Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Slides:

Advertisements

Similar presentations

Patch Management Patch Management in a Windows based environment

Advertisements

Security Update Server Registration, Active scanning and Windows patching.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Paula Kiernan Senior Consultant Ward Solutions

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Chapter 7 HARDENING SERVERS.

Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Lesson 19: Configuring Windows Firewall

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

IT:Network:Microsoft Applications

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

EPM 2007 Implementation and Upgrade Tips Summary June 18th, 2008 Brendan Giles, PMP, MCP.

The Deep Technical Audit: How to Identify and Mitigate Risks Presented in Other Sessions David J. Goldman Joseph Nocera.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Hands-On Microsoft Windows Server 2008

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Benjamin Lavalley, Sr. Product Marketing Manager Kaseya 2 Upgrade Review.

Using Windows Firewall and Windows Defender

Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.

Securing Microsoft® Exchange Server 2010

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Hands-On Microsoft Windows Server 2003 Administration Chapter 2 Managing Windows Server 2003 Hardware and Software.

Week #7 Objectives: Secure Windows 7 Desktop

Module 6: Designing Active Directory Security in Windows Server 2008.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.

Module 14: Configuring Server Security Compliance

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Module 6: Designing Security for Network Hosts

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Small Business Security Keith Slagle April 24, 2007.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 7: Implementing Security Using Group Policy.

NetTech Solutions Protecting the Computer Lesson 10.

Understand Server Protection LESSON Security Fundamentals.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Managing Servers Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Using Remote DesktopPlan server management strategies 2.1 Delegating.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Windows Vista Configuration MCTS : Network Security.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Defense In Depth: Minimizing the Risk of SQL Injection

Stop Those Prying Eyes Getting to Your Data

Chapter 5 : Designing Windows Server-Level Security Processes

Chapter 4: Security Baselines

Configuring and Troubleshooting Routing and Remote Access

Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.

Information Security Session October 24, 2005

The Dirty Business of Auditing

Chapter 10: Advanced Cisco Adaptive Security Appliance

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade

Avanade is the leading technology integrator specialising in the Microsoft platform. Our people help customers around the world maximise their IT investment and create comprehensive solutions that dive business results. Additional information can be found at

Agenda Unbreakable SQL Server? Background Baseline security Server installation Service Account Selection AuthenticationPatching Surface area reduction Demo : Security Configuration Wizard Demo : SQL Server 2005 Best Practices Analyzer Network connectivity Demo : IPSec

Unbreakable SQL Server? SQL Server 2005 has zero vulnerabilities disclosed or fixed since launch! IIS 6.0 has only two Important patches since launch MS Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) MS Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)

Unbreakable SQL Server? This does not mean we’re safe! …. remember This session will cover the stuff you forget to do outside of SQL "There is no 'patch' for stupidity.“

Background Why are we securing our systems? Risk management Identify the appropriate level of security for assets according to their data classification Determine the most appropriate and cost- effective measures to mitigate security threats Establish regular security risk reviews In mixed classification, apply protection requirements of the more sensitive class Make the asset owner accountable

Background Asset Classification Define levels of security for assets based on confidentiality, integrity, and availability Restrict access to High Business Impact (HBI) data to only the most trusted parties Apply strict rules to the use and management of Medium Business Impact (MBI) data Low Business Impact (LBI) data has no formal classification or protection requirements

Server installation Install while not connected directly to the internet (doh) Always use latest slipstreamed installation media Windows Server 2003 with Service pack 2 If required – deploy antivirus software Remember: Antivirus software can not always help you!

Service Account Selection Use a specific user account or domain account rather than a shared account for SQL Server services. Use a separate account for each service. Do not give any special privileges to the SQL Server service account; they will be assigned by group membership. Manage privileges through the SQL Server supplied group account rather than through individual service user accounts. Always use SQL Server Configuration Manager to change service accounts. Change the service account password at regular intervals.

Authentication Always use Windows Authentication mode if possible. Use Mixed Mode Authentication only for legacy applications and non-Windows users. Change the sa account password to a known value if you might ever need to use it. Always use a strong password for the sa account and change the sa account password periodically. Do not manage SQL Server by using the sa login account; assign sysadmin privilege to a knows user or group.

Patching Always stay as current as possible. Yes that means installing patches over time – not only during first install Enable automatic updates whenever feasible but test them before applying to production systems. Microsoft update provides patches for SQL Windows update does not! Deploy WSUS / SMS for internal control over patch deployment

Surface area reduction Install only those components that you will immediately use Additional components can always be installed as needed. Enable only the optional features that you will immediately use. Develop a policy with respect to permitted network connectivity choices Use SQL Server Surface Area Configuration Turn off unneeded services by setting the service to either Manual startup or Disabled Use Security Configuration Wizard

Security Configuration Wizard

Microsoft Baseline Security Analyzer and SQL Server Best Practices Analyzer Regularly run BPA against SQL Server 2005 Regularly run MBSA 2.0 to ensure latest SQL Server 2005 patch level Regularly run MBSA 2.0 for SQL Server 2000 instances

SQL Server 2005 Best Practices Analyzer

Network connectivity Limit the network protocols supported. Do not enable network protocols unless they are needed. Do not expose a server that is running SQL Server to the public Internet. Configure named instances of SQL Server to use specific port assignments for TCP/IP rather than dynamic ports. Use the built in Windows Firewall (or third party) Use IPSec for additional layer of protection where needed

IPSec

References SQL Server 2005 Security Best Practices - Operational and Administrative Tasks ecbestpract.mspx ecbestpract.mspx Security Configuration Wizard Documentation fd496-9eb9-4a45-aa00-3f2f20fd6171&DisplayLang=en fd496-9eb9-4a45-aa00-3f2f20fd6171&DisplayLang=en SQL Server 2005 Best Practices Analyzer 4-e94c fa-f0e3fbd05e63&DisplayLang=en 4-e94c fa-f0e3fbd05e63&DisplayLang=en Server and Domain Isolation Using IPsec and Group Policy -7cf7-48b5-a820-b881f63bc005&DisplayLang=en -7cf7-48b5-a820-b881f63bc005&DisplayLang=en