An Introduction to Big Data Concepts

The idea that data collected in computerized systems could be used to inform and thereby improve decision making has been around for quite some time.  Over the last couple decades, ideas of how to assemble a decision support system have coalesced around the concept of a data warehouse. The construction of a proper data warehouse…

0

An Introduction to BigData Concepts: My Disclaimer

Recently, Microsoft announced its plans around Hadoop and all of a sudden BigData is part of the mainstream conversation we are having with our customers.  As a Business Intelligence practitioner, I couldn’t be more excited about this, but having been heavily steeped in the structured world of traditional Business Intelligence approaches, I have to admit…

0

Creating Your First FileTable in SQL Server Denali CTP3

With SQL Server Denali CTP3 now available, I’m starting to explore some of the new Database Engine capabilities.  One that caught my attention is the FileTable. The FileTable builds upon FileStream storage which allows BLOB data to be stored as individual files separate from a database’s data files.  In SQL Server 2008 (and 2008 R2),…

4

Virtualizing the SharePoint 2010 Database-Tier

Over the last few months, I’ve had a number of conversations with customers regarding the virtualization of SQL Server for the database-tier of SharePoint Server 2010 deployments.  Historically, administrators have been hesitant to virtualize SQL Server database servers out of concerns for performance. With advances in virtualization technology and the adoption of new IT standards,…

0

Securing the Data Warehouse

After completing a series of posts on Building Secure Database Applications, the question of how the practices and features highlighted apply to data warehouses arose. In a traditional database application, the database is a behind-the-scenes element, accessed indirectly by the user through an application front-end or middle-tier. In such an architecture, interaction with the database…

1

Regulate Network Connectivity

SQL Server accepts client connections over specific network protocols and (for lack of a better term) associated channels. The combination of network protocol, a channel, and the type of communication taking place over it is managed from within SQL Server as an endpoint. SQL Server comes pre-configured with 5 endpoints intended to support traditional client-server…

2

Monitor & Enforce Security Policies

Once a security policy is defined, it then needs to be monitored and enforced to ensure compliance.  SQL Server provides two features for this: policy-based management and audit. Policy-Based Management Introduced with SQL Server 2008, policy-based management (PBM) allows administrators to define conditions for various facets of the database environment.  These conditions, combined to form…

0

SQL Injection Demo

The purpose of this post is to demonstrate a simple SQL injection attack.  For information on securing a database against SQL injection, please review this post. NOTE Implementing an actual SQL injection attack against a system for which you have not been provided explicit authorization may result in your prosecution. This post is intended to educate folks…

0

Defend against SQL Injection

SQL injection is an attack by which user input is used to modify the logic of a SQL statement. The attack may be used to disrupt the underlying database or bypass application logic but more typically it is used to extract additional information from the database which may be valuable in its own right or…

0

Transparent Data Encryption (TDE) Demo

 This post demonstrates the use of Transparent Data Encryption (TDE) to protect database files including backups.  To understand how this features can be employed to improve the security of database applications, please review this post.  The first step in the demonstration is to create an empty database which will be encrypted with TDE in a…

0