has not been granted to remote access (SHOW GRANTS)
14. Ensure there are no empty passwords
15. Groom your user lists frequently and disable/drop unused accounts
PS while on the subject, here's some awesome MySQL training http://youtu.be/TCt6IZCZTxc
Sunday, January 04, 2015
Improve Your Wifi Connection Speed with the Use of a Simple 6’/2m USB Cable Extension
For years now we have dropped using Cat6 at home for Wifi,
since the Cat5e cables in the house we moved into four years ago were damaged by
construction and renovations. Even though we've purchased high end routers that
claim amazing speeds, and even the other year a new Cisco router with AC
capabilities, the main thing that has really improved connectivity has been the
use of a high quality shielded USB 2.0 extension cable (and once Wifi AC has
thoroughly set in, a USB 3.0 cable of the same quality would follow suit).
When you are close to the router, this is not an issue since
speeds of 172-225Mbps are able enough for most network traffic, but the
extension really pays itself off when you are far from your router where interference
from your body in the way makes a difference!
Even though our router is placed close to the ceiling of the basement,
well above the ground, and slightly higher than the cement foundation of the
house, when we connect two floors up in the home office from the desk in the
side of the house, Wifi speeds drop to down to 30Mbps. At this point, we’re barely higher than the
maximum download speeds and if you are on an encrypted connection to your
servers at work, the connection speed is subject to frequent interruptions or
unbearably slow. That’s when I looked at the pile of USB extension cables I had
lying around from a recent machine rebuild, and the Wifi USB adapter that was
collecting dust since purchase of the router (included in the Cisco Router bundle). As
most users of a laptop, I had pre-determined that the internal Wifi adapter was
presumably good enough – indeed I was most incorrect.
After adding the USB cable extension with the idle USB Wifi
adapter to my laptop, and extending in the direction of the router across the
desk and dangling down to the floor, connectivity speeds increased to between 72-98Mbps (at least two and half times
the speed). At this point, the flaky VPN connectivity to servers went
away. I also made sure to extend the
cable away from anything that would cause interference – and I would suggest
moving around the final location of the UBS adapter at the end of the extension
to find your respective sweet spot for the communication to the router.
Subscribe to:
Posts (Atom)