Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group

Published byDeirdre Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group"— Presentation transcript:

1 Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group dougrees@cm-group.com

2 Agenda Introduction Secure by Default Password Policy and Authentication User-Schema Separation and Object-Name Resolution Granular Permissions Execution Context CLR Integration Encryption

3 Introduction – Why Worry? Data is your most valuable asset Attacks can come from both external and internal sources Insecure access of your data can lead to disaster for your business: Tampering with data Information disclosure SQL Server 2005 introduces several new features to help keep your data secure

4 Secure By Default Installation defaults to secure state if no setup options are changed Choose components for installation (none by default) Select user account details for services Windows authentication is default authentication mode Access to many resources must be explicitly enabled or granted before being used SQL Server Surface Area Configuration utility Permissions

5 Password Policy And Authentication SQL Server 2005 can inherit Windows Server 2003 Password Policy Policy can be enabled or disabled on a per login basis Logins can be enabled and disabled for temporary removal Login protocol uses secure channel for SQL accounts Uses SQL Server generated certificate if necessary No SSL certificate loading is required

6 Password Policy and Login Management

7 User-Schema Separation Objects are associated with a schema not a user Allows removal of user without changing object names in database or client applications Users can be assigned a default schema HR Employee (Server.AdventureWorks.HR.Employee) dbo Audit (Server.AdventureWorks.dbo.Audit) Category (Server.AdventureWorks.Marketing.Category) Marketing

8 Object-Name Resolution HR Category Marketing SELECT * FROM Marketing.Category Dave (Default schema = Marketing) Jane (Default schema = HR) Audit dbo SELECT * FROM Category SELECT * FROM Audit SELECT * FROM Category

9 Permissions Can be applied to three scopes Can have one of three states Catalog security blocks access to system tables allowing access only using views Granular Permissions Server Schema Database GRANT DENY REVOKE

10 User Schemas and Permissions

11 Execution Context EXECUTE AS changes execution context CALLER : based on the caller's context (default) 'USER' : a specific user account SELF : account that created/modified the module OWNER : current owner of the module Restricted to current database context by default Establish a trust relationship to extend impersonation to other databases

12 How EXECUTE AS Works Audit (Owner: dbo) Audit (Owner: dbo) Jane (No permissions) Jane (No permissions) GetAuditLog (Owner: Dave) GetAuditLog (Owner: Dave) GetAuditLog Jane (EXECUTE permission) Jane (EXECUTE permission) Dave (SELECT permission) Dave (SELECT permission) CREATE PROC GetAuditLog AS SELECT * FROM dbo.Audit CREATE PROC GetAuditLog AS SELECT * FROM dbo.Audit CREATE PROC GetAuditLog WITH EXECUTE AS 'Dave' AS SELECT * FROM dbo.Audit CREATE PROC GetAuditLog WITH EXECUTE AS 'Dave' AS SELECT * FROM dbo.Audit Audit

13 EXECUTE AS and Trust Relationships

14 SQL Server 2005 integrates managed assemblies inside the database engine Three security options: SAFE: Default setting EXTERNAL_ACCESS: access to external resources etc. UNSAFE: unrestricted internal and external access!!! CLR Integration EXTERNAL_ACCESS SAFE UNSAFE File Unmanaged Code

15 CLR Integration

16 Encryption Built in support for encryption and decryption Allows secure storage of data within the database Keys can be secured within or external to SQL Server Supports:SymmetricAsymmetric Encryption by paraphrase Certificates Service master key Database master key Symmetric key Asymmetric key Certificate

17 Encryption

18 Summary SQL Server 2005 is secure by default Password policies can be enforced Schemas allow user-object separation Permissions allow strong control over objects EXECUTE AS changes execution context Use.NET assemblies with care In-built encryption protects your data

19 Additional Resources SQL Server 2005 Security http://msdn.microsoft.com/sql/learning/security/default.aspx Microsoft SQL Server 2005 Upgrade Advisor http://www.microsoft.com/downloads/details.aspx?familyid=45 1FBF81-AB07-4CCB-A18B-DA38F6BCF484&displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=45 1FBF81-AB07-4CCB-A18B-DA38F6BCF484&displaylang=en SQL Nuggets http://www.microsoft.com/uk/msdn/events/nuggets.aspx SQL Server 2005 Webcasts Introduction to Security in SQL Server 2005 Securing Your Data with SQL Server 2005 Encryption Encryption and Key Management Using SQL Server 2005 Efficiently Using the SQL Server Execution Context in Applications http://www.microsoft.com/events

20 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group"

Similar presentations

SQL Server 2005 RDBMS Technical Overview Matthew Stephen IT Pro Evangelist (SQL Server) Microsoft Ltd.

SQL Server 2005 RDBMS Technical Overview Matthew Stephen IT Pro Evangelist (SQL Server) Microsoft Ltd.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
SQL Server 2005 Security Enhancements Dr Greg Low Senior Consultant Readify

SQL Server 2005 Security Enhancements Dr Greg Low Senior Consultant Readify
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Similar presentations

Ads by Google