Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SQL Server Security Basics

1,610 views

Published on

Understand potential data threats and how SQL Server’s design protects against them, Learn about SQL Server and Windows integrated authentication, and see how SQL Server provides an authorization system to control access to data and objects.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

SQL Server Security Basics

  1. 1. SQL Server Security Basics –Part 1 http://www.LearnNowOnline.com Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  2. 2. Objectives• Understand potential data threats and how SQL Server’s design protects against them• Learn about SQL Server and Windows integrated authentication• See how SQL Server provides an authorization system to control access to data and objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  3. 3. Agenda• Security Overview• Authentication• Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  4. 4. Security Overview• Relational data is a tempting target for attackers• SQL Server 2008 provides plenty of features to secure your data and server • Need to understand the threats • Match countermeasures to the threats Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  5. 5. The Threats• Identifying threats is a critical first step • Type of data will probably influence security measures• Sometimes the best way to protect data is to never put it in a database• Typical threats • Theft of data • Data vandalism • Protecting data integrity • Illegal storage• Understand threats to protect against them Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  6. 6. Security Design Philosophy• Trustworthy Computing memo, 2002• Four pillars of security design • Secure by design • Secure by default • Secure in deployment • Secure through communications• “It’s just secure” • Implications throughout the product • SQL Server is reasonably secure out of the box • Your job is to keep it secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  7. 7. The Two Stages of Security• Similar to Windows security • Authentication: who are you? • Authorization: now that we know who you are, what can you do? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  8. 8. Key SQL Server Security Terms• Authentication • Permission• Authorization • Principal• Group • Privilege• Impersonation • Role• Login • User Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  9. 9. Agenda• Security Overview• Authentication• Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  10. 10. Authentication• Process of verifying that a principal is who or what it claims to be • SQL Server has to uniquely identify principals in order to authorize• Two paths to authentication • Windows authentication • SQL Server authentication• Authentication modes • Mixed Mode Authentication • Windows Only Authentication Mode Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  11. 11. Windows Integrated Authentication• SQL Server assumes a trust relationship with Windows Server • Windows does the heavy lifting for authentication • The SQL Server checks permissions on the principal• Advantages • Single user login • Auditing features • Simplified login management • Password policies• Changes only take effect when user connects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  12. 12. Configuring SQL Server SecuritySettings• Select either when install or later• Settings apply to all databases and server objects in an instance of SQL Server• Changing modes after installation may or may not cause problems • Windows to Mixed • Mixed to Windows Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  13. 13. SQL Server Authentication• Client applications must provide login credentials as part of connection string• Logins stored in SQL Server• Windows authentication stronger • But must use SQL Server authentication with old versions of Windows, non-Windows systems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  14. 14. Windows and SQL Server Logins• SQL Server logins are not stored in Windows • Disabled if you select Windows authentication• Mixed mode is much more flexible • But less secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  15. 15. Beware of the sa Login• System administrator login• Mapped to sysadmin fixed server role• Conveys full system administrator privileges• Cannot modify or delete• Must use a strong password!• Use only as access of last resort• NEVER use sa for database access through client applications Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  16. 16. End of Part 1 http://www.LearnNowOnline.com Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

×