Security Through Ignorance

 

Security - @SeniorDBA

Some people believe that their computer systems are more secure if the person attacking their systems don’t know some facts, like what port their SQL Server instance is using or by not disclosing the written specifications for critical software functions. Those people believe that if malicious attackers don’t know how the system is secured, security will be better. Although this might seem logical, it’s actually easy to see how it is untrue if you think about if for a few minutes. Insider attacks by employees, one of the most common forms of an attack, will already know the port used or how your software works.

The problem with security through ignorance is it just leads to a false sense of security, which is usually much more dangerous than not doing anything at all. Assume you are working with an intelligent attacker, and that your weak half-attempts to secure your systems will delay the attacker all of about 2 minutes. Spend your time and effort for implementing true security measures and you will sleep better each night.

Advertisements

RAID Levels Explained

RAID Levels - @SeniorDBA

What is RAID?

RAID stands for Redundant Array of Inexpensive Disks. It is a technology used to distribute data across multiple hard drives in one of several ways called “RAID levels”, depending on what level of redundancy and performance is required.

Wikipedia defines RAID as “a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemes, or data distribution layouts, are named by the word “RAID” followed by a number, for example RAID 0 or RAID 1. Each schema, or RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable sector read errors, as well as against failures of whole physical drives.”

In environments were speed and redundancy are required, you need to select the proper RAID level that matches your requirements and budget. In general, a RAID-enabled system uses two or more hard disks to improve the performance or provide some level of fault tolerance for a NAS or server.

There are several RAID concepts that you must also understand:

Continue reading “RAID Levels Explained”

Selecting a Better Password

 

Password - @SeniorDBA

People continue to pick and use poor passwords to protect their valuable information. You might not think your password is important or sought after by hackers, but it is really the only thing between the entire world and your personal online accounts. If you have a password of eight random letters, there are about 200 billion possible password combinations. If a hacking program like Hashcat had to try them all, it would be done in about 4 minutes. If you add mixed casing and digits into the mix, you increase the number of possible passwords and by increasing the length to 12 characters we can catapult the number of password possibilities to about 4 sextillion. When talking about the number of possibilities which are now available to users,  it would take Hashcat an estimated lifetime to work through all the possible combinations.

However, this math does not take the human factor into account. You want to select a combination of characters that you can remember and isn’t too difficult to enter a few times each day. The password also has to work within the limits imposed by the website or application when you created the password. People wanting to crack your password are aware of those limitations. In fact, there are extensive lists of common password terms available on the internet, sorted by their popularity. The password cracking programs will just try those more common words and their common alterations first, and that will allow for increased odds of success in a shorter time.

Continue reading “Selecting a Better Password”

Azure SQL Database Managed Instance in Public Preview

This month, Microsoft introduced the public preview of a new database offering named “Azure SQL Database Managed Instance.” This new Azure offering is intended to create a database solution that more closely matches a traditional on-premise product, while supporting some advanced Azure features.

The Azure SQL Database Managed Instance feature was created to make it easier for users to migrate their existing third-party applications from an on-premise SQL Server instance to Azure by maintaining feature compatibility. This current preview version is not yet at the 100% complete mark, but Microsoft is promising some additional features in the coming months.

In terms of programmability and feature compatibility, Managed Instance supports compatibility all the way back to SQL Server 2008. It also allows for direct migration of database versions starting with SQL Server 2005. You can copy your on-premise backups to Azure (or backup directly to Azure) and restore them into the service seamlessly using Direct migration. Other features Microsoft has enabled include service broker, change data capture and linked servers, which had previously been limiters for moving on-premises applications into Azure SQL Database.

Continue reading “Azure SQL Database Managed Instance in Public Preview”

Kanban vs. Scrum

 

If you are wondering if you should move from a traditional Waterfall development methodology to something new, but can’t pick between Kanban and Scrum, here is some information that might help you pick a new path.

Kanban

Kanban is a simple methodology that focuses on the tasks your team is currently performing. The tasks are displayed to all participants so you and your team can track the progress and easily see what tasks are currently active. A good practice is to organize your development process using a Kanban board to show the status of each task, from “to-do”, “in progress”, “testing”, “ready for release”, and finally “released”. This simple methodology gives the team more flexible planning options, a clear focus on specific tasks,  transparency on what is coming next, and a faster output by helping them focus on just a few tasks at any one time.

Continue reading “Kanban vs. Scrum”

10 Things An IT Manager Must Do On The First Day

 

New Manager Job - @SeniorDBA

Congratulations, you have found a new job as an IT Manager. This new job could be leading a development team, managing a group of developers, or any other management position in the IT group. How you approach your first day at the new company will make a huge difference, putting you on the path to success or making your new role a struggle. You may have been promoted to a management position at your last company, so you might not have any experience starting at a new company as a manager.

Continue reading “10 Things An IT Manager Must Do On The First Day”

13 Skills Every Manager Needs

Communication

If you have attended any classes or seminars on leadership or management, you have been trained on how to manage people and time, but you probably didn’t get much content on how to actually be a leader of people. Leadership is primarily providing an example of how you want people to behave by demonstrating integrity, high self-esteem, and overall confidence in purpose.

If you are interested in becoming an effective leader, look to demonstrate these skills to persuade and guide your team.

Continue reading “13 Skills Every Manager Needs”