Mathom Solutions Blog-IT

• The Exceptional DBA’s Code of Conduct | SQL Aloha | Brad McGehee
  Brad (blog | twitter) defines what a code of conduct is, explains how it can be helpful, and considers if and how it could be enforced.  Finally, he offers his take on it in order to be an Exceptional DBA. His goal is to offer advice to DBAs on how they might conduct themselves within the confines of their job's professional responsibilities/requirements.
  (tags: sqlserver Career)

As always, I am on the lookout for good free resources.  The good folks at Red-Gate with John Magnabosco have put out a very good book on Protecting SQL Server Data.  This free e-book covers the following topics:

1. Understanding Sensitive Data
2. Data Classification and Roles
3. Schema Architecture Strategies
4. Encryption Basics for SQL Server
5. Cell Level Encryption
6. Transparent Data Encryption (TDE)
7. One-Way Encryption
8. Obfuscation
9. Honeycombing a Database
10. Layering Solutions

The focus of this book is protecting sensitive data that is "at rest" within your SQL Server database (primarily Microsoft SQL Server 2005 and 2008). Security methods and appliances/devices that protect data externally to the DB, such as firewalls, secured network connections, and secure web design are all very important and recommended, but the main success of your efforts to protect sensitive data will depend upon how well you guard your data in the database. 

As you know, I am a big fan of Free...here are some other goodies:

Engineering Software for Accessibility by Microsoft Press. In an effort to enable software developers to create accessible Windows applications, we wanted to share our process with the community. We have captured this engineering process in a new book, Engineering Software for Accessibility. The book addresses three basic questions:

1. How do you plan for accessibility?
2. How do you design your software for accessibility?
3. How can you implement and test to your software to confirm it meets the accessible design?

You will learn that properly implemented accessibility enables access to Windows applications for users with a variety of capabilities.  

Get it before it is gone!

- - - - - - - - -  

SQL Server Tacklebox by Rodney Landrum. Essential tools and scripts for the day-to-day DBA that helps with Scripts, tools and techniques to tackle SQL Server issues, Troubleshoot performance issues, Receive notifications of impending issues, Fight off data corruption, Document and report on your servers, Automate and standardize SQL Server installation, Migrate data and manage data growth, and Secure access to your servers.    

This is sponsored by Red-Gate Software.   

As I am sure you are all aware, database hacking is happening--afterall it's where the crown jewel--you data--are located.  I came across this article today and it was very helpful in terms of how a hacker could get through a system with as little footprint as possible and how to think about protecting your systems. 

Cesar Cerrudo is a Security Consultant and Lead Research for Application Security Inc and he presented recently at Black Hat 2009.  His paper was on SQL Server Anti-Forensics: Techniques and Countermeasures.  The paper talks about anti-forensics (which is about how a hacker covers/removes traces of their activity) and the counter measures you can take to help reduce or mitigate the chances of them reducing their tracks when they have invaded your system. 

This is a must read and make sure to check out his other articles!

I ran across a couple of good links for free e-books about Microsoft SQL Server and figured I should share them.  

Introducing SQL Server 2008 by Peter Debetta, Greg Low, and Mark Whitehorn.  You can learn about the new features SQL Server 2008 including Security and Administration, Performance, Type System, Programability, Storage, High Availability, and Business Intelligence.  

Brad's Sure Guide to SQL Server 2008 by Brad McGehee.   This is about SQL Server 2008 and also includes two of his other books:  How to become an exceptional DBA and DBA Best Practices.  

Mastering SQL Server Profiler by Brad McGehee.  As its name implies, learning all about SQL Server Profiler (2005) and how it can help you make your systems faster.  

Dissecting SQL Server Execution Plans by Grant Fritchey.  Hey, this is an awesome book that talks about how you can read the excution plans and make your system go faster....hey who wouldn't want that?

Hopefully you will find these helpful.   

Also, if you know of any others, please let me know.