SlideShare a Scribd company logo

Isaca sql server 2008 r2 security & auditing

Download as PPTX, PDF
Antonios Chatzipavlis
Antonios Chatzipavlis

This document provides an overview of security and auditing in SQL Server 2008 R2. It discusses SQL Server security concepts like principals, securables and permissions. It also covers protecting the server and database scope through authentication methods, roles, logins and permissions. The document reviews keys, certificates and transparent data encryption. It concludes with an introduction to auditing security in SQL Server through tools like SQL Server Profiler, DDL triggers and the SQL Server Audit feature.

Technology
1 of 48
Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS, MCAD, MCP, OCA MVP on SQL SERVER
2 • Overview of SQL Server Security • Protecting the Server Scope • Protecting the Database Scope • Managing Keys and Certificates • Auditing Security Objectives
3 Overview of SQL Server Security Security & Auditing on SQL Server 2008 R2
4 • SQL Server Security Framework • What Are Principals? • What Are Securables? • SQL Server Permissions Overview of SQL Server Security
5 Overview of SQL Server Security
6 SQL Server Security Framework
7 What Are Principals? Server Role SQL Server Login Windows Group Domain User Account Local User Account SQL Server Database Windows Securables Permissions Principals User Database Role Application Role
8 What Are Securables? Server Role SQL Server Login Windows Group Domain User Account Local User Account SQL Server Database Windows Files Registry Keys Server Schema Database Securables Permissions Principals User Database Role Application Role
9 • Server-Level Permissions • Logins • Credentials • Server-Level Roles • Database-Level Permissions • Users • Schemas • Database Level Roles SQL Server Permissions
10 Protecting the Server Scope Security & Auditing on SQL Server 2008 R2
12 • What Are SQL Server Authentication Methods? • Password Policies • Server-Level Roles • Managing SQL Server Logins • Server-Scope Permissions Protecting the Server Scope
13 What Are SQL Server Authentication Methods? Windows Authentication Mixed SQL and Windows Authentication
14 Password Policies Group Policy Object (GPO) Pa$$w0rd SQL Server Can Leverage Windows Server 2003/2008 Password Policy Mechanism SQL Server Can Manage: • Password Complexity • Password Expiration • Policy Enforcement
15 Server-Level Roles Role Description sysadmin Perform any activity dbcreator Create and alter databases diskadmin Manage disk files serveradmin Configure server-wide settings securityadmin Manage and audit server logins processadmin Manage SQL Server processes bulkadmin Run the BULK INSERT statement setupadmin Configure replication and linked servers
16 Managing SQL Server Logins CREATE LOGIN [SERVERXSalesDBUsers] FROM WINDOWS WITH DEFAULT_DATABASE = AdventureWorks2008 CREATE LOGIN Alice WITH Password = 'Pa$$w0rd' CREATE LOGIN login_name { WITH SQL_login_options | FROM WINDOWS [ WITH windows_login_options ] }
19 Server-Scope Permissions Server permissions Server-scope securable permissions USE master GRANT ALTER ANY DATABASE TO [AdventureWorks2008Holly] USE master GRANT ALTER ON LOGIN :: AWWebApp TO [AdventureWorks2008Holly]
21 Protecting the Database Scope Security & Auditing on SQL Server 2008 R2
22 • What Are Database Roles? • What Are Application Roles? • Managing Users • Special Users • Database-Scope Permissions • Schema-Scope Permissions Protecting the Database Scope
24 What Are Database Roles? Database-Level Roles Application-Level Roles Users
25 What Are Application Roles? User runs app App connects to db as user App authenticates using sp_setapprole App assumes app role
26 • Create a login • Create a database scope user • Assign permissions to the user Managing Users Steps to Manage Users
27 Special Users DBO The sa login and members of sysadmin role are mapped to dbo account Guest This user account allows logins without user accounts to access a database
28 Database-Scope Permissions Database permissions Database-scope securable permissions USE AdventureWorks2008 GRANT ALTER ANY USER TO HRManager USE AdventureWorks2008 GRANT SELECT ON SCHEMA :: Sales TO SalesUser
29 Schema-Scope Permissions User-defined type permissions All other schema-scope permissions USE AdventureWorks2008 GRANT EXECUTE ON TYPE :: Person.addressType TO SalesUser USE AdventureWorks2008 GRANT SELECT ON Sales.Order TO SalesUser
33 Managing Keys and Certificates Security & Auditing on SQL Server 2008 R2
34 • What Are Keys? • What Are Certificates? • SQL Server Cryptography Architecture • When to Use Keys and Certificates • Transparent Data Encryption Managing Keys and Certificates
35 What Are Keys? • Symmetric  Same key used to encrypt and decrypt • Asymmetric  Pair of values: public key and private key  One encrypts, the other decrypts Encrypt Decrypt
36 What Are Certificates? • Associates a public key with entity that holds that key • Contents:  The public key of the subject  The identifier information of the subject  The validity period  Issuer identifier information  The digital signature of the issuer
37 SQL Server Cryptography Architecture
38 When to Use Keys and Certificates • When to use Certificates • To secure communication in database mirroring • To sign packets • To encrypt data or connections • When to use Keys • To help secure data • To sign plaintext • To secure symmetric keys
39 Transparent Data Encryption Transparent data encryption performs real-time I/O encryption and decryption of the data and log files • Create a master key • Create or obtain a certificate protected by the master key • Create a database encryption key and protect it by the Certificate • Set the database to use encryption Steps to use Transparent Data Encryption
40 Transparent data encryption
41 • Entire database is protected • Applications do not need to explicitly encrypt/decrypt data! • No restrictions with indexes or data types (except FILESTREAM) • Performance cost is small • Backups are unusable without key • Can be used with Extensible Key Management Transparent Database Encryption: More Benefits
42 • Very simple: • Database pages are encrypted before being written to disk • Page protection (e.g. checksums) applied after encryption • Page protection (e.g. checksums) checked before decryption • Database pages are decrypted when read into memory • When TDE is enabled, initial encryption of existing pages happens as a background process • Similar mechanism for disabling TDE • The process can be monitored using the encryption_state column of sys.dm_database_encryption_keys • Encryption state 2 means the background process has not completed • Encryption state 3 means the database is fully encrypted Transparent Data Encryption: Mechanism
43 • Create a master key • CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPwdHere>'; • Create or obtain a certificate protected by the master key • CREATE CERTIFICATE MyDEKCert WITH SUBJECT = 'My DEK Certificate'; • Create a database encryption key and protect it by the certificate • CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyDEKCert; • Set the database to use encryption • ALTER DATABASE MyDatabase SET ENCRYPTION ON; Transparent Data Encryption: Enabling
44 • A backup of a TDE encrypted database is also encrypted using the database encryption key • To restore the backup OR attach the database, the DEK must be available! • There is no way around this – if you lose the DEK, you lose the ability to restore the backup (that’s the point!) • Maintain backups of server certificates too Transparent Data Encryption: Backups
45 • Database | Tasks | Manage Database Encryption Transparent Data Encryption: Tools Support
46 Auditing Security Security & Auditing on SQL Server 2008 R2
47 • What Is Auditing? • Security Auditing with Profiler • Auditing with DDL Triggers • Introducing SQL Server Audit • SQL Server Audit Action Groups and Actions Auditing Security
48 • What is Auditing? • What auditing options are available in SQL Server? • Have you ever had to audit SQL Server? • If so, how did you do it? • If not, what do you think is the best use of auditing? What Is Auditing?
49 Security Auditing with Profiler • Using SQL Server Profiler, you can do the following: • Create a trace that is based on a reusable template • Watch the trace results as the trace runs • Store the trace results in a table • Start, stop, pause and modify the trace results • Replay the trace results
50 Auditing with DDL Triggers • Use DDL triggers when you want to do the following: • Prevent certain changes in your database schema • You want something to occur in the database in response to a change in your database schema • You want to record changes or events in the database schema • Start, stop, pause and modify the trace results • Replay the trace results
51 Introducing SQL Server Audit • SQL Server Auditing • Tracks and logs events that occur on the system • Can track changes on the server or database level • Can be managed with Transact-SQL
52 Using SQL Server Audit
53 Thank you!
54 Q & A
55 • For SQL Server and Databases • www.autoexec.gr/blogs/antonch • For .NET & Visual Studio • www.dotnetzone.gr/cs/blogs/antonch My Blogs
56

Recommended

SQL Server 2012 Security Task
SQL Server 2012 Security TaskSQL Server 2012 Security Task
SQL Server 2012 Security TaskYaakub Idris
 
Sql Server Security Best Practices
Sql Server Security Best PracticesSql Server Security Best Practices
Sql Server Security Best PracticesInformation Technology
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle TrainingsOracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle TrainingsOracleTrainings
 
Sql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsSql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsKlaudiia Jacome
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server SecurityJason Strate
 
007 sql server-installation
007 sql server-installation007 sql server-installation
007 sql server-installationlet's go to study
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee
 

Recommended

SQL Server 2012 Security Task
SQL Server 2012 Security TaskSQL Server 2012 Security Task
SQL Server 2012 Security TaskYaakub Idris
 
Sql Server Security Best Practices
Sql Server Security Best PracticesSql Server Security Best Practices
Sql Server Security Best PracticesInformation Technology
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle TrainingsOracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle TrainingsOracleTrainings
 
Sql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsSql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsKlaudiia Jacome
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server SecurityJason Strate
 
007 sql server-installation
007 sql server-installation007 sql server-installation
007 sql server-installationlet's go to study
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee
 
Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Sameh AboulDahab
 
Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Vladi Vexler
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Sumit Gupta
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The BasicsInterSystems Corporation
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c securityLaurent Leturgez
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
 
Cache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentCache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentInterSystems Corporation
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query StatisticsSolidQ
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overviewukdpe
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-databaseMohsen B
 
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBeganKoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBeganTobias Koprowski
 
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheCloudsKoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheCloudsTobias Koprowski
 
Owasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaOwasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaSecurity Date
 
All database solution-Installing Micosoft SQL Server 2016
All database solution-Installing Micosoft SQL Server 2016All database solution-Installing Micosoft SQL Server 2016
All database solution-Installing Micosoft SQL Server 2016AllDatabaseSolutions
 
Mcse
McseMcse
Mcsemazenetsolution
 
Sql server 2012 autoexec event no 39
Sql server 2012 autoexec event no 39Sql server 2012 autoexec event no 39
Sql server 2012 autoexec event no 39Antonios Chatzipavlis
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 
Auditing Pro 8 Certification By Muhammad Khurram Baig
Auditing Pro 8 Certification By Muhammad Khurram BaigAuditing Pro 8 Certification By Muhammad Khurram Baig
Auditing Pro 8 Certification By Muhammad Khurram BaigMuhammad Khurram Baig
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
 
Arens14e ch01 ppt
Arens14e ch01 pptArens14e ch01 ppt
Arens14e ch01 pptsrkndnz
 

More Related Content

What's hot

Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Sameh AboulDahab
 
Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Vladi Vexler
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Sumit Gupta
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c securityLaurent Leturgez
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
 
Cache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentCache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentInterSystems Corporation
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query StatisticsSolidQ
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overviewukdpe
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-databaseMohsen B
 
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBeganKoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBeganTobias Koprowski
 
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheCloudsKoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheCloudsTobias Koprowski
 
Owasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaOwasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaSecurity Date
 
All database solution-Installing Micosoft SQL Server 2016
All database solution-Installing Micosoft SQL Server 2016All database solution-Installing Micosoft SQL Server 2016
All database solution-Installing Micosoft SQL Server 2016AllDatabaseSolutions
 
Sql server 2012 autoexec event no 39
Sql server 2012 autoexec event no 39Sql server 2012 autoexec event no 39
Sql server 2012 autoexec event no 39Antonios Chatzipavlis
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 

What's hot (19)

Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012
 
Safe peak installation guide version 2.1
Safe peak installation guide version 2.1Safe peak installation guide version 2.1
Safe peak installation guide version 2.1
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c security
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server Security
 
Cache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentCache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure Environment
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query Statistics
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-database
 
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBeganKoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
KoprowskiT_SQLSatMoscow_2AMaDisaterJustBegan
 
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheCloudsKoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
KoprowskiT_SQLRelayCaerdydd_SQLSecurityInTheClouds
 
Owasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0betaOwasp Backend Security Project 1.0beta
Owasp Backend Security Project 1.0beta
 
All database solution-Installing Micosoft SQL Server 2016
All database solution-Installing Micosoft SQL Server 2016All database solution-Installing Micosoft SQL Server 2016
All database solution-Installing Micosoft SQL Server 2016
 
Mcse
McseMcse
Mcse
 
Sql server 2012 autoexec event no 39
Sql server 2012 autoexec event no 39Sql server 2012 autoexec event no 39
Sql server 2012 autoexec event no 39
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 

Viewers also liked

Auditing Pro 8 Certification By Muhammad Khurram Baig
Auditing Pro 8 Certification By Muhammad Khurram BaigAuditing Pro 8 Certification By Muhammad Khurram Baig
Auditing Pro 8 Certification By Muhammad Khurram BaigMuhammad Khurram Baig
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
 
Arens14e ch01 ppt
Arens14e ch01 pptArens14e ch01 ppt
Arens14e ch01 pptsrkndnz
 
SQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesSQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesGianluca Sartori
 

Viewers also liked (6)

Auditing Pro 8 Certification By Muhammad Khurram Baig
Auditing Pro 8 Certification By Muhammad Khurram BaigAuditing Pro 8 Certification By Muhammad Khurram Baig
Auditing Pro 8 Certification By Muhammad Khurram Baig
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
 
Arens14e ch01 ppt
Arens14e ch01 pptArens14e ch01 ppt
Arens14e ch01 ppt
 
SQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesSQL Server 2016 New Security Features
SQL Server 2016 New Security Features
 
Auditing DB2 on z/VM and z/VSE
Auditing DB2 on z/VM and z/VSEAuditing DB2 on z/VM and z/VSE
Auditing DB2 on z/VM and z/VSE
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
 

Similar to Isaca sql server 2008 r2 security & auditing

Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessIDERA Software
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oraclexKinAnx
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewallxKinAnx
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Ashnikbiz
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsZohar Elkayam
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...SpanishPASSVC
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
Sql dba 2008 r2 online training
Sql dba 2008 r2 online trainingSql dba 2008 r2 online training
Sql dba 2008 r2 online trainingsssql
 
Sql server 2012 dba online training
Sql server 2012 dba online trainingSql server 2012 dba online training
Sql server 2012 dba online trainingsqlmasters
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Rolta
 
Sql server dba certification
Sql server dba certificationSql server dba certification
Sql server dba certificationsssql
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at RestMydbops
 
KoprowskiT_SQLRelayBirmingham_SQLSecurityInTheClouds
KoprowskiT_SQLRelayBirmingham_SQLSecurityInTheCloudsKoprowskiT_SQLRelayBirmingham_SQLSecurityInTheClouds
KoprowskiT_SQLRelayBirmingham_SQLSecurityInTheCloudsTobias Koprowski
 
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityMichael Noel
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 

Similar to Isaca sql server 2008 r2 security & auditing (20)

Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data Access
 
Where should I be encrypting my data?
Where should I be encrypting my data? Where should I be encrypting my data?
Where should I be encrypting my data?
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
 
Sql dba 2008 r2 online training
Sql dba 2008 r2 online trainingSql dba 2008 r2 online training
Sql dba 2008 r2 online training
 
Sql server 2012 dba online training
Sql server 2012 dba online trainingSql server 2012 dba online training
Sql server 2012 dba online training
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security Features
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.
 
Partially Contained Databases
Partially Contained DatabasesPartially Contained Databases
Partially Contained Databases
 
Sql server dba certification
Sql server dba certificationSql server dba certification
Sql server dba certification
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at Rest
 
KoprowskiT_SQLRelayBirmingham_SQLSecurityInTheClouds
KoprowskiT_SQLRelayBirmingham_SQLSecurityInTheCloudsKoprowskiT_SQLRelayBirmingham_SQLSecurityInTheClouds
KoprowskiT_SQLRelayBirmingham_SQLSecurityInTheClouds
 
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 

More from Antonios Chatzipavlis

Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Antonios Chatzipavlis
 
Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Antonios Chatzipavlis
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Antonios Chatzipavlis
 
Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Antonios Chatzipavlis
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Antonios Chatzipavlis
 

More from Antonios Chatzipavlis (20)

Data virtualization using polybase
Data virtualization using polybaseData virtualization using polybase
Data virtualization using polybase
 
SQL server Backup Restore Revealed
SQL server Backup Restore RevealedSQL server Backup Restore Revealed
SQL server Backup Restore Revealed
 
Migrate SQL Workloads to Azure
Migrate SQL Workloads to AzureMigrate SQL Workloads to Azure
Migrate SQL Workloads to Azure
 
Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019
 
Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Workload Management in SQL Server 2019
Workload Management in SQL Server 2019
 
Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)
 
Introduction to DAX Language
Introduction to DAX LanguageIntroduction to DAX Language
Introduction to DAX Language
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs
 
Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
 
Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
 
SQLServer Database Structures
SQLServer Database Structures SQLServer Database Structures
SQLServer Database Structures
 
Sqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plansSqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plans
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
 
Microsoft SQL Family and GDPR
Microsoft SQL Family and GDPRMicrosoft SQL Family and GDPR
Microsoft SQL Family and GDPR
 
Statistics and Indexes Internals
Statistics and Indexes InternalsStatistics and Indexes Internals
Statistics and Indexes Internals
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
 
Azure SQL Data Warehouse
Azure SQL Data Warehouse Azure SQL Data Warehouse
Azure SQL Data Warehouse
 
Introduction to azure document db
Introduction to azure document dbIntroduction to azure document db
Introduction to azure document db
 

Recently uploaded

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Recently uploaded (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Isaca sql server 2008 r2 security & auditing

  • 1. Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS, MCAD, MCP, OCA MVP on SQL SERVER
  • 2. 2 • Overview of SQL Server Security • Protecting the Server Scope • Protecting the Database Scope • Managing Keys and Certificates • Auditing Security Objectives
  • 3. 3 Overview of SQL Server Security Security & Auditing on SQL Server 2008 R2
  • 4. 4 • SQL Server Security Framework • What Are Principals? • What Are Securables? • SQL Server Permissions Overview of SQL Server Security
  • 5. 5 Overview of SQL Server Security
  • 7. 7 What Are Principals? Server Role SQL Server Login Windows Group Domain User Account Local User Account SQL Server Database Windows Securables Permissions Principals User Database Role Application Role
  • 8. 8 What Are Securables? Server Role SQL Server Login Windows Group Domain User Account Local User Account SQL Server Database Windows Files Registry Keys Server Schema Database Securables Permissions Principals User Database Role Application Role
  • 9. 9 • Server-Level Permissions • Logins • Credentials • Server-Level Roles • Database-Level Permissions • Users • Schemas • Database Level Roles SQL Server Permissions
  • 10. 10 Protecting the Server Scope Security & Auditing on SQL Server 2008 R2
  • 11. 12 • What Are SQL Server Authentication Methods? • Password Policies • Server-Level Roles • Managing SQL Server Logins • Server-Scope Permissions Protecting the Server Scope
  • 12. 13 What Are SQL Server Authentication Methods? Windows Authentication Mixed SQL and Windows Authentication
  • 13. 14 Password Policies Group Policy Object (GPO) Pa$$w0rd SQL Server Can Leverage Windows Server 2003/2008 Password Policy Mechanism SQL Server Can Manage: • Password Complexity • Password Expiration • Policy Enforcement
  • 14. 15 Server-Level Roles Role Description sysadmin Perform any activity dbcreator Create and alter databases diskadmin Manage disk files serveradmin Configure server-wide settings securityadmin Manage and audit server logins processadmin Manage SQL Server processes bulkadmin Run the BULK INSERT statement setupadmin Configure replication and linked servers
  • 15. 16 Managing SQL Server Logins CREATE LOGIN [SERVERXSalesDBUsers] FROM WINDOWS WITH DEFAULT_DATABASE = AdventureWorks2008 CREATE LOGIN Alice WITH Password = 'Pa$$w0rd' CREATE LOGIN login_name { WITH SQL_login_options | FROM WINDOWS [ WITH windows_login_options ] }
  • 16. 19 Server-Scope Permissions Server permissions Server-scope securable permissions USE master GRANT ALTER ANY DATABASE TO [AdventureWorks2008Holly] USE master GRANT ALTER ON LOGIN :: AWWebApp TO [AdventureWorks2008Holly]
  • 17. 21 Protecting the Database Scope Security & Auditing on SQL Server 2008 R2
  • 18. 22 • What Are Database Roles? • What Are Application Roles? • Managing Users • Special Users • Database-Scope Permissions • Schema-Scope Permissions Protecting the Database Scope
  • 19. 24 What Are Database Roles? Database-Level Roles Application-Level Roles Users
  • 20. 25 What Are Application Roles? User runs app App connects to db as user App authenticates using sp_setapprole App assumes app role
  • 21. 26 • Create a login • Create a database scope user • Assign permissions to the user Managing Users Steps to Manage Users
  • 22. 27 Special Users DBO The sa login and members of sysadmin role are mapped to dbo account Guest This user account allows logins without user accounts to access a database
  • 23. 28 Database-Scope Permissions Database permissions Database-scope securable permissions USE AdventureWorks2008 GRANT ALTER ANY USER TO HRManager USE AdventureWorks2008 GRANT SELECT ON SCHEMA :: Sales TO SalesUser
  • 24. 29 Schema-Scope Permissions User-defined type permissions All other schema-scope permissions USE AdventureWorks2008 GRANT EXECUTE ON TYPE :: Person.addressType TO SalesUser USE AdventureWorks2008 GRANT SELECT ON Sales.Order TO SalesUser
  • 25. 33 Managing Keys and Certificates Security & Auditing on SQL Server 2008 R2
  • 26. 34 • What Are Keys? • What Are Certificates? • SQL Server Cryptography Architecture • When to Use Keys and Certificates • Transparent Data Encryption Managing Keys and Certificates
  • 27. 35 What Are Keys? • Symmetric  Same key used to encrypt and decrypt • Asymmetric  Pair of values: public key and private key  One encrypts, the other decrypts Encrypt Decrypt
  • 28. 36 What Are Certificates? • Associates a public key with entity that holds that key • Contents:  The public key of the subject  The identifier information of the subject  The validity period  Issuer identifier information  The digital signature of the issuer
  • 30. 38 When to Use Keys and Certificates • When to use Certificates • To secure communication in database mirroring • To sign packets • To encrypt data or connections • When to use Keys • To help secure data • To sign plaintext • To secure symmetric keys
  • 31. 39 Transparent Data Encryption Transparent data encryption performs real-time I/O encryption and decryption of the data and log files • Create a master key • Create or obtain a certificate protected by the master key • Create a database encryption key and protect it by the Certificate • Set the database to use encryption Steps to use Transparent Data Encryption
  • 33. 41 • Entire database is protected • Applications do not need to explicitly encrypt/decrypt data! • No restrictions with indexes or data types (except FILESTREAM) • Performance cost is small • Backups are unusable without key • Can be used with Extensible Key Management Transparent Database Encryption: More Benefits
  • 34. 42 • Very simple: • Database pages are encrypted before being written to disk • Page protection (e.g. checksums) applied after encryption • Page protection (e.g. checksums) checked before decryption • Database pages are decrypted when read into memory • When TDE is enabled, initial encryption of existing pages happens as a background process • Similar mechanism for disabling TDE • The process can be monitored using the encryption_state column of sys.dm_database_encryption_keys • Encryption state 2 means the background process has not completed • Encryption state 3 means the database is fully encrypted Transparent Data Encryption: Mechanism
  • 35. 43 • Create a master key • CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPwdHere>'; • Create or obtain a certificate protected by the master key • CREATE CERTIFICATE MyDEKCert WITH SUBJECT = 'My DEK Certificate'; • Create a database encryption key and protect it by the certificate • CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyDEKCert; • Set the database to use encryption • ALTER DATABASE MyDatabase SET ENCRYPTION ON; Transparent Data Encryption: Enabling
  • 36. 44 • A backup of a TDE encrypted database is also encrypted using the database encryption key • To restore the backup OR attach the database, the DEK must be available! • There is no way around this – if you lose the DEK, you lose the ability to restore the backup (that’s the point!) • Maintain backups of server certificates too Transparent Data Encryption: Backups
  • 37. 45 • Database | Tasks | Manage Database Encryption Transparent Data Encryption: Tools Support
  • 38. 46 Auditing Security Security & Auditing on SQL Server 2008 R2
  • 39. 47 • What Is Auditing? • Security Auditing with Profiler • Auditing with DDL Triggers • Introducing SQL Server Audit • SQL Server Audit Action Groups and Actions Auditing Security
  • 40. 48 • What is Auditing? • What auditing options are available in SQL Server? • Have you ever had to audit SQL Server? • If so, how did you do it? • If not, what do you think is the best use of auditing? What Is Auditing?
  • 41. 49 Security Auditing with Profiler • Using SQL Server Profiler, you can do the following: • Create a trace that is based on a reusable template • Watch the trace results as the trace runs • Store the trace results in a table • Start, stop, pause and modify the trace results • Replay the trace results
  • 42. 50 Auditing with DDL Triggers • Use DDL triggers when you want to do the following: • Prevent certain changes in your database schema • You want something to occur in the database in response to a change in your database schema • You want to record changes or events in the database schema • Start, stop, pause and modify the trace results • Replay the trace results
  • 43. 51 Introducing SQL Server Audit • SQL Server Auditing • Tracks and logs events that occur on the system • Can track changes on the server or database level • Can be managed with Transact-SQL
  • 47. 55 • For SQL Server and Databases • www.autoexec.gr/blogs/antonch • For .NET & Visual Studio • www.dotnetzone.gr/cs/blogs/antonch My Blogs
  • 48. 56

Editor's Notes

  1. Contain windows authentication informationAllow SQL Accounts to connect to non-SQL resourcesSQL Logins can only map to one credentialCreated automatically. Associated with specific endpoints