Infrastructure at your Service


Security Archives - Blog dbi services

Mouhamadou Diaw

Oracle 21C Security : diagnostics_control and enable diagnostics

By | Database Administration & Monitoring, Database management, Oracle | No Comments

Some debug-events and debug-actions are not safe and should be exposed to users with caution. In previous releases, privilege control for the usage of these diagnostics was not sufficient. With Oracle 21c, regular users can be blocked from using these diagnostics to better support separation of duty. Indeed with Oracle 21c, we have a new mechanism to control the debug-events and debug-actions through ALTER SESSION and/or ALTER SYSTEM. This mechanism is implemented by two new…

Read More
Stéphane Haby

How to find the TLS used for the SQL Server connection

By | Database Administration & Monitoring, Database management, Security, SQL Server | No Comments

For a customer, I do some research to find which TLS is used on the SQL Server environment. The only way is to create an Extended Event. A big limitation is that the event used is only available on SQL Server 2016 and +. Before use the Built-In Diagnostics (BID) traces. After I implanted the first TLS Monitoring on  a SQL Server 2016 with the query: CREATE EVENT SESSION [TLS_monitoring] ON SERVER              ADD EVENT…

Read More
Stéphane Haby

SQL Server: Replace the old SCOM login by the new one

By | Database Administration & Monitoring, Database management, SQL Server | No Comments

It’s every time hard to replace a login who as role and permissions in every database like the service account for SCOM. In the previous version of Scom, you create a service account (dbi\scom) to access the SQL Server and check the health of the databases. Now it’s possible to use the System Center Operations Manager Health Service (NT SERVICE\HealthService). To do this change on all SQL Servers, I write a script. I create the…

Read More
Steven Naudet

SQL Server: Audit changes on Instance Configuration, Linked Servers and Agent Jobs

By | Database Administration & Monitoring, SQL Server | No Comments

Introduction Very often with our customers, there is only one person with the DBA role. The configuration of the instances is then under control and if anything strange has to be questioned, the culprit is quickly identified. 🙂 When many people, not necessarily having DBA knowledge, have high permissions (sysadmin) on instances it becomes important to know who does what. In this blog post, we will see how to get notified by email when certain…

Read More
Dominique Althuser

Swiss Cyber Security Days (SCSD)

By | Security | No Comments

The Swiss Cyber Security Days (SCSD) took place on March 10 and 11, 2021 The largest event in Switzerland entirely dedicated to cyber security took place on March 10 and 11, in a 100% digital form. Despite the health measures related to the coronavirus pandemic, the third edition of the Swiss Cyber Security Days was maintained. Indeed, cyber threats do not know any break.   One of the conferences I was able to attend, presented…

Read More
Christian Weinfurtner

Oracle 21c: Blockchain Tables

By | Database Administration & Monitoring, Database management, Enterprise content management, Oracle | No Comments

Oracle Blockchain Tables With Oracle Database 20c/21c the new feature Oracle Blockchain Tables has been introduced. Blockchain Tables enable Oracle Database users to create tamper-resistant data management without distributing a ledger across multiple parties. Database security can be improved by using Blockchain Tables to avoid user fraud and administrator fraud as well. One of the main characteristics of Oracle Blockchain Tables is that you can only append data. Table rows are chained using a cryptographic…

Read More
Mouhamadou Diaw

Oracle 21c Security : Gradual Database Password Rollover

By | Database Administration & Monitoring, Database management, Oracle, Security | 5 Comments

Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME This will set a rollover period of time where the application can log in using either the old password or the new password. With this enhancement, an administrator does not need any more to take the application down when the application database password is being rotated….

Read More
Burgert Daniel

Increase your PostgreSQL databases security by checking a few settings Part 2

By | Database Administration & Monitoring, Postgres, Security | No Comments

Continuing from my first blog we will check some more access and authentication configurations. Focusing on removing unnecessary database privileges. After that we will configure the backend parameters correctly to have more robust PostgreSQL server/client sessions. And at last SSL encryption for these sessions will be configured.

Read More
Stéphane Haby

SQL Server Tips: Orphan database user but not so orphan…

By | Database Administration & Monitoring, Database management | No Comments

Beginning of this year, it is good to clean up orphan users in SQL Server databases. Even if this practice must be done regularly throughout the year of course. 😉 During my cleaning day, a new case appears that I never had before and enjoy to share it with you. To find orphan database-users, I use this query: SELECT *FROM sys.database_principals a LEFT OUTER JOIN sys.server_principals b ON a.sid = b.sid WHERE b.sid IS NULL…

Read More