SQL Server: When Table Data Is Last Accessed And Modified

Statistics - @SeniorDBAKnowing the last time the data was accessed in you database can be helpful information. This script can be used to find when table data is last modified or accessed:

Continue reading “SQL Server: When Table Data Is Last Accessed And Modified”


Output is Better


You work hard. You know you work hard, your co-workers know you work hard, and your customers know you work hard. No one cares that you are working hard. What really matters is output. What have you gotten done? It has been shown through numerous studies that people will feel more value in a process that seems more difficult. People feel vacuums are more powerful if they are louder, cars are more powerful if the engine makes more noise, and that software must be really powerful if it took you more than a couple of 10 hour shifts to develop.

But the key to happiness is getting work done without so much effort. One of the things that is supposed to be a benefit of experience is things are supposed to get easier with age. Don’t fool yourself into believing that working harder is working better. What lessons have you learned that can make your job easier? If it is still taking you the same amount of time to do most of your tasks, you have to ask what you are doing wrong.

Continue reading “Output is Better”

Create Bootable USB Drive Using Windows 10

USB Thumb Drive - @SeniorDBA

Creating  a bootable USB may allow you to boot your computer even if the internal hard drive has stopped working. It is also very useful to create a bootable USB drive so you can copy the Windows 10 ISO image onto the USB drive and install Windows 10 with ease. With a new major version of Windows 10 available, maybe now is a good time to review these steps. We have shown you how to create a Kali Linux boot USB using your Mac in a previous post.

If you don’t want to use any special software there is a way to create a bootable USB drive from you Windows 10 Command Prompt, but it can be a bit tricky. Here’s how to do it step-by-step on your computer:

Continue reading “Create Bootable USB Drive Using Windows 10”

Free Download: SQL Server Management Studio 17.6

SQL Server

SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

Microsoft has announced the latest release of SQL Server Management Studio (SSMS) in October. This release features improved compatibility with previous versions of SQL Server and a stand-alone web installer.

Get it here:

Continue reading “Free Download: SQL Server Management Studio 17.6”

PCI DSS – Storing Credit Card Numbers

If you have read the PCI DSS and the requirements for how you must store credit card data, you may be asking for some basic guidance for how to handle credit card numbers in your database systems.


These suggestions cover the basics – the full topic of protecting card data is easily several hundred pages long. These are basic ideas, but you should consult with your compliance team for final guidance.

Continue reading “PCI DSS – Storing Credit Card Numbers”

Preventing a Database Breach

One of the hardest thing to do is prevent something from happening when you don’t know when it might happen or who will try to make it happen. As a Database Administrator, you have to be aware that a data breach might happen and you must take reasonable precautions to prevent them. According to the 2016 study by IBM, 60% of database attacks are insiders (people using approved network credentials) looking to access or steal corporate data.

There are some basic steps you should execute to help prevent unauthorized access to your database environment.

  1. Enforce Privileges – As an employee starts their tenure at a company, they are usually given the exact correct privileges for their position. The longer the employee is with a company, the correct privileges start to vary from the effective privileges, until eventually the employee has the wrong access privileges.  You need to make sure those initial access rights are correct from day one, and that you periodically review the access rights for every employee. If there is any question about the correct privileges, you should contact their supervisor and document the correct level of access.
  2. Database Discovery – People are busy, and don’t always pay attention when new database instances are created. The people who manage the databases are often times not the people who install the software, so this can lead to an environment where there are unauthorized or poorly configured database instances. Database discovery is a crucial first step for avoiding security issues, so you should scan your environment for new database instances as often as possible. The amount of change in your environment will dictate how often you should search for new database instances, but the minimum is annually.
  3. Connection EncryptionEncrypting the connection between the user and the database can help prevent man-in-the-middle attacks.
  4. Strong Password – You should expect the same password strength for your databases as you expect on the network. If possible, use Windows Authentication instead of SQL Server Authentication. This will help enforce the same password strength as your network password, and you must verify that the network settings are using best practice strength requirements.
  5. Detect Compromised Credentials – It is estimated that 60% of companies cannot detect compromised credentials, based on a study by solution vendor Rapid7. Since authorized individuals use databases in a predictable way, abnormal or unauthorized access will be detected and you can be alerted.  There are security appliances that can catch unusual or unwanted user access based solely on algorithm analysis, preventing a possible  data breach.

Security Through Ignorance


Security - @SeniorDBA

Some people believe that their computer systems are more secure if the person attacking their systems don’t know some facts, like what port their SQL Server instance is using or by not disclosing the written specifications for critical software functions. Those people believe that if malicious attackers don’t know how the system is secured, security will be better. Although this might seem logical, it’s actually easy to see how it is untrue if you think about if for a few minutes. Insider attacks by employees, one of the most common forms of an attack, will already know the port used or how your software works.

The problem with security through ignorance is it just leads to a false sense of security, which is usually much more dangerous than not doing anything at all. Assume you are working with an intelligent attacker, and that your weak half-attempts to secure your systems will delay the attacker all of about 2 minutes. Spend your time and effort for implementing true security measures and you will sleep better each night.