Tag: SQL Server

Machine Learning Security and Event Sourcing for Databases

In times past, an application would make an update to a database, essentially overwriting the old data with new data. There wasn’t an actual time element to the update. The data would simply change. This approach to database management worked fine as long as the database was on a local system or even a network owned by an organization. However, as technology has progressed to use functionality like machine learning to perform analysis and microservices to make applications more scalable and reliable, the need for some method of reconstructing events has become more important.

To guarantee atomicity, consistency, isolation, and durability (ACID) in database transactions, products that rely on SQL Server use a transaction log to ensure data integrity. In the event of an error or outage, it’s possible to use the transaction log to rebuild pending database operations or roll them back as needed. It’s possible to recreate the data in the database, but the final result is still a static state. Transaction logs are a good start, but not all database management systems (DBMS) support them. In addition, transaction logs focus solely on the data and its management.

In a machine learning security environment, of the type described in Machine Learning Security Principles, this isn’t enough to perform analysis of sufficient depth to locate hacker activity patterns in many cases. The transaction logs would need to be somehow combined with other logs, such as those that track RESTful interaction with the associated application. The complexity of combining the various data sources would prove daunting to most professionals because of the need to perform data translations between logs. In addition, the process would prove time consuming enough that the result of any analysis wouldn’t be available in a timely manner (in time to stop the hacker).

Event sourcing, of the type that many professionals now advocate for microservice architectures, offers a better solution that it less prone to problems when it comes to security. In this case, instead of just tracking the data changes, the logs would reflect application state. By following the progression of past events, it’s possible to derive the current application state and its associated data. As mentioned in my book, hackers tend to follow patterns in application interaction and usage that fall outside the usual user patterns because the hacker is looking for a way into the application in order to carry out various tasks that likely have nothing to do with ordinary usage.

A critical difference between event sourcing and other transaction logging solutions is the event sourcing relies on its own journal, rather than using the DBMS transaction log, making it possible to provide additional security for this data and reducing the potential for hacker changes to cover up nefarious acts. There are most definitely tradeoffs between techniques such as Change Data Capture (CDC) and event sourcing that need to be considered, but from a security perspective, event sourcing is superior. As with anything, there are pros and cons to using event sourcing, the most important of which from a security perspective is that event sourcing is both harder to implement and more complex. Many developers cite the need to maintain two transaction logs as a major reason to avoid event sourcing. These issues mean that it’s important to test the solution fully before delivering it as a production system.

If you’re looking to create a machine learning-based security monitoring solution for your application that doesn’t require combining data from multiple sources to obtain a good security picture, then event sourcing is a good solution to your problem. It allows you to obtain a complete picture of the entire domain’s activities that helps you locate and understand hacker activity. Most importantly, because the data resides in a single dedicated log that’s easy to secure, the actual analysis process is less complex and you can produce a result in a timely manner. The tradeoff is that you’ll spend more time putting such a system together. Let me know your thoughts about event sourcing as part of security solution at [email protected].

Checking SQL Server Status

This is an update of a post that originally appeared on November 14, 2012.

A number of my books rely on database access. Today that database access can take many forms, such as the use of .csv files in my AI, machine learning, and deep learning books. However, this post is specific to those books that use Microsoft’s SQL Server on the local system, which is currently limited to C++ All-In-One for Dummies, 4th Edition (optionally) and C# 10.0 All-in-One for Dummies, but could include other books in the future (or you may simply decide to use Microsoft SQL Server with one of my other books).

In order to access any server, the server must be running. It only makes sense that you can’t access something that isn’t listening. The problem is that SQL Server may not start automatically for a number of reasons on your system and that Visual Studio doesn’t always make it apparent that the server isn’t running. You may get a nebulous message when you try to make a connection that doesn’t tell you anything. (No, SQL Server doesn’t start automatically when you make a request for data.) With this in mind, a post of checking the status of SQL Server is important.

Normally, I would tell you to use the tools that come with SQL Server to check the status of the server. However, some versions of SQL Server Express Edition install without the standard tools now, such as SQL Server Management Studio (SSMS). Without access to these tools, it may seem as if checking the server status is impossible. Fortunately, you have other options.

The best way to check the status of SQL Server on your system is to use the Services console found in the Administrative Tools folder of the Control Panel. The Services console is one of a number of Microsoft Management Console (MMC) snap-ins that Windows installs automatically for you. However, to use this console, you must have administrator rights on the target system. Without these rights, you truly are out of luck in checking the status of your SQL Server setup and will need to get an administrator to help you.

Open the Services console by right clicking Start, choosing Run from the menu, typing services.msc in the Open field, and clicking OK. You find a list of all of the services installed on your system in the resulting Services window. Scroll down the list and you should find one or more SQL Server entries like the ones shown here.

The services window contains a list of Windows services installed on the local machine that their status.
Use the Services console to check the status of services on your system.

In order to work successfully with the examples in my book, you should have SQL Server set to start automatically. In addition, when you check the service, you should see Started in the Status column as shown in the screenshot. If you don’t see Started, then highlight the service as shown and click the Start link you see on the left side (not shown in this case because the service is already started).

To make the examples easier to work with, you should also ensure that the SQL Server Browser service is started. This service makes it possible for Visual Studio to find the SQL Server installation on your system. Without this service, you must correctly type the name of the SQL Server installation you want to use when creating a connection, which is both time consuming and error prone.

If you find that you encounter problems making database examples in my books work, please check the status of SQL Server to ensure the service is actually started. Contact me at [email protected] if you experience any other connectivity problems. I may not be able to fix every problem you encounter, but I often have a good idea of what problems you might be seeing on your system and will do my best to help you.