Creating a bootable USB may allow you to boot your computer even if the internal hard drive has stopped working. It is also very useful to create a bootable USB drive so you can copy the Windows 10 ISO image onto the USB drive and install Windows 10 with ease. With a new major version of Windows 10 available, maybe now is a good time to review these steps. We have shown you how to create a Kali Linux boot USB using your Mac in a previous post.
If you don’t want to use any special software there is a way to create a bootable USB drive from you Windows 10 Command Prompt, but it can be a bit tricky. Here’s how to do it step-by-step on your computer:
Continue reading “Create Bootable USB Drive Using Windows 10”
If you have read the PCI DSS and the requirements for how you must store credit card data, you may be asking for some basic guidance for how to handle credit card numbers in your database systems.
These suggestions cover the basics – the full topic of protecting card data is easily several hundred pages long. These are basic ideas, but you should consult with your compliance team for final guidance.
Continue reading “PCI DSS – Storing Credit Card Numbers”
One of the hardest thing to do is prevent something from happening when you don’t know when it might happen or who will try to make it happen. As a Database Administrator, you have to be aware that a data breach might happen and you must take reasonable precautions to prevent them. According to the 2016 study by IBM, 60% of database attacks are insiders (people using approved network credentials) looking to access or steal corporate data.
There are some basic steps you should execute to help prevent unauthorized access to your database environment.
- Enforce Privileges – As an employee starts their tenure at a company, they are usually given the exact correct privileges for their position. The longer the employee is with a company, the correct privileges start to vary from the effective privileges, until eventually the employee has the wrong access privileges. You need to make sure those initial access rights are correct from day one, and that you periodically review the access rights for every employee. If there is any question about the correct privileges, you should contact their supervisor and document the correct level of access.
- Database Discovery – People are busy, and don’t always pay attention when new database instances are created. The people who manage the databases are often times not the people who install the software, so this can lead to an environment where there are unauthorized or poorly configured database instances. Database discovery is a crucial first step for avoiding security issues, so you should scan your environment for new database instances as often as possible. The amount of change in your environment will dictate how often you should search for new database instances, but the minimum is annually.
- Connection Encryption – Encrypting the connection between the user and the database can help prevent man-in-the-middle attacks.
- Strong Password – You should expect the same password strength for your databases as you expect on the network. If possible, use Windows Authentication instead of SQL Server Authentication. This will help enforce the same password strength as your network password, and you must verify that the network settings are using best practice strength requirements.
- Detect Compromised Credentials – It is estimated that 60% of companies cannot detect compromised credentials, based on a study by solution vendor Rapid7. Since authorized individuals use databases in a predictable way, abnormal or unauthorized access will be detected and you can be alerted. There are security appliances that can catch unusual or unwanted user access based solely on algorithm analysis, preventing a possible data breach.
What is RAID?
RAID stands for Redundant Array of Inexpensive Disks. It is a technology used to distribute data across multiple hard drives in one of several ways called “RAID levels”, depending on what level of redundancy and performance is required.
Wikipedia defines RAID as “a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemes, or data distribution layouts, are named by the word “RAID” followed by a number, for example RAID 0 or RAID 1. Each schema, or RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable sector read errors, as well as against failures of whole physical drives.”
In environments were speed and redundancy are required, you need to select the proper RAID level that matches your requirements and budget. In general, a RAID-enabled system uses two or more hard disks to improve the performance or provide some level of fault tolerance for a NAS or server.
There are several RAID concepts that you must also understand:
Continue reading “RAID Levels Explained”
This month, Microsoft introduced the public preview of a new database offering named “Azure SQL Database Managed Instance.” This new Azure offering is intended to create a database solution that more closely matches a traditional on-premise product, while supporting some advanced Azure features.
The Azure SQL Database Managed Instance feature was created to make it easier for users to migrate their existing third-party applications from an on-premise SQL Server instance to Azure by maintaining feature compatibility. This current preview version is not yet at the 100% complete mark, but Microsoft is promising some additional features in the coming months.
In terms of programmability and feature compatibility, Managed Instance supports compatibility all the way back to SQL Server 2008. It also allows for direct migration of database versions starting with SQL Server 2005. You can copy your on-premise backups to Azure (or backup directly to Azure) and restore them into the service seamlessly using Direct migration. Other features Microsoft has enabled include service broker, change data capture and linked servers, which had previously been limiters for moving on-premises applications into Azure SQL Database.
Continue reading “Azure SQL Database Managed Instance in Public Preview”
If you are wondering if you should move from a traditional Waterfall development methodology to something new, but can’t pick between Kanban and Scrum, here is some information that might help you pick a new path.
Kanban is a simple methodology that focuses on the tasks your team is currently performing. The tasks are displayed to all participants so you and your team can track the progress and easily see what tasks are currently active. A good practice is to organize your development process using a Kanban board to show the status of each task, from “to-do”, “in progress”, “testing”, “ready for release”, and finally “released”. This simple methodology gives the team more flexible planning options, a clear focus on specific tasks, transparency on what is coming next, and a faster output by helping them focus on just a few tasks at any one time.
Continue reading “Kanban vs. Scrum”
Network design starts with creating a secure network infrastructure. While it is assumed that network design processes are obvious when it comes to placement and configuration of routers, firewalls, and switches it can often be helpful to document some of the best practices for the less experienced people that might be tasked with this process at their company.
Remember that having an established procedure and setting realistic expectations allow you to provide some consistency into your IT processes. Consistent processes tend to be repeatable and reliable, which also means you reduce the chance of surprises and security headaches.
Firewalls – Generally speaking you want a firewall placed between network segments that require a high degree of security and to keep unauthorized users off your network. This is easily demonstrated when talking about the connection between your company network and the general internet. Since you don’t want uncontrolled traffic between those two network segments, you implement a firewall. A firewall is designed to block all traffic except the specific traffic you wish to allow. You should verify your firewall has the latest vendor updates applied, all unused ports and protocols are blocked by default, and Intrusion Detection is enabled at the firewall.
Continue reading “Network Design Security Checklist”