Basic Security Practices for the Well-Rounded DBA
 

Basic Security Practices for the Well-Rounded DBA

on

  • 294 views

Too often security issues can be the Achilles’ heel of an otherwise well-rounded DBA. Even simple practices can be detrimental when overlooked. This presentation covers six security staples to help ...

Too often security issues can be the Achilles’ heel of an otherwise well-rounded DBA. Even simple practices can be detrimental when overlooked. This presentation covers six security staples to help prevent points of vulnerability and costly liabilities.

Statistics

Views

Total Views
294
Slideshare-icon Views on SlideShare
289
Embed Views
5

Actions

Likes
0
Downloads
1
Comments
0

3 Embeds 5

http://www.toadworld.com 3
https://twitter.com 1
http://sqldbapros.uberflip.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Basic Security Practices for the Well-Rounded DBA Basic Security Practices for the Well-Rounded DBA Presentation Transcript

    • Basic Security Practices for the Well-Rounded DBA SQL Server DBA Professionals
    • 2 Global MarketingUnderstanding Query Execution Plans It was a day like any other… Until a hacked system administrator password led to a system lockdown. It’s not an uncommon story. Since the server was online – six physical business locations were negatively affected while the IT team scrambled to right the ship.
    • 3 Global MarketingUnderstanding Query Execution Plans It was a day like any other… Too often security issues can be the Achilles’ heel of an otherwise well-rounded DBA. Even simple practices can be detrimental when overlooked.
    • 4 Global MarketingUnderstanding Query Execution Plans The basics 1. As illustrated by the above anecdote, don’t give out your system administrator password. 2. Another basic network security staple is choosing the right kind of authentication (Windows vs. SQL login). • Windows authentication is more highly recommended for an internal network. • A database logged into a local Windows machine can use Windows authentication, which will automatically enforce a certain level of good practice. 3. Smartly using your system’s role-based access capabilities is another common-sense safeguard that is too often overlooked.
    • 5 Global MarketingUnderstanding Query Execution Plans Points of vulnerability 4. SQL Injection Attack – When SQL syntax is being transferred between a web or Windows app and a database, a hacker can inject code into the app’s text box, manipulating the application to drop or delete needed tables. • This is one area where a bit of coding ability (and the willingness to proactively communicate with your developer) makes a more well-rounded DBA. • At the DBA level, you can set DDL (data definition language) triggers in the database so that when an injection attempts to create, drop or delete a table, the trigger prevents it. • Establishing stored procedures on your database—so that non-stored procedures are eliminated—is another safeguard against SQL injection.
    • 6 Global MarketingUnderstanding Query Execution Plans Points of vulnerability 5. Backups are another area of vulnerability – What kind of encryption are you using for database backups, and are they protected with a keyword so that wayward backup files would be harder for a bad actor to decrypt and open? • Unforced errors are part of database backup pitfall. – Let’s say the database has been running great for the last few months, but an event dictates that you have to recover data. – If you haven’t tested your backups to see if they were properly configured and now you have three months’ worth of broken or corrupted data, you have just ―hacked‖ yourself.
    • 7 Global MarketingUnderstanding Query Execution Plans Points of vulnerability 6. Not every threat is virtual – How many times have you seen a completely unlocked server room or unlocked server racks? • If that room is in your workplace, you know what to do, today. – We have seen one company where that room was right behind the reception desk. • Absorbed by performance issues or the daily routine, some IT teams fail to imagine that somebody could walk right into one of their server rooms, unplug a box, and walk right out the front door.
    • 8 Global MarketingUnderstanding Query Execution Plans Costly liabilities A lot of costly security liabilities can be avoided by adding just a few common-sense, basic practices to your DBA routine. So in the event that your database or equipment becomes a target, you don’t have to explain why you didn’t protect your company’s or client’s data from the most basic and obvious threats.
    • Learn More Click to view Dell’s webinar Building a Bulletproof Security Strategy for SQL Server, part of our expert series on protecting your SQL Server installation.