Microsoft to build great wall of Yukon

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-957376.html?tag=fd_top

By Wylie Wong 
Staff Writer, CNET News.com
September 10, 2002, 1:50 PM PT

Microsoft is aiming to shore up the security of its SQL Server
database management software.

The next version of SQL Server, code-named "Yukon," will include a
long list of new security-related features when it debuts in 2003,
said James Hamilton, SQL Server's design architect. He said that
Microsoft's database team spent more than a month auditing the
software code for security holes.

Yukon will include the ability to more easily add security fixes,
Hamilton said. Previously, database administrators had to install
patches one at a time, a several-step process in which mistakes could
be made, he added.

The software will also by default disable public access to all
"tables," or rows and columns of data, to prevent hackers from taking
advantage of openings, Hamilton said. Microsoft has previously
disabled public access by default in many scenarios, but it had
previously left open access to some information, such as metadata
information, he said. Metadata is the definition of the data in the
database.

"When a customer installs Yukon, it will be a secure install,"  
Hamilton said. "It's a faster set-up of your system. You don't have to
go through and assign security for everything. It's already set, and
you can adjust it."

Yukon also gives administrators more far-reaching control over giving
people access to specific data. For example, right now a worker can be
granted or denied access to see employee information such as names and
phone numbers. But with the upcoming software, administrators can go a
step further and give employees access to data of only other workers
in the same department.

"You can squeeze down the security more," Hamilton said.

The database security check is part of a company-wide initiative set
up by chairman Bill Gates to beef up security in all of Microsoft's
products. The tech giant has long been plagued by glitches and
security holes in its software, from Windows to the Internet Explorer
browser. And SQL Server has had its share of woes, including a worm
attack in May. Databases, which manage information, are prone to
attacks by hackers who want corporate or Web site information such as
credit card numbers.

Microsoft has touted its next-generation database as having new data
storage architecture intended to make it easier to find and use
corporate data. In fact, a forthcoming version of Windows, code-named
Longhorn, will use Yukon's data storage capability.

Sheryl Tullis, Microsoft's product manager for SQL Server, said the
company will also try to teach administrators the best practices for
using the software through white papers and Webcast tutorials.

"It's not just securing the code, but educating people on reducing
risk to themselves," she said.

The test version of Yukon is scheduled for release in early 2003, with
final shipment slated for late in the year. Other features include
support for Microsoft's .Net strategy and increased performance,
reliability and manageability.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.