Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group

Slides:



Advertisements
Similar presentations
SQL Server 2005 RDBMS Technical Overview Matthew Stephen IT Pro Evangelist (SQL Server) Microsoft Ltd.
Advertisements

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
SQL Server 2005 Security Enhancements Dr Greg Low Senior Consultant Readify
Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Introduction To Windows NT ® Server And Internet Information Server.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Lesson 18: Configuring Application Restriction Policies
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Additional Security Tools Lesson 15. Skills Matrix.
DEP350 Windows ® Rights Management (Part 1): Introduction, Concepts, And Technology Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
Navigating SQL Server Lesson 3. Skills Matrix Graphical User Interface (GUI) Management Tools SQL Server Management Studio SQL Server Configuration Manager.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Lara Microsoft. What does it mean? Why do you need to care? How can you achieve your SoD goals?
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Module 11 Authorizing Users to Access Resources. Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions.
Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.
Security-Enhanced Database Platform. Agenda  Business challenges and needs  SQL Server 2008 features  Trustworthy computing  Surface Area Reduction.
Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Increasing security by disabling DML statements to a dba user in Oracle database Hakik PACI Polytechnic University of Tirana.
DEV395 No Touch Deployment for Windows Forms Jamie Cool Program Manager.NET Client Microsoft Corporation.
Web Services Security Patterns Alex Mackman CM Group Ltd
Hosting Websites and Web Applications with Microsoft ® SQL Server ® 2008.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Access The L Line The Express Line to Learning 2007 L Line L © Wiley Publishing All Rights Reserved.
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Customer challenges Security features Protect data-at-rest Transparent Data Encryption Data/Key separation Extensible Key Managements Use strong authentication.
Module 9: Implementing Functions. Overview Creating and Using Functions Working with Functions Controlling Execution Context.
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Secure Connected Infrastructure
Securing Data with SQL Server 2016
Chapter 5 : Designing Windows Server-Level Security Processes
Configuring and Troubleshooting Routing and Remote Access
Introduction to SQL Server 2000 Security
Common Security Mistakes
Designing Database Solutions for SQL Server
Limiting SQL Server Exposure
Better Together: Secure SQL Server on Secure Windows
Limiting SQL Server Exposure
Intermediate Security Topics in SQL SERver
Designing IIS Security (IIS – Internet Information Service)
SharePoint Server Assessment Results
Presentation transcript:

Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group

Agenda Introduction Secure by Default Password Policy and Authentication User-Schema Separation and Object-Name Resolution Granular Permissions Execution Context CLR Integration Encryption

Introduction – Why Worry? Data is your most valuable asset Attacks can come from both external and internal sources Insecure access of your data can lead to disaster for your business: Tampering with data Information disclosure SQL Server 2005 introduces several new features to help keep your data secure

Secure By Default Installation defaults to secure state if no setup options are changed Choose components for installation (none by default) Select user account details for services Windows authentication is default authentication mode Access to many resources must be explicitly enabled or granted before being used SQL Server Surface Area Configuration utility Permissions

Password Policy And Authentication SQL Server 2005 can inherit Windows Server 2003 Password Policy Policy can be enabled or disabled on a per login basis Logins can be enabled and disabled for temporary removal Login protocol uses secure channel for SQL accounts Uses SQL Server generated certificate if necessary No SSL certificate loading is required

Password Policy and Login Management

User-Schema Separation Objects are associated with a schema not a user Allows removal of user without changing object names in database or client applications Users can be assigned a default schema HR Employee (Server.AdventureWorks.HR.Employee) dbo Audit (Server.AdventureWorks.dbo.Audit) Category (Server.AdventureWorks.Marketing.Category) Marketing

Object-Name Resolution HR Category Marketing SELECT * FROM Marketing.Category Dave (Default schema = Marketing) Jane (Default schema = HR) Audit dbo SELECT * FROM Category SELECT * FROM Audit SELECT * FROM Category

Permissions Can be applied to three scopes Can have one of three states Catalog security blocks access to system tables allowing access only using views Granular Permissions Server Schema Database GRANT DENY REVOKE

User Schemas and Permissions

Execution Context EXECUTE AS changes execution context CALLER : based on the caller's context (default) 'USER' : a specific user account SELF : account that created/modified the module OWNER : current owner of the module Restricted to current database context by default Establish a trust relationship to extend impersonation to other databases

How EXECUTE AS Works Audit (Owner: dbo) Audit (Owner: dbo) Jane (No permissions) Jane (No permissions) GetAuditLog (Owner: Dave) GetAuditLog (Owner: Dave) GetAuditLog Jane (EXECUTE permission) Jane (EXECUTE permission) Dave (SELECT permission) Dave (SELECT permission) CREATE PROC GetAuditLog AS SELECT * FROM dbo.Audit CREATE PROC GetAuditLog AS SELECT * FROM dbo.Audit CREATE PROC GetAuditLog WITH EXECUTE AS 'Dave' AS SELECT * FROM dbo.Audit CREATE PROC GetAuditLog WITH EXECUTE AS 'Dave' AS SELECT * FROM dbo.Audit Audit

EXECUTE AS and Trust Relationships

SQL Server 2005 integrates managed assemblies inside the database engine Three security options: SAFE: Default setting EXTERNAL_ACCESS: access to external resources etc. UNSAFE: unrestricted internal and external access!!! CLR Integration EXTERNAL_ACCESS SAFE UNSAFE File Unmanaged Code

CLR Integration

Encryption Built in support for encryption and decryption Allows secure storage of data within the database Keys can be secured within or external to SQL Server Supports:SymmetricAsymmetric Encryption by paraphrase Certificates Service master key Database master key Symmetric key Asymmetric key Certificate

Encryption

Summary SQL Server 2005 is secure by default Password policies can be enforced Schemas allow user-object separation Permissions allow strong control over objects EXECUTE AS changes execution context Use.NET assemblies with care In-built encryption protects your data

Additional Resources SQL Server 2005 Security Microsoft SQL Server 2005 Upgrade Advisor 1FBF81-AB07-4CCB-A18B-DA38F6BCF484&displaylang=en 1FBF81-AB07-4CCB-A18B-DA38F6BCF484&displaylang=en SQL Nuggets SQL Server 2005 Webcasts Introduction to Security in SQL Server 2005 Securing Your Data with SQL Server 2005 Encryption Encryption and Key Management Using SQL Server 2005 Efficiently Using the SQL Server Execution Context in Applications

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.