[powerpress]
Together we can make a difference in the data world!
In WOxPod!, episode # 013 – “The Start of Something Big!” I have an exciting announcement! This is something I’ve been wanting to do for a while, and now it is here! Now we together, can team up and make a change in the world of data!
[divider]Show Links:
Get the Script for free!!
Transcript:
You are listening to WOxPod!, episode # 013 – The Start of Something BIG!
Today I have an exciting announcement! This is something I’ve been wanting to do for a while, and now it is here! Now we together, can team up and make a change in the world of data!
Hey everyone, Chris Bell here. The WOxPod! podcast is produced for your enjoyment. Show notes can be found at wateroxconsulting.com/podcasts
Come back often feel free to add WOxPod! to your favorite RSS feeds, or subscribe on Android or ITunes using the link below. You can also follow us on Twitter, Facebook, or Linked In, all which are linked through our website: WaterOxConsulting.com
Now let’s get on to the show.
This is it! The start of something I’ve been wanting to do for a while now. If you have been listening to this podcast, or attended my sessions you know I tend to focus on data security and integrity. I have also been talking about wanting to pull together a tool that could help check if a SQL Server is compliant with the DoD STIGs, HIPAA, PCI, or whatever compliance is required.
Well, today is the day that all starts to come to be.
You can go to wateroxconsulting.com/compliance and download my new script sp_WOxCompliant™ for free!
Yeah, that’s right. For Free!
I know other places have compliance check scripts and tools, and you have to pay a pretty penny for some of them, and that’s fine. But something isn’t quite right when you look at the number of breaches happening because of simple things that could have been avoided.
Ergo, I am pulling together this script to perform a lot of the checks required to let you know what to look for, and what you may have to update first and making it completely free.
Now for the big question.
What does it check?
Well, I would love to say tons! A Lot! You won’t believe how much it does. But I can’t just yet.
This is a new script and as such I had to figure out what to focus on. There are a lot of different compliances out there and to narrow down set of checks into something of a reasonable size to be able to pull together without taking years of development time is pretty tricky. I decided to focus on the Department of Defense security technical implementation guides known as the DoD STIGs. Now why did I choose those there are a couple reasons. The first reason is that I live and work from my home, which is pretty close to Washington DC. There are a lot of DoD offices and contracted companies that getting this check put together against the STIGs made a lot of sense to potentially be able to make a local difference in data security. The other reason is that the DoD STIGs cover a broad spectrum of items to be checked. Everything from your manual processes and documentation, which incidentally the script cannot check, to access specific users and what they administrator should have as far as access goes. In looking through them. I noticed a lot of what are required checks and compliances by HIPAA and PCI are covered by the DoD STIGs.
By no means is this script completely finished. This first introduction of the scripts covers the DoD STIGs for SQL 2012 database compliance as well as those items marked as high priority in the DoD STIGs for a SQL 2012 instance. That’s getting at well over 30 checks being done, including some that are not state specific. Just to give you an idea the latest dates for SQL 2012 instance has five category one or high risk findings, while it has over 140 medium and low level checks. That’s a lot to do and it will be done. It’s just take some time.
This script is not only free to download, I mean, I don’t even want your email address for, all of the source code is fully visible. Nothing is being hit in. Nothing is compiled. You can look and see everything. It is doing. If you ever download scripts from the Internet or just handed them by anyone. You really should make sure that you do read through and understand what is going on and see what it is doing. The script does make a couple of administrative type of changes of setting up and making sure they can use PowerShell and SQL command to do some of the checks but beyond that it doesn’t change anything in your system. This is essentially a big report. As such, when you use the script. If you find there’s a check you really would like to have in there you have a couple of options. The first is simply write to [email protected] and let us know what check you would like to have done. It will be added to our list of what we are working on and possibly be in an upcoming update.
The second option is to write the code to perform the check yourself. Maybe you already have the code. You can send that to the same address [email protected]. We will review it and add it to an upcoming update and credit you in the notes of the compliance script.
So not only is this a tool that people in the community and in the world in general for SQL Server can use to check their systems, it’s a forum you can use to share your scripts and code with everybody downloads and uses the script.
So, that’s kind of that. I wanted this podcast to let you know about this new script, expose a little bit of the thought process behind it, why I did it, and how it can grow and hopefully continue to be useful to the community.
I think we as a collective in the data world are the ones who can really truly drive change in compliance and data security. So join me on my quest to help the world of data become more secure.
And that’s the show! Thanks for listening.
If you have any Questions or suggestions of topics or people to talk to email us at [email protected] or hit me up on twitter at @CBellDBA.
Until next time, keep yourself and your data safe!