Introduction to SQL Server Security

2,667 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,667
On SlideShare
0
From Embeds
0
Number of Embeds
999
Actions
Shares
0
Downloads
72
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Introduction to SQL Server Security

  1. 1. Introduction to SQLServer Security
  2. 2. MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com• Founded 2008 by MSFT MVP Brian Knight• Focused on the MSFT SQL Server Platform• Provides services, training and software• MSFT/HP “go to” partner:• Gold Certified:o BIo Data Managemento SQL Performance• Team led by multiple MVP’s• Offices throughout the US with CorporateHQ in Jacksonville, FLPragmatic Works Company History
  3. 3. Getting StartedJasonStratee: jstrate@pragmaticworks.comb: www.jasonstrate.comt: StrateSQLMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  4. 4. AgendaOverviewSecuring SQL ServerAccessing SQL ServerControlling AccessValidationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  5. 5. OVERVIEWOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  6. 6. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  7. 7. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  8. 8. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  9. 9. OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  10. 10. SECURING SQL SERVEROverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  11. 11. Start With Installation• Operating system?• Services?• Tools?• Features?• Configuration?MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  12. 12. Service Accounts• Virtual Service account• Managed Service account• Domain user• Local user• Network Service account• Local System accountMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  13. 13. Security TipPrincipleof leastprivilegeMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  14. 14. Location, Location, Location• Where is the serverphysically?• Where is the server on thenetwork?• Behind the firewall?MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  15. 15. ACCESSING SQL SERVEROverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  16. 16. Accessing the Server• Login– Windows Authentication• Group• User– SQL Server Authentication– Certificate– Asymmetric KeyMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  17. 17. SQL Server Authentication• Password policy– Account lockout duration– Account lockout threshold– Reset account lockout counter after– Complexity– Password history• Enforce password expiration• Change password next loginMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  18. 18. Advanced AccessCertificate Asymmetric KeyMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  19. 19. CONTROLLING ACCESSOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  20. 20. Security Model Basics• Resource within SQL Server, such as adatabase, table, procedure, or feature.Securable• Object to which permissions can beassigned, such as a login or certificate.Principal• Activity on the securable that is grantedto the principal, such as read or view.PermissionMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  21. 21. Permission ModesGRANTDENYREVOKEMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  22. 22. Server SecurablesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  23. 23. Security TipCONTROLSERVER is areplacementfor sysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  24. 24. Database SecurablesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  25. 25. Example 1• GRANT VIEW SERVER STATE TOSQLCHICKEN• GRANT CONTROL SERVER TOSQLBALLS• GRANT SHOW PLAN TOAUNTKATHIMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  26. 26. Example 2• GRANT EXECUTE TO SQLCHICKEN• DENY EXECUTE ONdbo.usp_action TO SQL CHICKEN• GRANT SELECT ON dbo.table TOSQLBALLS• GRANT VIEW DATABASE STATE TOAUNTKATHIMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  27. 27. Security Roles• Server Roles• Custom Server Roles• Database Roles• Custom Database RolesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  28. 28. Server Roles• Bulkadmin• Dbcreator• Diskadmin• Processadmin• Securityadmin• Setupadmin• SysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  29. 29. Custom Server Roles• New for SQL Server 2012• Create what you need– Junior DBA– Security admin– MonitoringMAKING BUSINESS INTELLIGENTwww.pragmaticworks.comTrust me,I’m a juniorDBA
  30. 30. Security TipCONTROLSERVER is areplacementfor sysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  31. 31. Database Roles• Db_accessadmin• Db_backupoperator• Db_datareader• Db_datawriter• Db_ddladmin• Db_denydatareader• Db_denydatawriter• Db_owner• Db_securityadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  32. 32. Security TipBeware ofdb_owner andRESTRICTED_USERmodeMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  33. 33. Custom Database Roles• Been around since dirt• Useful for– Setting departmentpermissions– Grouping storedprocedure access– Simplifying permissionmanagementMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  34. 34. Security TipUse roles overlogins forpermissionassignmentsMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  35. 35. VALIDATIONOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
  36. 36. Validation• Audits– C2 Auditing– Common Criteria Control• SQL Server Audit• Policy Based ManagementMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  37. 37. SQL Server Audit• SQL Server 2008– Enterprise edition feature• SQL Server 2012– Standard edition feature– Accessible via Extended EventsMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  38. 38. SQL Server Audit• Server– Permission changes– DBCC events– Failed logins• Database– DML activity– SELECT activity– Object modificationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  39. 39. Policy Based Management• Introduced SQL Server 2008– All editions• Backwards compatibility– To SQL Server 2000…. Kinda• Checks– DDL triggers– Object propertiesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  40. 40. Policy Based Management• Add super powerwith…Enterprise PolicyManagementFrameworkMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  41. 41. Wrapping UpSecuring SQL ServerAccessing SQL ServerControlling AccessValidationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
  42. 42. ServicesSpeed development through training, andrapid development services fromPragmatic Works.ProductsBI products to covert to a Microsoft BIplatform and simplify development onthe platform.FoundationHelping those who do not have themeans to get into information technologyachieve their dreams.For more information…Name: Jason StrateEmail: jstrate@pragmaticworks.comBlog: www.jasonstrate.comResource: jasonstrate.com/go/Security

×