Presentation is loading. Please wait.

Presentation is loading. Please wait.

# 66.

Published byMagdalen Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "# 66."— Presentation transcript:

1 # 66

2 Securing your SQL Server
Gabriel Villa blog: com # 66

3 About Gabriel MCPD, ASP.NET Developer
MCTS, SQL Server 2008 Database Development SQL Server 7, 2000, 2005 and 2008 .Net Developer VB.Net and C# # 66

4 Outline to Securing SQL Server
SQL Server Threats Security Model Authentication Write Secure Code Passwords Physical Security Security Patches Network Security Best Practices # 66

5 “Yes, I am a criminal. My crime is that of curiosity
“Yes, I am a criminal. My crime is that of curiosity... My crime is that of outsmarting you, something that you will never forgive me for.” - The Mentor Written January 8, 1986 # 66

6 SQL Server Threats Social Engineering SQL Injection
Manipulating people to gather data Not using technical cracking tools or techniques SQL Injection Vulnerable to any RDBMS, not just MS SQL Server Attacker post SQL commands via front end applications Tools: ‘ , --, ; # 66

7 SQL Injection # 66

8 SQL Server Security Model
Principal Windows Users SQL Logins Roles Groups Securable Schemas Windows Users SQL Login Database Users DB Roles Schemas # 66

9 Authentication Windows Authentications Active Directory Integration
Supports Groups Use Whenever Possible # 66

10 Authentication Mixed Authentication
Legacy or Hard Coded Referenced Logins Non Windows Clients Connections over Internet # 66

11 Authentication # 66

12 Write Secure Code Valid SQL Check for Valid Input
Use Stored Procedures Use Parameters Customize Error Messages Avoid errors returning securable names Source Control # 66

13 Passwords DO NOT hardcode passwords Strong Passwords
ASP.Net encrypt web.config Encrypt password in your code Strong Passwords 6 to 8 minimum characters Leak speak or special characters (i.e s = 5 or 3 = E) SQLPing checks for default passwords Change passwords frequently # 66

14 Physical Security Lock server room or rack when not in use
Restrict access to unauthorized individuals If feasible, use security cameras # 66

15 Security Patches Second Tuesday of every month
Test updates or hotfixes immediately on non-production servers Schedule patches soon after tested # 66

16 Network Security Avoid network shares on servers
Don’t surf the Web on the server Only enable required protocols Keep servers behind a firewall # 66

17 Best Practices Encrypt your DB backups with third party tools
Monitor Failed attempts Disable System SP # 66

18 Please evaluate this sessions at http://speakerrate.com/extofer
Questions?? Please evaluate this sessions at # 66

19 Thank you and Feedback Thank you for attending “Secure your SQL Server” at SQL Saturday #66 Please make sure to fill out the session evaluation and place it in the box in the back of the room # 66

Download ppt "# 66."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts

Understand Database Security Concepts
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.

Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May 20121.0First version. Modified from Enterprise edition.NBL.

Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

Similar presentations

Ads by Google