DoD STIGs – V-32415

STIGs Image

Overview: Title: Database software, applications and configuration files must be monitored to discover unauthorized changes. Vulnerability ID: V-32415 STIG ID: IA Controls: None Severity: medium Description: When dealing with change control issues, it should be noted any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security …

DoD STIGs – V-32414

STIGs Image

Overview: Title: The DBMS software installation account must be restricted to authorized users. Vulnerability ID: V-32414 STIG ID: IA Controls: None Severity: medium Description: When dealing with change control issues, it should be noted any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the …

A New Look & A New Direction

You have brains in your head. You have feet in your shoes. You can steer yourself in any direction you choose. You’re on your own, and you know what you know. And you are the guy who’ll decide where to go. – Dr. Seuss

Quick PS script to get SQL Server Configuration Aliases

ALIASES

Aliases! They can be quite helpful, but they can also be a major pain when setting up new servers or migrating to a new server. Trust me, we just got burned by this recently. A missed alias resulted in a critical app being down for a while until we figured it out. If you use aliases and don’t have them …

Documenting SQL Server Access – Who Can Do What?

Digby! says what?

When is the last time you audited who has SQL Server access? No really? When did you last do this? Have you ever done it? If you have, great! If not, well, let’s fix that. Below I have a PowerShell script that can help enlighten you to your SQL Server security situation a little more. Before we get to that, …

DoD STIGs – V-32368

STIGs Image

Overview: Title: The DBMS must produce audit records containing sufficient information to establish what type of events occurred. Vulnerability ID: V-32368 STIG ID: IA Controls: None Severity: medium Description: Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, …