• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Introduction to SQL Server Security
 

Introduction to SQL Server Security

on

  • 1,118 views

 

Statistics

Views

Total Views
1,118
Views on SlideShare
589
Embed Views
529

Actions

Likes
0
Downloads
19
Comments
0

6 Embeds 529

http://www.jasonstrate.com 463
http://sqlserverpedia.com 25
http://www.sqlservercentral.com 20
http://feeds.feedburner.com 12
http://www.newsblur.com 6
http://newsblur.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Introduction to SQL Server Security Introduction to SQL Server Security Presentation Transcript

    • Introduction to SQLServer Security
    • MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com• Founded 2008 by MSFT MVP Brian Knight• Focused on the MSFT SQL Server Platform• Provides services, training and software• MSFT/HP “go to” partner:• Gold Certified:o BIo Data Managemento SQL Performance• Team led by multiple MVP’s• Offices throughout the US with CorporateHQ in Jacksonville, FLPragmatic Works Company History
    • Getting StartedJasonStratee: jstrate@pragmaticworks.comb: www.jasonstrate.comt: StrateSQLMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • AgendaOverviewSecuring SQL ServerAccessing SQL ServerControlling AccessValidationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • OVERVIEWOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
    • OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • OverviewMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • SECURING SQL SERVEROverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
    • Start With Installation• Operating system?• Services?• Tools?• Features?• Configuration?MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Service Accounts• Virtual Service account• Managed Service account• Domain user• Local user• Network Service account• Local System accountMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Security TipPrincipleof leastprivilegeMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Location, Location, Location• Where is the serverphysically?• Where is the server on thenetwork?• Behind the firewall?MAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • ACCESSING SQL SERVEROverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
    • Accessing the Server• Login– Windows Authentication• Group• User– SQL Server Authentication– Certificate– Asymmetric KeyMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • SQL Server Authentication• Password policy– Account lockout duration– Account lockout threshold– Reset account lockout counter after– Complexity– Password history• Enforce password expiration• Change password next loginMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Advanced AccessCertificate Asymmetric KeyMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • CONTROLLING ACCESSOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
    • Security Model Basics• Resource within SQL Server, such as adatabase, table, procedure, or feature.Securable• Object to which permissions can beassigned, such as a login or certificate.Principal• Activity on the securable that is grantedto the principal, such as read or view.PermissionMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Permission ModesGRANTDENYREVOKEMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Server SecurablesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Security TipCONTROLSERVER is areplacementfor sysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Database SecurablesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Example 1• GRANT VIEW SERVER STATE TOSQLCHICKEN• GRANT CONTROL SERVER TOSQLBALLS• GRANT SHOW PLAN TOAUNTKATHIMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Example 2• GRANT EXECUTE TO SQLCHICKEN• DENY EXECUTE ONdbo.usp_action TO SQL CHICKEN• GRANT SELECT ON dbo.table TOSQLBALLS• GRANT VIEW DATABASE STATE TOAUNTKATHIMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Security Roles• Server Roles• Custom Server Roles• Database Roles• Custom Database RolesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Server Roles• Bulkadmin• Dbcreator• Diskadmin• Processadmin• Securityadmin• Setupadmin• SysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Custom Server Roles• New for SQL Server 2012• Create what you need– Junior DBA– Security admin– MonitoringMAKING BUSINESS INTELLIGENTwww.pragmaticworks.comTrust me,I’m a juniorDBA
    • Security TipCONTROLSERVER is areplacementfor sysadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Database Roles• Db_accessadmin• Db_backupoperator• Db_datareader• Db_datawriter• Db_ddladmin• Db_denydatareader• Db_denydatawriter• Db_owner• Db_securityadminMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Security TipBeware ofdb_owner andRESTRICTED_USERmodeMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Custom Database Roles• Been around since dirt• Useful for– Setting departmentpermissions– Grouping storedprocedure access– Simplifying permissionmanagementMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Security TipUse roles overlogins forpermissionassignmentsMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • VALIDATIONOverviewSecuring SQLServerAccessing SQLServerControllingAccessValidation
    • Validation• Audits– C2 Auditing– Common Criteria Control• SQL Server Audit• Policy Based ManagementMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • SQL Server Audit• SQL Server 2008– Enterprise edition feature• SQL Server 2012– Standard edition feature– Accessible via Extended EventsMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • SQL Server Audit• Server– Permission changes– DBCC events– Failed logins• Database– DML activity– SELECT activity– Object modificationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Policy Based Management• Introduced SQL Server 2008– All editions• Backwards compatibility– To SQL Server 2000…. Kinda• Checks– DDL triggers– Object propertiesMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Policy Based Management• Add super powerwith…Enterprise PolicyManagementFrameworkMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • Wrapping UpSecuring SQL ServerAccessing SQL ServerControlling AccessValidationMAKING BUSINESS INTELLIGENTwww.pragmaticworks.com
    • ServicesSpeed development through training, andrapid development services fromPragmatic Works.ProductsBI products to covert to a Microsoft BIplatform and simplify development onthe platform.FoundationHelping those who do not have themeans to get into information technologyachieve their dreams.For more information…Name: Jason StrateEmail: jstrate@pragmaticworks.comBlog: www.jasonstrate.comResource: jasonstrate.com/go/Security