Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Server ™ 2000 Security Features and Deployment Considerations Microsoft Corporation.

Published byWarren Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "SQL Server ™ 2000 Security Features and Deployment Considerations Microsoft Corporation."— Presentation transcript:

1 SQL Server ™ 2000 Security Features and Deployment Considerations Microsoft Corporation

2 Agenda Basic overview Logins/users Logins/users Roles Roles Permissions Permissions Securing SQL Server Setup Setup Post-setup configuration Post-setup configuration Encryption Encryption Delegation Delegation Security auditing Troubleshooting Security Updates

3 Agenda Basic overview Logins/users Logins/users Roles Roles Permissions Permissions Securing SQL Server Setup Setup Post-setup configuration Post-setup configuration Encryption Encryption Delegation Delegation Security auditing Troubleshooting

4 SQL Server Security Modes Windows ® Authentication security mode Only accept logins using Windows NT ® / Windows 2000 credentials Only accept logins using Windows NT ® / Windows 2000 credentials Implements network-wide single sign-on Implements network-wide single sign-on Mixed security mode Allows Windows logins Allows Windows logins Allows SQL Server-based security Allows SQL Server-based security

5

6

7 Logins And Users A Login gives you connection rights Is contained in the master database Is contained in the master database Applies to the server Applies to the server Has no permissions directly per server Has no permissions directly per server Exception: Server Role membership A database user is permissions container Also the schema owner Also the schema owner Permissions are granted to database users, not logins Permissions are granted to database users, not logins Specific to a single database Specific to a single database

8 SQL Server Roles Fixed server roles Server Wide - Flexible server administration Server Wide - Flexible server administration Fixed database roles Database Wide - Flexible database administration Database Wide - Flexible database administration User Defined roles Custom security combinations Custom security combinations Application roles (sp_setapprole) Assign rights to applications instead of users Assign rights to applications instead of users

9 Permissions SQL Server three permission verbs: Grant gives a right Grant gives a right Deny explicitly denies a right Deny explicitly denies a right Revoke takes away an existing grant or deny Revoke takes away an existing grant or deny Grant Revoke [deny] Deny DENY Revoke Grant - +

10 Agenda Basic overview Logins/users Logins/users Roles Roles Permissions Permissions Securing SQL Server Setup Setup Post-setup configuration Post-setup configuration Encryption Encryption Delegation Delegation Security auditing Troubleshooting

11 Setup Is Secure If you install into NTFS file system, we secure the directories and files Service accounts and the local administrators group get full control, no other permissions set Service accounts and the local administrators group get full control, no other permissions set We secure the SQL Server registry keys Same permissions as the NTFS files Same permissions as the NTFS files We default to integrated security on NT MSDE install on Win98 and WinMe defaults to Mixed

12 But, Things You May Want To Change Remove Everyone Group from Registry, Grant Full control to Admin group, local system account and Service account. Built-in\Administrators are sysadmins by default Replace with service accounts, [NT Authority\System] (for mssearch), cluster service account on a cluster Never select a blank sa password Set a password for Probe account – if used Turn on Failed Login Auditing/additional Auditing Disable the guest account

13 Encryption Network Communications Encryption Multi-protocol Multi-protocol SSL SSL Metadata Encryption - Windows Crypto API File Encryption for database files Data Encryption inside the server

14 Multi-Protocol Encryption Still there Still there Use for backwards compatibility only Doesn’t work with named instances Only targets the machine name, not machine\instance Only targets the machine name, not machine\instance Uses Windows RPC So same security strength as the OS So same security strength as the OS Requires a valid windows account Requires a valid windows account

15 SSL Encryption Over The Network You must have a server certificate to negotiate SSL encryption Set up the certificate using Microsoft Internet Explorer or the MMC Certificate Snap-in Make sure to request the server certificate in the fully-qualified DNS name of your server SQLServer.Sydney.corp.Microsoft.com

16 Setting Up For SSL Encryption Over the Network We will always encrypt your standard security login attempt Not necessary for Integrated login attempts Not necessary for Integrated login attempts You can optionally request encryption of all communications from a single client Just use the checkbox in the client network utility But, if the certificate is not trusted by the client, your connection attempt will fail

17 Secure Server Option Use to force encryption of all communications with this SQL server Turn on encryption via the server network utility Any connection attempt which can’t negotiate an SSL session will be rejected You MUST have a certificate on the server or no communications of any kind is possible (including local connections)

18 Meta Data Encryption Just as in previous releases, we can encrypt: Stored procedures Stored procedures Triggers Triggers Views Views DTS packages are now encrypted DTS packages are now encrypted Strictly for SQL Server No, there’s no way to hack it (yet) All encryption will be broken eventually… All encryption will be broken eventually…

19 File Encryption You can secure the database files Use the Windows Encrypted File System (EFS) Windows 2000 or later Windows 2000 or later Slows down the server, but < 5% typically Fully Supported Prevents illicit copying of db files Also products from third parties, such as http://www.netlib.com http://www.netlib.com

20 Data Encryption Microsoft doesn’t provide in the box We could, but key recovery/escrow is really, really hard We could, but key recovery/escrow is really, really hard Third party solutions available, including http://www.protegrity.com http://www.protegrity.com Or, you can write your own Hard to do right and still be secure Hard to do right and still be secure Some third party solutions out there Some third party solutions out there

21 Kerberos and Delegation Kerberos is the preferred security protocol for Windows 2000 Much more secure than NTLM Much more secure than NTLM Provides for delegation, which is… The ability to bridge credentials across more than one server

22 Enabling Delegation Must be a Windows 2000 domain, using the Active Directory, and client and server using Kerberos This means all computers here are Windows 2000 This means all computers here are Windows 2000 Set the following in the Active Directory ™ : The Account is sensitive and cannot be delegated option must not be set for the user requesting delegation The Account is sensitive and cannot be delegated option must not be set for the user requesting delegation The Account is trusted for delegation option must be set for the service account of SQL Server The Account is trusted for delegation option must be set for the service account of SQL Server The Server running SQL Server must be allowed to delegate credentials (the computer is trusted for delegation option) The Server running SQL Server must be allowed to delegate credentials (the computer is trusted for delegation option)

23 Enabling Delegation (User) SQL Server must have a Service Principal Name (SPN) assigned by the Windows 2000 account domain administrator assigned to the service account of the SQL Server service on that particular machine Must enable via the setspn utility in the Windows 2000 Resource Kit Must enable via the setspn utility in the Windows 2000 Resource Kit No dynamic TCP port All accounts must be part of the same domain Setspn – A MSSQLSvc/Host:port serviceaccount Setspn – A MSSQLSvc/Host:port serviceaccount Example: setspn – A MSSQLSvc/SQL2.redmond.corp.microsoft.com: 1433 SQLaccount Don’t specify redmond\SQLaccount – doesn’t work Don’t specify redmond\SQLaccount – doesn’t work

24 Enabling Delegation (Machine) Or, you can run under the local system account and we will self-register at service startup SQL Server automatically registers the SPNs itself – no user action required – one change to Setspn if you wish to use it SQL Server automatically registers the SPNs itself – no user action required – one change to Setspn if you wish to use it Setspn –A MSSQLSvc/Host:port machine Setspn –A MSSQLSvc/Host:port machine Example: setspn –A MSSQLSvc/sql2:1433 sqlaccount LocalSystem is much easier – but you lose other functionality

25 More Delegation Stuff… All accounts must be in the same domain or within the same trust tree Don’t use dynamic TCP ports for named instances Part of the SPN is the port number Part of the SPN is the port number You better get along with your domain administrators if you want this to work You better get along with your domain administrators if you want this to work

26 Agenda Basic overview Logins/users Logins/users Roles Roles Permissions Permissions Securing SQL Server Setup Setup Post-setup configuration Post-setup configuration Encryption Encryption Delegation Delegation Security auditing Troubleshooting

27 SQL Server 2000 Auditing SQL Trace – the server side of profiling SQL Profiler – the UI components Auditing is performed by SQL Trace – internal to SQLServr.exe Very robust and secure Collect the minimum necessary data to keep overhead reasonable DBA Events, logins, password changes, etc. DBA Events, logins, password changes, etc.

28 SQL Trace Features File rollover So you can back up the old trace files while a new one is being populated So you can back up the old trace files while a new one is being populated Specify a max file size limit or an end time for a trace All audit types and data columns are selectable Get as much or as little auditing as you want/need Get as much or as little auditing as you want/need

29 SQL Server 2000 Audit Events Login/logout GRD - statement perms GRD – object perms Add/drop SQL login GRD NT login rights Modify login property Password change event Add/remove from fixed server role Add/remove database user Derived Permissions Add/remove database role member Add/drop a database role Change Approle password Statement permission used Object permission used Backup/restore event DBCC command issued Audit modification event Server shutdown/pause/start We audit 19 different kinds of events:

30 SQL Server 2000 Auditing For each event, many subtypes Example - GRD object permission: Grant Grant Revoke Revoke Deny Deny Each event includes (at a minimum):  Success or failure  server name  Date/time of event  Application name  NT username  Spid  Host name  Statement text

31 How To Turn On An Audit An audit (except for C2 audit) is just a profiler trace So, turn on a profiler trace with the new profiler procedures, adding auditing events Set the trace to start with the server if you want a comprehensive audit Wrap the trace setup into a stored procedure Wrap the trace setup into a stored procedure Enable that stored procedure for autostart Enable that stored procedure for autostart

32 Enabling An Audit (Code Example) Create proc sp_audittrace with encryption as /* Complex code here – won’t fit on slide */ /* Complex code here – won’t fit on slide */ Exec sp_trace_create @traceid output, 2, n‘d:\program files\microsoft sql server\mssql\audit\myaudit’, 500 …ReturnGo Exec sp_procoption ‘p_audittrace’, ‘startup’, ‘on’

33 C2-Style Auditing Must be on an NTFS partition All events audited We will shut down the server if we can’t write to the audit file The file rollover size is fixed at 200MB The file goes into your mssql\data directory and is named audit_YYYYMMDDHHMMSS_1 To enable: Exec sp_configure ‘C2 audit mode’, 1 Exec sp_configure ‘C2 audit mode’, 1 Restart service Restart service Don’t run C2 mode unless you really need it

34 Recommendations Collect the minimum necessary data to keep overhead reasonable DBA Events, logins, password changes, etc. DBA Events, logins, password changes, etc.

35 Agenda Basic overview Logins/users Logins/users Roles Roles Permissions Permissions Securing SQL Server Setup Setup Post-setup configuration Post-setup configuration Encryption Encryption Delegation Delegation Security auditing Troubleshooting

36 Most Common Security Complaints/Issues Ownership chains Dynamic SQL inside stored procs Changing Object Owner Restore permissions for database owners Should everything be owned by dbo? Xp_cmdshell

37 Ownership Chains Create table user1.t1 (c1 int not null) Create proc user2.proc1 as select * from user1.t1 return If user3 has execute permissions on proc1, still need select permissions on user1.t1

38 Dynamic SQL Dynamic SQL inside stored procs runs in the security context of the executor of the proc, not in the owner of the stored proc This is a security feature to protect you This is a security feature to protect youExample: Create proc myproc @p1 nvarchar(500) as Exec (@p1) return 0 Exec myproc “sp_addlogin ‘richard’ exec sp_addsrvrolemember ‘richard’,’sysadmin’ ” And you’re sysadmin… And you’re sysadmin…

39 Changing Object Owner If you drop a user you must first drop/reassign all their objects Use sp_changeobjectowner – don’t directly update the system tables Not supported Not supported We’re working on a better long-term fix in the next release

40 Restore Permissions For Database Owners If you restore database with the REPLACE option, it’s really a create database Hence, you need create database permissions Hence, you need create database permissions Database ownership is not good enough Database ownership is not good enough

41 Backup and Restore Security of Backup Files and Media Backup to disk then to tape Backup to disk then to tape password protected. password protected. If physically available then not secure If physically available then not secure Restoring to another server Mixed mode – database security breaks Mixed mode – database security breaks Windows Authentication (Same Domain) Windows Authentication (Same Domain) Windows Authentication (Different Domains) Windows Authentication (Different Domains) Users from a Trusted Domain Users from a Trusted Domain

42 DBO Own Everything? No, the issue here is to avoid ownership chains No need at all to have everything owned by dbo But it does simplify name resolution But it does simplify name resolution db_owner role needs to add/remove login then needs to be added to the fixed server role SecurityAdmin.

43 XP_CMDSHELL Is dangerous Runs as the service account or as the proxy account Don’t grant unnecessarily Don’t run the service as an administrator Never run on a domain controller and grant permissions to xp_cmdshell Restrict to sysadmin xp_regread, xp_regwrite, xp_regdeletekey,xp_regdeletevalue, xp_regaddmultistring,xp_regremovemultistring,xp_regenumvalues,x p_regenumkeys xp_regread, xp_regwrite, xp_regdeletekey,xp_regdeletevalue, xp_regaddmultistring,xp_regremovemultistring,xp_regenumvalues,x p_regenumkeys Elimination of the SQLAgentCmdExec Proxy Account in SQL2K – non-system admin access

44 General Permissions Registry permissions HKEY_LOCAL_MACHINE\SOFTWARE\MIC ROSOFT\MSSQLSERVER HKEY_LOCAL_MACHINE\SOFTWARE\MIC ROSOFT\MSSQLSERVER Remove Everyone Group Remove Everyone Group NT Admin account restriction NT Admin account restriction SA Account Local system, Local User and Domain User accounts Restriction File System

45 Encryption Error SQL2K cluster will fail to come online if Server side encryption is used with invalid or no certificate:- Encrytion requested but no valid certificate was found. 17826 Could not set up Net-Library 'SSNETLIB' 17826 Could not set up Net-Library 'SSNETLIB' SQL Server could not spawn FRunCM thread SQL Server could not spawn FRunCM thread Need to install Certificate Server on the same domain as the SQL Server cluster and request a valid certificate on each node of Cluster

46 Known Issues With SSL We pick the first certificate we find by default Even if it’s not valid for SSL Even if it’s not valid for SSL Fixed in SP1 Certificate Services on the same machine breaks us Certificate Services on the same machine breaks us Same issue as above, fixed in SP1 If you turn on client side encryption, can’t communicate to 6.5 or 7.0 servers Because they don’t support SSL Because they don’t support SSL

47 Agenda Basic overview Logins/users Logins/users Roles Roles Permissions Permissions Securing SQL Server Setup Setup Post-setup configuration Post-setup configuration Encryption Encryption Delegation Delegation Security auditing Troubleshooting Security Updates

48 Microsoft Security Bulletin MS02-006 (7.0 sp3) and MS02-007 (2K sp2) Print - SQL Server Contain Unchecked Buffers Microsoft Security Bulletin MS01- 032 (7.0 sp3) Print - SQL Query Method Enables Cached Administrator Connection to be Reused. Only effected if using Mixed mode.

49 Summary Use a STRONG SA password Windows vs Mixed authentication Use SQL roles Encryption is available Auditing is available When moving databases there are security considerations Do not grant unnecessary access to xp_cmdshell and similar sp Stay secure by keeping up to date with security patches

50 More info http://www.microsoft.com/technet/treeview /default.asp?url=/TechNet/security/prodtec h/sqlsec.asp http://www.microsoft.com/technet/treeview /default.asp?url=/TechNet/security/prodtec h/sqlsec.asp http://www.microsoft.com/security/ http://www.microsoft.com/sql

Download ppt "SQL Server ™ 2000 Security Features and Deployment Considerations Microsoft Corporation."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Module 12: Auditing SQL Server Environments

Module 12: Auditing SQL Server Environments
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Working with Workgroups and Domains

Working with Workgroups and Domains
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Module 1: Introduction to Microsoft SQL Server 7.0.

Module 1: Introduction to Microsoft SQL Server 7.0.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Similar presentations

Ads by Google