|
I am looking to send one of my dba's for training specifically in sql server security. I know many of the classes include some training in areas like creating users, database roles, etc. but what I am looking for is something more thorough than that. Basically I am looking for classes that are specifically geared to every facet of sql security, best practices, data intrusion prevention, data and database encryption, network data segmentation, defining security policies, security auditing, anything and everything. Does anyone have any suggestions for any classes we could look into?
(comments are locked)
|
|
See if you can get in touch with Bob Beauchemin at SQLSkills.com. He covers all those areas in his courses. The IE course Bob teaches that includes security is only 5 modules out of the total amount. (http://www.sqlskills.com/T_ImmersionSecurityDevSupport.asp) Majority of his course is on development. They don't have an agenda up anymore but I believe of the 5 day course, this was all covered in 1 day.
Aug 31 '11 at 09:24 PM
Shawn_Melton
(comments are locked)
|
|
You might want to check into training courses dealing with Comptia Security+ or CISSP courses. Those would get very detailed into general security best practices, outside of SQL Server context. Some of those topics are generalized to IT security so most SQL Server courses are not going to cover them that I am aware of.
(comments are locked)
|
|
The short answer is you're not going to find any security specific training for SQL Server. Denny Cherry, Don Kiely, and I do sessions at SQL Saturdays, SQL Connections, and the PASS Summit, but so far as I am aware, only one of us proposed a security pre-con for SQL Rally, but it wasn't picked by the community. Therefore, the best resources are books. There's Denny's book, mine (How to Cheat at Securing SQL Server 2005 from Syngress), Kevvie Fowler's SQL Server Forensics, and then the general stuff as Shawn mentioned. Given what you're asking, I would not waste my time on CISSP books or courses because those are considered management certs and too high level and conceptual for what you're looking for. Security+ is better, but probably the SANS GIAC curriculum is your best bet.
(comments are locked)
|
|
Thanks for all the responses. It sounds like everyone had the same responses I expected. As a matter of fact I am sending one of my other dba's to a sqlskills training in October. However, we did come across this course, http://www.verhoef-training.com/courses/SSSEC.html, I know it current says 2005 but we have spoken to them and they just have not updated their site and they do the same training only for 2008. Has anyone had any experience with this training company? I don't recognize the company name and can't access that link from work, but would be curious their excuse for not updating their website. I mean if you are going to be giving training and your website is the source of that information, it should be kept current (SQL 2008 has been out for how long now?). :)
Sep 02 '11 at 09:52 AM
Shawn_Melton
(comments are locked)
|
where in the world are you?