The DBA Fundamentals VC offers training and support to individuals interested in a solid DBA foundation.
Meeting Detail

Tue, Jun 07 2016 11:00 Central Daylight Time

Securing a SQL Server Checklist - Visit to the Dentist


Securing a SQL Server Checklist

The session will cover DBA's Checklist Compliance 101 - with the examples of the compliance rules of several industries and the logic behind them. We will go over the protection mechanisms available to every DBA - as they relate to the compliance rules. We will introduce initial ten steps for the security and privacy compliance policies, and will do hands-on examples as applicable. 1. install firewall - and what it means for the DBAs. DMZ - or how do you move data across "zones" safely? '2. passwords policies - at the minimum, change vendors defaults here I will give some introduction into WHY, introduce ISO - and show them how to do policies and how to protect password to different security levels. 3. protect data on disk here I will explain the encryption and masking and what protects against whom, again - will do some examples - basic ones. This section will also talk about how to identify sensitive data - and what to encrypt and how, and what to mask and how. HIPAA's safe harbor as part of privacy rule, and HIPAA's security rule, PCI DSS removal of card numbers, cv2, etc. Here also I will cover password encryption in SQL. Examples will follow - as simple as how to create keys and encrypt the column to the level of complexity you require. 4. protect data in- transit ( this is not a db task, will just mention it) 5. anti-virus software - this is not per se db task, but often might interrupt database operations - it happened before. Will just let them know to check it. 6. develop secure systems - this is where sql injection and use of stored procedures comes in place. I can talk about diff sql injections - a little bit of hands -on 7. identity management as extension of #3 and #6 8. monitor access to network and database activities ( for Fraud detection) 9. preparedness tests of security - Create "false alarms" 10.Make the above a policy with document and mandatory class.

Virginia Mushkatblat has 20 years of development and architectural experience with critical data-intensive applications. She has worked in companies ranging from start-ups to international conglomerates with the range of requirements, including those of 24/7 and batch processing, and lead teams of DB developers, architects and administrators. She has worked in entertainment, technology, e-commerce, and financial industries. She holds Masters Degrees in Engineering and in Computer Science and originated several patents.