SQL Server.  logins/users  roles  certificate  assymetric key 

Slides:



Advertisements
Similar presentations
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Advertisements

Secure Data SQL Server Best Practices Monica DeZulueta, Ph.D. Data Platform Technology Specialist Microsoft Corporation.
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Prepared by : Intesar G Ali - IT DepartmentPalestinian Land Authority 1 SQL Server 2005 Security Date :
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.
SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Database Application Security Models
Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS,
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
Being More Secure SQL Server 2005 Don Vilen Program Manager, SQL Server Microsoft Corporation.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
October 1-2 Ølensvåg. AppFrame SQL – Security Session Code: SQL-201-Security Speaker(s): Jekaterina Golouchova.
2 Core Concepts Execution Contexts Module Signing CryptographyAuditing.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
April 10, Platinum and Gold Partners Data Encryption and Key Management in SQL Said Salomon Database Administrator Unitrin Direct Insurance.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
Application Data and Database Activities Auditing Dr. Gabriel.
O PASS – M ARCH 8, 2012 K. Brian Kelley MCSE, CISA, Security+, MVP-SQL Server The Dirty Business of Auditing Auditing SQL Server (2000 – 2008R2)
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Module 11 Authorizing Users to Access Resources. Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions.
SQL Overview Structured Query Language. Description  When Codd first described the theory of relational databases, he asserted that there should be a.
INTRO TO SQL SERVER SECURITY By Robert Biddle
IBuySPY Shopping Store. Data Model for IBuySPY Shopping Store.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
1 Chapter Overview Granting Database-Specific Permissions Using Application Roles Designing an Access and Permissions Strategy.
SQL Server Security Basics Starting with a good foundation Kenneth Fisher
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
SQL Server Permissions and Security Principals William Assaf Sparkhound, Inc. SQLSAT CLUTCH CITY 2015.
SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance
Building Defense in Depth using the Full Spectrum of SQL Server Encryption.
Security, Security, Secuirty =tg= Thomas Grohser, NTT Data SQL Server MVP SQL Server Performance Engineering SQL Saturday #506 BI Edition April 30 th 2016,
SQL Server Encryption Ben Miller Blog:
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
SQL Implementation & Administration
Security, Security, Secuirty
Administrating a Database
Securing and Administering the Data
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Access, Users, Permissions
SQL Server Security For Everyone
Common Security Mistakes
Designing Database Solutions for SQL Server
Security, Security, Secuirty
SQL Server Security from the ground up
Bảo mật trong cơ sở dữ liệu
or: How I Learned to Stop Using EXECUTE AS and Love Certificates
SQL Server Security For Everyone
Copyright © 2013 – 2018 by Curt Hill
PT2520 Unit 8: Database Security I
Administrating a Database
Building Defense in Depth using the Full Spectrum of SQL Server Encryption Michael Keleher Database Administrator Hays Consultant at PwC.
SQL Server Security from the ground up
Secure SQL Server Design
We Need To Talk Security
Presentation transcript:

SQL Server

 logins/users  roles  certificate  assymetric key 

 Standard SQL Server login  Windows login  Windows group  Certificate  Asymmetric Key

 CREATE LOGIN loginName { WITH | FROM }  ::= PASSWORD = { 'password' | hashed_password HASHED } [ MUST_CHANGE ] [, [,... ] ]

 ::= SID = sid | DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language | CHECK_EXPIRATION = { ON | OFF} | CHECK_POLICY = { ON | OFF} | CREDENTIAL = credential_name  ::= WINDOWS [ WITH [,... ] ] | CERTIFICATE certname | ASYMMETRIC KEY asym_key_name  ::= DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language

 bulkadmin  dbcreator  diskadmin  processadmin  securityadmin  serveradmin  setupadmin  sysadmin

 CREATE LOGIN TestLogin WITH PASSWORD = ' ', CHECK_POLICY = ON, CHECK_EXPIRATION = ON GO

 CREATE USER user_name [ { { FOR | FROM } { LOGIN login_name | CERTIFICATE cert_name | ASYMMETRIC KEY asym_key_name} | WITHOUT LOGIN ] [ WITH DEFAULT_SCHEMA = schema_name ]

 db_accessadmin  db_backupoperator  db_datareader / db_datawriter  db_ddladmin  db_denydatareader / db_denydatawriter  db_owner  db_securityadmin  public

 { EXEC | EXECUTE ] AS  ::= { LOGIN | USER } = 'name' [ WITH NO REVERT ] | CALLER

 SELECT  INSERT  UPDATE  DELETE  EXECUTE  REFERENCES  CONTROL  ALTER  VIEW DEFINITION  TAKE OWNERSHIP

 GRANT EXECUTE ON Customers.asp_submitorder TO SubmitOrdersRole

 SELECT USER_NAME()  GO  EXECUTE AS USER = 'TestUser'  GO  SELECT USER_NAME()  GO  EXEC Customers.asp_submitorder 1, '1-2RB1-4RO', 5  GO  SELECT OrderID, CustomerID, OrderDate, SubTotal, TaxAmount, ShippingAmount, GrandTotal, FinalShipDate FROM Orders.OrderHeader SELECT OrderDetailID, OrderID, SKU, Quantity, UnitPrice, ShipDate FROM Orders.OrderDetail  GO  REVERT

 GRANT SELECT ON DATABASE::SQL2008SBS TO TestLogin GO  DENY VIEW DEFINITION ON DATABASE::SQL2008SBS TO TestLogin GO

 EXECUTE AS USER = 'TestLogin‘  GO  SELECT * FROM sys.objects  GO  SELECT OrderID, CustomerID, OrderDate, SubTotal, TaxAmount, ShippingAmount, GrandTotal, FinalShipDate FROM Orders.OrderHeader  GO  REVERT

 SAFE  EXTERNAL_ACCESS  UNSAFE

 1-Sided – Hashs: MD2,MD4,MD5, SHA,SHA1  2-Sided: Symetric Keys (Best Performance), Asymetric Keys(Strong),Certificates

 Service Master Key  Database Master Key  CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password'

 OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password'  BACKUP MASTER KEY TO FILE = 'path_to_file' ENCRYPTION BY PASSWORD = 'password‘  RESTORE MASTER KEY FROM FILE = 'path_to_file' DECRYPTION BY PASSWORD = ‘pwd' ENCRYPTION BY PASSWORD = ‘pwd'  CLOSE MASTER KEY

 varchar(100)  = 'SQL Server‘  SELECT  = 'SQL Server‘  SELECT

 Hash Algorithms are Case-Sensitive  MD2, MD4,SHA is also available  Remember to Salt Hashs

 CREATE SYMMETRIC KEY MySymmetricKey WITH ALGORITHM = RC4 ENCRYPTION BY PASSWORD = ‘pwd’  GO  SELECT * FROM sys.symmetric_keys  GO  CREATE TABLE SymmetricKeyDemo (ID int IDENTITY(1,1), PlainText varchar(30) NOT NULL, EncryptedText varbinary(80) NOT NULL)  GO  OPEN SYMMETRIC KEY MySymmetricKey DECRYPTION BY PASSWORD = ‘pwd’  GO

 INSERT INTO SymmetricKeyDemo (PlainText, EncryptedText) VALUES('SQL Server', EncryptByKey( Key_GUID('MySymmetricKey'),'SQL Server'))  GO  SELECT ID, PlainText, EncryptedText, cast(DecryptByKey(EncryptedText) AS varchar(30)) FROM SymmetricKeyDemo  GO  CLOSE SYMMETRIC KEY MySymmetricKey

 CREATE CERTIFICATE MyCert AUTHORIZATION dbo WITH SUBJECT = 'Test certificate‘  GO

 CREATE CERTIFICATE certificate_name [ AUTHORIZATION user_name ] { FROM | ::= ASSEMBLY assembly_name | { [ EXECUTABLE ] FILE = 'path_to_file' [ WITH PRIVATE KEY ( ) ] }

 ::= [ ENCRYPTION BY PASSWORD = 'password'] WITH SUBJECT = 'certificate_subject_name' [, [,...n ] ]  ::= FILE = 'path_to_private_key' [, DECRYPTION BY PASSWORD = 'password' ] [, ENCRYPTION BY PASSWORD = 'password' ] ::= START_DATE = 'mm/dd/yyyy' | EXPIRY_DATE = 'mm/dd/yyyy'

 CREATE TABLE CertificateDemo  (ID int IDENTITY(1,1),  PlainText varchar(30) NOT NULL,  EncryptedText varbinary(500) NOT NULL)  GO  CREATE CERTIFICATE MyCert AUTHORIZATION dbo WITH SUBJECT = 'Test certificate'

 GO  SELECT * FROM sys.certificates  GO  INSERT INTO CertificateDemo  (PlainText, EncryptedText)  VALUES('SQL Server',EncryptByCert(Cert_ID('MyCert'), 'SQL Server'))  GO  SELECT ID, PlainText, EncryptedText, CAST(DecryptByCert(Cert_Id('MyCert'),  EncryptedText) AS varchar(max))  FROM CertificateDemo