Secure Data SQL Server Best Practices Monica DeZulueta, Ph.D. Data Platform Technology Specialist Microsoft Corporation.

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

Logins, Roles and Credentials Lesson 14. Skills Matrix.
Chapter 9 Auditing Database Activities
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
Connect with life Vinod Kumar Technology Evangelist - Microsoft
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Designing Active Directory for Security
Module 7: Fundamentals of Administering Windows Server 2008.
Security Planning and Administrative Delegation Lesson 6.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Roles & privileges privilege A user privilege is a right to execute a particular type of SQL statement, or a right to access another user's object. The.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Database Role Activity. DB Role and Privileges Worksheet.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Module 11 Authorizing Users to Access Resources. Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions.
Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.
Security-Enhanced Database Platform. Agenda  Business challenges and needs  SQL Server 2008 features  Trustworthy computing  Surface Area Reduction.
Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
SQL Server Security Basics Starting with a good foundation Kenneth Fisher
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
SQL Server ™ 2000 Security Features and Deployment Considerations Microsoft Corporation.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
Defense In Depth: Minimizing the Risk of SQL Injection
SQL Database Management
Administrating a Database
SQL Server Security & Intrusion Prevention
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Chapter 5 : Designing Windows Server-Level Security Processes
SQL Server Security For Everyone
Introduction to SQL Server 2000 Security
Common Security Mistakes
Designing Database Solutions for SQL Server
Limiting SQL Server Exposure
The Dirty Business of Auditing
SQL Server Security from the ground up
Better Together: Secure SQL Server on Secure Windows
Limiting SQL Server Exposure
Governing Your Enterprise with Policy-Based Management
Administrating a Database
SQL Server Security from the ground up
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Secure Data SQL Server Best Practices Monica DeZulueta, Ph.D. Data Platform Technology Specialist Microsoft Corporation

Session Objectives Describe security best practices and how they help protect your valuable data Focus on operational/administrative tasks Address them in roughly “lifetime” sequence What I hope you takeaway from this session  3 things you can do today to better secure your installation  How to best leverage new SQL Server security capabilities Session Objectives And Agenda

Surface Area Reduction What Minimize Enabled/Exposed features “Off by Default” for new SQL2K5 and SQL2K8 installs – Features, services, connections On Upgrade, remain in pre-upgrade state Recommendation New installs – leave features off – Enable only what you will actually use – Keep connectivity to a minimum Upgrades – turn off whatever you don’t need

Surface Area Reduction Why Reduced attack surface Heterogeneous installation footprint How Surface Area Configuration tool (SQLSAC) – Launch from Setup or Start Menu SAC command line utility sac out server1.out -S server1 -U admin -I MSSQLSERVER sac in server1.out -S server2 sp_configure EXEC sp_configure ‘SMO and DMO XPs’, 0

Service Accounts What Services can run under built-in accounts (Local System, Network Service, or Local Service) or user account Each service can use a different account Recommendation Most desirable: Local or Domain user account – Can change password without shutdown Least desirable: Local System Workable: Network Service/Local Service Use different accounts for different services

Service Accounts Why Least Privilege Isolation Defense in depth How Specified during Setup Change using SQL Configuration Manager tool – Do not change service account from Windows

Authentication Mode What Windows Authentication (default) – Windows principals only Mixed Authentication (optional) – Windows and SQL principals Recommendation Use Windows Authentication whenever possible Use Mixed Authentication to get – Legacy application support – Cross platform client/server – Improved administrator separation Encrypt communications channel – Uses self-signed cert during login by default

Authentication Mode Why Single sign on Simplified administration No password management Protect conversations and credentials in transit – Use “real” cert to prevents MITM attacks How Selected during Setup Updated via Management Studio

Network Connectivity What Protocols and endpoints enabled Demands on strength of channel protection Recommendation Enable minimal protocols (e.g. TCP/IP) Change and block default ports (1433, 1434) Grant user access through restrictive endpoints Do not expose to internet

Network Connectivity Why Minimize potential client population Block known attacks Restrict access paths How SQL Surface Area Configuration tool SQL Configuration Manager tool Endpoint DDL CREATE ENDPOINT myEndpoint AS... GRANT CONNECT ON ENDPOINT::myEndpoint TO Fred

Lockdown of System Procedures What Removal of system XPs REVOKE EXECUTE permission on SPs and XPs from PUBLIC Recommendation Leave system XPs in place Reconsider need to revoke EXECUTE permission

Lockdown of System Procedures Why Many are Off By Default (including xp_cmdshell) – Others made “safe” (e.g. xp_dirtree, xp_regread) Procedures contain appropriate authorization check – Permission held, role membership Removal of XPs results in unsupported configuration How N/A

Password Policy What Complexity, Expiration, Lockout enforcement – Common across Windows and SQL – Win2K3 onwards (hard-coded rules for older versions) SQL Logins, App Roles, pass phrases, etc. – Everywhere passwords are used Recommendation Leave CHECK_POLICY on Set CHECK_EXPIRATION on to avoid old passwords Set MUST_CHANGE for new logins

Password Policy Why Deter brute-force and dictionary attacks Prevent blank passwords – Blank/trivial SA password is game over! How CREATE LOGIN Barney WITH PASSWORD = '3KHJ6dhx(0xVYsdf' MUST_CHANGE ALTER LOGIN Barney WITH CHECK_EXPIRATION = ON

Administrator Privileges What Principals with highly elevated privileges – “SA” built-in login – Members of SYSADMIN built-in server role – Holders of CONTROL permission at server level Recommendation Use admin privileges only when needed Minimize number of administrators Provision admin principals explicitly – Have multiple distinct admins if more than one needed – Avoid dependency on builtin\administrators Windows group

Administrator Privileges Why Least privilege Repudiation/accountability Windows Vista “User Account Control” How EXEC sp_addsrvrolemember 'Corporate\BamBam', 'sysadmin‘ EXEC sp_dropsrvrolemember ‘Fred', 'sysadmin‘ GRANT CONTROL SERVER TO Barney

Database Ownership & Trust What Each database is owned by – DBO user (default = database creator) – DB_OWNER role members Can confer trust on other databases Recommendation Have distinct owners for databases – Not all owned by “SA” – Minimize owners for each database Confer trust selectively Leave CDOC setting off – Migrate usage to selective trust instead

Database Ownership & Trust Why Least privilege Repudiation/accountability Isolation How ALTER AUTHORIZATION ON DATABASE::myDB to Barney EXEC sp_addrolemember ‘db_owner', ‘Wilma’ ALTER DATABASE myDB SET TRUSTWORTHY ON

Schemas What Namespace in the container hierarchy – Server>database->schema->object Can be owned by any user (SQL2K5) Permissions grantable at schema level Recommendation Group related objects together into same schema Leverage ownership and permissions at schema level Have distinct owners for schemas – Not all owned by “DBO” – Minimize owners for each schema

Schemas Why Isolation, aggregation Flexibility – Separate administrative grouping from application access – Change owner without updating applications How CREATE SCHEMA mySchema AUTHORIZATION Betty CREATE TABLE mySchema.myTable (C1 int, C2 varchar(20)) GRANT SELECT ON SCHEMA::mySchema TO Dino

Authorization What Who can access what Recommendation Encapsulate access within modules Manage permissions via database roles Leverage permission granularity – Many new permissions in SQL 2005 Do not enable Guest access Use Login-less users instead of Application Roles

Authorization Why Least Privilege Administrative ease Avoid password management How CREATE PROCEDURE mySchema.mySP WITH EXECUTE AS ‘Wilma’ AS... CREATE ROLE myDBRole AUTHORIZATION db_securityadmin GRANT EXECUTE ON OBJECT::mySchema.mySP TO myDBRole EXEC sp_addrolemember ‘myDBRole’, ‘Betty’

Execution Context What SQL context in which statements execute Explicitly set at execution time Implicitly set when entering module Contexts stack and can be reverted Recommendation Set context on modules (don’t let default) Use EXECUTE AS instead of SETUSER Use WITH NO REVERT/COOKIE instead of App Roles

Execution Context Why Object encapsulation Controlled privilege escalation How CREATE PROCEDURE mySchema.mySP WITH EXECUTE AS ‘Wilma’ AS... EXECUTE AS USER ‘Betty’ WITH NO REVERT

Catalog Security What Metadata visible only for objects permission is held on – Some objects visible to public (e.g. filegroups) VIEW DEFINITION permission grantable – Provides metadata visibility only – no access Recommendation Grant VIEW DEFINITION selectively – Legacy applications – Delegating administration

Catalog Security Why Information disclosure – System fingerprinting/profiling How Secure by default – no action required Grant VIEW DEFINITION permission at object/schema/database/server level GRANT VIEW DEFINITION ON OBJECT::mySchema.myTable TO Dino

Encryption What Cryptographic protection of data against disclosure Applicable at column and cell level Algorithm choices depends on operating system Recommendation Encryption is very scenario specific Encrypt high value/sensitive data – Symmetric key for data, asymmetric key to protect symmetric key – Password protect keys and remove master key encryption for most secure configuration

Encryption Why Protection of data at rest (lost laptop, backups) Advanced/selective access control – Need permission AND key to see data How CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘Pa$$w0rD1’ CREATE SYMMETRIC KEY mySymKey AUTHORIZATION Dino WITH ALGORITHM=TRIPLE_DES ENCRYPTION BY PASSWORD=‘MemorableYetObscurePassPhrase '

Auditing What Record of security relevant activity Profile system and track potential security violations Recommendation Auditing is very scenario specific Password policy in place -> audit failed logins (default) Sensitive database content -> audit security events – Including successful logins

Auditing Why Profile system and track potential security violations Forensic analysis of incidents How SQL Profiler Stored procedures EXEC sp_configure ‘c2 audit mode’, ‘1’ EXEC sp_trace_xxx...

Best Practice Analyzer What Scan installation for best practices usage Report on issues found Recommendation Regularly run MBSA 2.0 – SQL 2000 only Run SQL BPA against SQL 2005 – incorporates security checks

Best Practice Analyzer Why Maintain baseline of best practices usage Detect and correct deviations quickly How Microsoft Baseline Security Analyzer SQL Best Practices Analyzer

Patching What Keeping software up to date with security fixes SQL2000 SP4 onwards: – Patching via Microsoft Update SQL2005 onwards: – Separate code line for security fixes Recommendation Stay as current as possible! Enable automatic updates (where appropriate)

Patching Why Old attacks never go away (e.g. port 1434 probing) Proliferation of installations New issues can occur at any time How Enable automatic updates, or Run Microsoft Update explicitly

Demos

SQL Server Certifications – FIPS Defines which algorithms can be used for encryption Algorithms certified for Windows 2003 In process for Vista/Windows Server 2008 – Common Criteria International set of guidelines for security products In process of evaluating strategy and targets for Common Criteria

Summary Best Practices Surface Area Reduction  Enable only what you need Service Accounts  Local/Domain user account Authentication Mode  Windows authentication Network Connectivity  Enable minimal endpoints Lockdown System Procs  Secure by default Password Policy  Enable Expiration/Must Change Admin Privileges  Only where needed DB Ownership & Trust  Distinct owners, no CDOC Schemas  Group related objects

Summary Best Practices Authorization  Use roles, granular perms Catalog Security  Grant access sparingly Encryption  Use symmetric key Auditing  Audit security events Best Practice Analyzer  Run regularly Patching  Stay current with Microsoft Update

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.