# 66.

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Chapter 7 HARDENING SERVERS.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.
Attacks Against Database By: Behnam Hossein Ami RNRN i { }
Security Testing Case Study 360logica Software Testing Services.
Software Security Testing Vinay Srinivasan cell:
Attacking Applications: SQL Injection & Buffer Overflows.
SQL Server User Group Meeting Reporting Services Tips & Tricks Presented by Jason Buck of Custom Business Solutions.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
CUONG NGUYEN PRIYA PAKHANAVAR RUSSELL ROBINSON RPC Hotels.
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.
Building Secure Web Applications With ASP.Net MVC.
Database Role Activity. DB Role and Privileges Worksheet.
OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 
ADO.NET AND STORED PROCEDURES - Swetha Kulkarni. RDBMS ADO.NET Provider  SqlClient  OracleClient  OleDb  ODBC  SqlServerCE System.Data.SqlClient.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Computer Security Sample security policy Dr Alexei Vernitski.
Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 19/09/2015David Postlethwaite.
Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 18/06/2016David Postlethwaite.
Defense In Depth: Minimizing the Risk of SQL Injection
Module 1: SQL Server Overview
Chapter 5 Electronic Commerce | Security Threats - Solution
SQL Server Security & Intrusion Prevention
Recommended Practices & Fundamentals
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Common Methods Used to Commit Computer Crimes
Securing Data with SQL Server 2016
Module Overview Installing and Configuring a Network Policy Server
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 5 Electronic Commerce | Security Threats - Solution
Introduction to SQL Server 2000 Security
Security.
Limiting SQL Server Exposure
5 WAYS TO BYPASS *OR ENSURE* SQL SERVER SECURITY MATT MARTIN
12 STEPS TO A GDPR AWARE NETWORK
Information Security Awareness
Limiting SQL Server Exposure
Implementing Client Security on Windows 2000 and Windows XP Level 150
Security.
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Security - Forms Authentication
We Need To Talk Security
Presentation transcript:

# 66

Securing your SQL Server Gabriel Villa email: extofer@gmail.com blog: www.extofer. com twitter: @extofer # 66

About Gabriel MCPD, ASP.NET Developer MCTS, SQL Server 2008 Database Development SQL Server 7, 2000, 2005 and 2008 .Net Developer VB.Net and C# # 66

Outline to Securing SQL Server SQL Server Threats Security Model Authentication Write Secure Code Passwords Physical Security Security Patches Network Security Best Practices # 66

“Yes, I am a criminal. My crime is that of curiosity “Yes, I am a criminal. My crime is that of curiosity... My crime is that of outsmarting you, something that you will never forgive me for.” - The Mentor Written January 8, 1986 # 66

SQL Server Threats Social Engineering SQL Injection Manipulating people to gather data Not using technical cracking tools or techniques SQL Injection Vulnerable to any RDBMS, not just MS SQL Server Attacker post SQL commands via front end applications Tools: ‘ , --, ; # 66

SQL Injection # 66

SQL Server Security Model Principal Windows Users SQL Logins Roles Groups Securable Schemas Windows Users SQL Login Database Users DB Roles Schemas # 66

Authentication Windows Authentications Active Directory Integration Supports Groups Use Whenever Possible # 66

Authentication Mixed Authentication Legacy or Hard Coded Referenced Logins Non Windows Clients Connections over Internet # 66

Authentication # 66

Write Secure Code Valid SQL Check for Valid Input Use Stored Procedures Use Parameters Customize Error Messages Avoid errors returning securable names Source Control # 66

Passwords DO NOT hardcode passwords Strong Passwords ASP.Net encrypt web.config Encrypt password in your code Strong Passwords 6 to 8 minimum characters Leak speak or special characters (i.e s = 5 or 3 = E) SQLPing checks for default passwords Change passwords frequently # 66

Physical Security Lock server room or rack when not in use Restrict access to unauthorized individuals If feasible, use security cameras # 66

Security Patches Second Tuesday of every month Test updates or hotfixes immediately on non-production servers Schedule patches soon after tested # 66

Network Security Avoid network shares on servers Don’t surf the Web on the server Only enable required protocols Keep servers behind a firewall # 66

Best Practices Encrypt your DB backups with third party tools Monitor Failed attempts Disable System SP # 66

Please evaluate this sessions at http://speakerrate.com/extofer Questions?? Please evaluate this sessions at http://speakerrate.com/extofer # 66

Thank you and Feedback Thank you for attending “Secure your SQL Server” at SQL Saturday #66 Please make sure to fill out the session evaluation and place it in the box in the back of the room # 66

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.