Your SlideShare is downloading. ×
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Introduction to SQL Server Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Introduction to SQL Server Security

1,363

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,363
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Introduction to SQLServer Security
  • 2. MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com• Founded 2008 by MSFT MVP Brian Knight• Focused on the MSFT SQL Server Platform• Provides services, training and software• MSFT/HP “go to” partner:• Gold Certified:o BIo Data Managemento SQL Performance• Team led by multiple MVP’s• Offices throughout the US with CorporateHQ in Jacksonville, FLPragmatic Works Company History
  • 3. Getting StartedJasonStratee: jstrate@pragmaticworks.comb: www.jasonstrate.comt: StrateSQLMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 4. AgendaOverviewSecuring SQL ServerAccessing SQL ServerControlling AccessValidationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 5. OVERVIEWOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  • 6. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 7. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 8. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 9. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 10. SECURING SQL SERVEROverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  • 11. Start With Installation• Operating system?• Services?• Tools?• Features?• Configuration?MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 12. Service Accounts• Virtual Service account• Managed Service account• Domain user• Local user• Network Service account• Local System accountMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 13. Security TipPrincipleof leastprivilegeMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 14. Location, Location, Location• Where is the serverphysically?• Where is the server on thenetwork?• Behind the firewall?MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 15. ACCESSING SQL SERVEROverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  • 16. Accessing the Server• Login– Windows Authentication• Group• User– SQL Server Authentication– Certificate– Asymmetric KeyMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 17. SQL Server Authentication• Password policy– Account lockout duration– Account lockout threshold– Reset account lockout counter after– Complexity– Password history• Enforce password expiration• Change password next loginMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 18. Advanced AccessCertificate Asymmetric KeyMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 19. CONTROLLING ACCESSOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  • 20. Security Model Basics• Resource within SQL Server, such as adatabase, table, procedure, or feature.Securable• Object to which permissions can beassigned, such as a login or certificate.Principal• Activity on the securable that is grantedto the principal, such as read or view.PermissionMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 21. Permission ModesGRANTDENYREVOKEMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 22. Server SecurablesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 23. Security TipCONTROLSERVER is areplacementfor sysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 24. Database SecurablesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 25. Example 1• GRANT VIEW SERVER STATE TOSQLCHICKEN• GRANT CONTROL SERVER TOSQLBALLS• GRANT SHOW PLAN TOAUNTKATHIMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 26. Example 2• GRANT EXECUTE TO SQLCHICKEN• DENY EXECUTE ONdbo.usp_action TO SQL CHICKEN• GRANT SELECT ON dbo.table TOSQLBALLS• GRANT VIEW DATABASE STATE TOAUNTKATHIMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 27. Security Roles• Server Roles• Custom Server Roles• Database Roles• Custom Database RolesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 28. Server Roles• Bulkadmin• Dbcreator• Diskadmin• Processadmin• Securityadmin• Setupadmin• SysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 29. Custom Server Roles• New for SQL Server 2012• Create what you need– Junior DBA– Security admin– MonitoringMAKING BUSINESS INTELLIGENTwww.pragmaticworks.comTrust me,I’m a juniorDBA
  • 30. Security TipCONTROLSERVER is areplacementfor sysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 31. Database Roles• Db_accessadmin• Db_backupoperator• Db_datareader• Db_datawriter• Db_ddladmin• Db_denydatareader• Db_denydatawriter• Db_owner• Db_securityadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 32. Security TipBeware ofdb_owner andRESTRICTED_USERmodeMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 33. Custom Database Roles• Been around since dirt• Useful for– Setting departmentpermissions– Grouping storedprocedure access– Simplifying permissionmanagementMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 34. Security TipUse roles overlogins forpermissionassignmentsMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 35. VALIDATIONOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  • 36. Validation• Audits– C2 Auditing– Common Criteria Control• SQL Server Audit• Policy Based ManagementMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 37. SQL Server Audit• SQL Server 2008– Enterprise edition feature• SQL Server 2012– Standard edition feature– Accessible via Extended EventsMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 38. SQL Server Audit• Server– Permission changes– DBCC events– Failed logins• Database– DML activity– SELECT activity– Object modificationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 39. Policy Based Management• Introduced SQL Server 2008– All editions• Backwards compatibility– To SQL Server 2000…. Kinda• Checks– DDL triggers– Object propertiesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 40. Policy Based Management• Add super powerwith…Enterprise PolicyManagementFrameworkMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 41. Wrapping UpSecuring SQL ServerAccessing SQL ServerControlling AccessValidationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  • 42. ServicesSpeed development through training, andrapid development services fromPragmatic Works.ProductsBI products to covert to a Microsoft BIplatform and simplify development onthe platform.FoundationHelping those who do not have themeans to get into information technologyachieve their dreams.For more information…Name: Jason StrateEmail: jstrate@pragmaticworks.comBlog: www.jasonstrate.comResource: jasonstrate.com/go/Security

×