Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recommended Practices & Fundamentals

Published byAugustus Horton Modified over 6 years ago

Similar presentations

Presentation on theme: "Recommended Practices & Fundamentals"— Presentation transcript:

1 Recommended Practices & Fundamentals
Securing SQL Server Recommended Practices & Fundamentals

2 About Me John Q Martin Solutions Engineer – SentryOne
Twitter Blog : Over a decade of experience with SQL Server DBA Dev BI Worked for Microsoft as a Premier Field Engineer (PFE) in the UK

3

4

5 SQL Server Configuration
Agenda Physical Security SQL Server Configuration Database Design Key Principals OS Configuration Database Configuration

6 Key Principals Defence In Depth

7 Threats exist in many places
Key Principals Threats exist in many places Accidental disclosure Understand the scope

8 Transportation of data
Physical Security More than locked doors Transportation of data ACLs and Logs Image Source : Erin Stallato [SQL Skills] – Public Library in US state of Ohio

9 Operating System Configurations
File System ACLs Backup & File Locations Windows Firewall Restrictive Policies Information Leakage considerations Windows Firewall SQL Server Configuration - SSRS Configuration - SSIS Configuration - SSAS Configuration -

10 SQL Server Configurations
Appropriate Service Accounts Compartmentalize Managed Service Accounts

11 Managed Service Accounts
Managed Service Account (MSA) SQL Server 2012+ Group Managed Service Account (gMSA) SQL Server Domain Functional Level 2008 or above One server per-MSA Domain Functional Level 2012 or above Multiple Servers per-gMSA No Interactive Logon No Password Auto Password Rotation SPN Management Managed Service Accounts – SQL Server 2012 Service Account Recommendations

12 Compartmentalized Account Structure
Scope of Risk

13 Compartmentalized Account Structure
Scope of Risk

14 Compartmentalized Account Structure
Scope of Risk

15 SQL Server Configurations
Appropriate Service Accounts Compartmentalize Managed Service Accounts Encrypt Connections TLS/SSL IPsec

16 SQL Server Configurations
Role based security Server Roles T-SQL Stored in Source Control Avoid the use of SysAdmin where possible SQL Server Agent Use Proxies and Credentials Compartmentalize

17 Database Configurations
Low Privilege Owner Database Containment Avoid Setting Trustworthy

18 Why you should not always trust your databases
Demo

19 Database Configurations
Transparent Database Encryption Protect files at rest Backups Encrypted SQL Server 2016/Azure SQL DB Row Level Security Dynamic Data Masking Always Encrypted

20 Using Transparent Data Encryption
Demo

21 Security by design Key Concepts Database Design Part of the schema
In source control Key Concepts Database Roles Execute As Explicit Permissions SQL Injection Protection Mladen Prajdic (MVP) : Great resources and a great guy. Recommend you attend his sessions as they are really informative and has fantastic delivery. Twitter ( Web : Sessions to watch SQL Server and Application Security for Developers - SQL Server and Application Security for Developers - (Slides and Demo Code)

22 Limit Table Access Encrypted Data? Views Stored Procedures
Database Design Limit Table Access Views Stored Procedures Encrypted Data? Cipher text Vs Clear text

23 Questions

24 Thank You! Have a great event, session content available on GitHub.

Download ppt "Recommended Practices & Fundamentals"

Similar presentations

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
Module 14 Configuring Security for SQL Server Agent.

Module 14 Configuring Security for SQL Server Agent.
SQL Azure Intro and What’s New Level: Introductory to Intermediate Andy Thiru SQL/BI Developer.

SQL Azure Intro and What’s New Level: Introductory to Intermediate Andy Thiru SQL/BI Developer.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Module 14: Securing Windows Server 2003. Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
ADO.NET AND STORED PROCEDURES - Swetha Kulkarni. RDBMS ADO.NET Provider  SqlClient  OracleClient  OleDb  ODBC  SqlServerCE System.Data.SqlClient.

ADO.NET AND STORED PROCEDURES - Swetha Kulkarni. RDBMS ADO.NET Provider  SqlClient  OracleClient  OleDb  ODBC  SqlServerCE System.Data.SqlClient.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.

SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Central Management Server Managing Your SQL Server Environment 1.

Central Management Server Managing Your SQL Server Environment 1.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd

ASP.NET 2.0 Security Alex Mackman CM Group Ltd
SQL Server and Application Security for Developers Mladen Prajdić SQL Server

SQL Server and Application Security for Developers Mladen Prajdić SQL Server
Overview of Security Investments in SQL Server 2016 and Azure SQL Database Jamey Johnston 1/15/2016Security Investments in SQL Server 2016 and Azure SQL.

Overview of Security Investments in SQL Server 2016 and Azure SQL Database Jamey Johnston 1/15/2016Security Investments in SQL Server 2016 and Azure SQL.

Similar presentations

Ads by Google