Securing Data with SQL Server 2016

Slides:



Advertisements
Similar presentations
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Advertisements

Oracle Database Security
Understand Database Security Concepts
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Chapter 7 HARDENING SERVERS.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Database Security Managing Users and Security Models.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Additional Security Tools Lesson 15. Skills Matrix.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
SQL Server Security Basics Starting with a good foundation Kenneth Fisher
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
#SQLSAT454 SQL Server 2016 New Security Features Gianluca
Microsoft Advertising 16:9 Template Light Use the slides below to start the design of your presentation. Additional slides layouts (title slides, tile.
SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 18/06/2016David Postlethwaite.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
Hardware and software that can provide a good level of security In this presentation I am going to provide advices on hardware and software that needs.
Defense In Depth: Minimizing the Risk of SQL Injection
Chapter 40 Internet Security.
Securing Your Data With SQL 2016 (An overview of Always Encrypted)
SQL Server Security & Intrusion Prevention
Recommended Practices & Fundamentals
# 66.
Enterprise Row Level Security: SQL Server 2016 and Azure SQL DB
Overview of Security Investments
Chapter 5 : Designing Windows Server-Level Security Processes
SQL Server Security For Everyone
Encryption in SQL Server
Introduction to SQL Server 2000 Security
Information Security 101 Richard Davis, Rob Laltrello.
Auditing in SQL Server 2008 DBA-364-M
Limiting SQL Server Exposure
Uses Of Encryption Algorithms
Encrypting Data within SQL Server
Transparent Data Encryption (TDE)
Overview of Security Investments
What’s new in SQL Server 2016 Availability Groups
SQL Server Security from the ground up
Security Enhancements in SQL Server 2016
Lesson 16-Windows NT Security Issues
Network Security – Kerberos
SQL Server Security 101 How did you get in here, and
SQL Server Security For Everyone
Limiting SQL Server Exposure
SQL Server 2016 Security Features
SQL Server Security 101 How did you get in here, and
Designing IIS Security (IIS – Internet Information Service)
G061 - Network Security.
6. Application Software Security
SQL Server Security from the ground up
Fast-Track UiPath Developer Module 10: Sensitive Data Handling
We Need To Talk Security
Getting Started With LastPass Enterprise
Presentation transcript:

Securing Data with SQL Server 2016 By G.R. Prithiviraj Kulasingham Principal DBA, Pearson Lanka

Introduction Data is the new Oil – Information is money One side is to make use of data Other side is securing the data Over 480 million data records are stolen in 2015 57% of crimes conducted by outsiders It means 43% by insiders Mobile phone is identified as the weakest link

What Attackers Do? Intruders try to login using commonly used passwords, defaults They gather related information from Linked-In, Facebook etc. SQL Server uses the machine name and port 1433 on default installation They may look for backup files as they are less secured generally Gather useful information like Passwords, Personal Data, Financial Data etc. Sell to competitors, Impersonate, or publish Disrupt operations by removing logins, altering schema or dropping tables SQL injection Some send “heavy requests” or loads of requests to lead to Denial of Service(DOS)

Identify the Attackers Hackers including Criminals They scan the internet/ open networks Local users Legitimate users but go beyond their limit People Have access for one purpose but use for different purpose Can a windows admin check a database? Can a database Admin check the benefits of the CEO?

SQL Server Security Overview How many have used SQL Server 2000 or before? Initially it allowed blank password for “sa” Following an attack, sp3 prevented it SQL Server added many features in SQL Server 2005 User/Schema separation Passwords to follow security policy, expiration – prevents Intruders Encryption of sensitive data Surface area configuration Granular Permissions

SQL Server Security Overview SQL Server 2008 came with added feature set Policy Based Management Transparent Data Encryption, Protected by Database Master Key & Service Master Key Extended Protection Support Secure Connection Kerberos Authentication

SQL Server Security Overview Database Audit – captures who did what Adding automatic accounts is stopped Encryption algorithms improved

Securing from Intruders Security is not just DBAs job – Can’t rely just on application/Network security What protocol to use? Simple Applications & SQL Server on same machine: Can use shared memory MDAC 2.8 or earlier cannot use shared memory protocol Named pipes work well over LAN Complex applications with queues, or over internet should use TCP/IP Are you using default named pipes or default ports? Keep the SQL Server Browser service disabled Make sure database users have strong password and expiration policy Including application users…

Securing from Intruders Log and Monitor failed logins– Or email to admins Monitor long running queries – They not only consume resources and lead to deny many other requests (DOS) but also trying to gather all the information you have Use security best practices during database design too

Securing from Internal Users Use secure connection It has performance issues: Connection takes another roundtrip; Each packet goes through an encryption and decryption process Highly recommended for databases managing credit cards, banking, stocks and other sensitive data Secure connection is made at server level not database level

database design security best practices Limit direct access to sensitive information Either separate sensitive information or define views and access only through views Stored Procedures provide better security than ad-hoc queries Actual code and Tables are hidden to network SQL Injection threat is minimized Application user should run with minimum privileges (Use granular permissions)

database design security best practices Don’t keep sensitive data in unencrypted form EncryptByKey EncryptByPassPhrase EncryptByKey provides better security than EncryptByPassPhrase Both needs code changes Subject to exposure to admins

database design security best practices SQL Server 2016 introduces Always encrypted Data is stored always in encrypted form in the database No need to change the client application except change of driver Driver is responsible for encryption and decryption Either deterministic or randomized algorithm could be used Always Encrypted keeps the data encrypted and protect even from DBAs It allows the Business users to have control over the data

How Always Encrypted differ with TDE? TDE encrypts the data “in rest” Decrypted at Read; Encrypted at Write Travels in the network in unencrypted form unless SSL is used DBAs can read the data by simply accessing It prevents only from illegal copying, or stealing the backups Database level setting Always Encrypted keeps the data encrypted until the client application reads Encryption/Decryption happens at client side Unless the same key/certificate is used, data cannot be decrypted Only selected columns are encrypted

Dynamic Data Masking Dynamic Data Masking Allows users to read only part of the data Not for Admins; But for people with lesser access Need UNMASK permission to read the data

Row Level Security Now you can grant permission at granular level Based on a property of data security could be defined. FILTER PREDICATE controls the rows selected BLOCK PREDICATE controls data changes

References Row Level Security: https://msdn.microsoft.com/en-us/library/dn765131.aspx http://www.databasejournal.com/features/mssql/exploring-sql-server-2016-always-encrypted-part-3-differences-between-deterministic-or-randomize-encryption-page-3.html Dynamic Data Masking: https://msdn.microsoft.com/en-us/library/mt130841.aspx Always Encrypted: https://msdn.microsoft.com/en-us/library/mt147923.aspx Encrypting connections: https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx

Questions “Judge a man by his questions rather than by his answers.”  ― Voltaire “He who knows all the answers has not been asked all the questions.” ― Confucius

Sponsors Platinum Sponsors Platinum Raffle Sponsors Gold Sponsors Gold Raffle Sponsors Silver Raffle Sponsors Bronze Sponsors Bronze Raffle Sponsors Crystal Raffle Sponsors

Thank you Please evaluate this session: sqlsaturday.com/535/sessions/SessionEvaluation.aspx Please evaluate the event at the end of SQLSaturday: sqlsaturday.com/535/EventEval.aspx

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.