We Need To Talk Security

Slides:



Advertisements
Similar presentations
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Advertisements

Logins, Roles and Credentials Lesson 14. Skills Matrix.
Unauthorized Reproduction Prohibited SkyPoint Alarm Integration Add-On Using OnGuard Alarms to create events in SkyPoint Also called ‘SkyPoint V0’ CR4400.
SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
ITN Wake Tech1 ITN270 Advanced Internet Databases Lecture 15. General MySQL Administration Topics: –Securing a New MySQL Installation –MySQL Server.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
October 1-2 Ølensvåg. AppFrame SQL – Security Session Code: SQL-201-Security Speaker(s): Jekaterina Golouchova.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
A Brief Documentation.  Provides basic information about connection, server, and client.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
INTRO TO SQL SERVER SECURITY By Robert Biddle
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
VMware Certified Professional 6-Data Center Virtualization Beta 2V0-621Exam.
SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance
Security, Security, Secuirty =tg= Thomas Grohser, NTT Data SQL Server MVP SQL Server Performance Engineering SQL Saturday #506 BI Edition April 30 th 2016,
SQL Server.  logins/users  roles  certificate  assymetric key 
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
Windows 10 Common VPN Error Tech Support Number
Defense In Depth: Minimizing the Risk of SQL Injection
SQL Database Management
SQL Implementation & Administration
Security, Security, Secuirty
Architecture Review 10/11/2004
Administrating a Database
Securing and Administering the Data
Chapter Objectives In this chapter, you will learn:
SQL Server Security & Intrusion Prevention
Effective T-SQL Solutions
Securing Data with SQL Server 2016
Chapter 5 : Designing Windows Server-Level Security Processes
Access, Users, Permissions
SQL Server Security For Everyone
Active Directory Administration
Introduction to SQL Server 2000 Security
Common Security Mistakes
Designing Database Solutions for SQL Server
VCE Dumps
Security, Security, Secuirty
Transparent Data Encryption (TDE)
The Dirty Business of Auditing
SQL Server Security from the ground up
SQL Server Security 101 How did you get in here, and
Copyright © 2013 – 2018 by Curt Hill
PT2520 Unit 8: Database Security I
First Level Incident Handling FAQ (For EAL)
Designing IIS Security (IIS – Internet Information Service)
Administrating a Database
SQL Server Security from the ground up
Presentation transcript:

We Need To Talk Security Joe Gavin

Thank you to our SQL Saturday #892 Sponsors

Physical Security Joe Gavin

Security Patches Joe Gavin

Backup Security Joe Gavin

Authentication Joe Gavin

Windows Authentication Active Directory AD, a valid login was entered, may I have a security token? Here’s your token. Checks for valid AD login You’re connected SQL Server PC Joe Gavin

SQL Server Authentication Checks if valid login and password entered You’re connected SQL Server PC Joe Gavin

SQL Server Logins SQL Server Login Joe Gavin

Login Roles Joe Gavin

Login Roles Role Description Bulkadmin Run the BULK INSERT statement Dbcreator Create and drop databases Diskadmin Manage disk files Processadmin Kill processes Public Every login is part of public Securityadmin Can make themselves sysadmin Serveradmin Change server-wide configuration options and shut down the server Setupadmin Add and remove linked servers  Sysadmin Only logins that are used to manage the SQL Server should be in this group Joe Gavin

Database Users User Databases Login SQL Server Joe Gavin Joe Gavin @joseph_a_gavin

Joe Gavin

Database Level Roles Role Description db_accessadmin Add or remove access to the database db_backupoperator Back up the database db_datareader Read any table db_datawriter Write to any table db_ddladmin Create or delete any object(s) db_denydatareader Cannot read any data db_denydatawriter Cannot add, modify, or delete any data db_owner Highly privileged db_securityadmin Modify users public Every user is in public Joe Gavin

Logins and Users Joe Gavin

SQL Agent Proxy Joe Gavin

Credentials Joe Gavin

Schemas Joe Gavin

Login Auditing Joe Gavin

Troubleshooting With Login Auditing Joe Gavin

Troubleshooting With Login Auditing Message in X:\Program Files\Microsoft SQL Server\MSSQLxx\MSSQL\Log\ERRORLOG Explanation Could not find a login matching the name provided An attempt was made to log in with either a Windows or SQL Authentication login that doesn’t exist on the SQL Server Password did not match that for the login provided SQL Authentication login exists but wrong password entered An attempt to login using SQL authentication failed. Server is configured for Windows authentication only User is trying to connect to the SQL Server with a SQL Authentication login and password Failed to open the explicitly specified database Logged in successfully but there is no user in specified database or database doesn’t exist or is offline [CLIENT: <xxx.xxx.xxx.xxxx>] Ping –a xxx.xxx.xxx.xxxx to resolve DNS name of calling machine will indicate DNS name of machine initiating login attempt Joe Gavin

Gaining access to a SQL Server as Sysadmin How easy is it to get access? Have some else with sysadmin access add you Let’s look at another way Joe Gavin

Gaining access to a SQL Server as Sysadmin Joe Gavin

Gaining access to a SQL Server as Sysadmin It’s easy to gain access sp_helpsrvrolemember – produces list of all logins in server level roles Joe Gavin

Gaining access to a SQL Server as Sysadmin Joe Gavin

SSL (Secure Socket Layer) Encryption Data encrypted between network endpoints, E.g., Web Server and SQL Server Uses certificate installed on machine hosting SQL Server Joe Gavin

TDE (Transparent Data Encryption) Data files are encrypted at page level Pages are encrypted when written to disk and decrypted when read from disk Enabling TDE ALTER DATABASE [DbName] SET ENCRYPTION ON; Backup is also encrypted Joe Gavin

Backup Encryption SQL Server 2014 Backup file is encrypted Joe Gavin

Column Level Encryption Encryption is applied on specific columns Data remains encrypted in memory Requires code changes to use EncryptByKey and DecryptByKey functions Joe Gavin

Always Encrypted SQL Server 2016 SP1 - all editions Column level ‘At Rest’ or ‘In Transit” encryption Encrypt / decrypt done at client with driver No code changes Data remains encrypted over the network, in memory, and on the drive Can obfuscate data even from sysadmin Joe Gavin

References Introduction to SQL Server Security Server Roles Database Roles Connect to SQL Server When Administrator is Locked Out Great trick to connect to a SQL Server as sysadmin without a restart Getting Sysadmin Access to SQL Server When Locked Out that shows how to wrap Jason Brimhall’s method in an .xml file Joe Gavin

Joe Gavin

Joe Gavin joe@joegavin.net www.linkedin.com/in/joegavin @joseph_a_gavin Joe Gavin

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.