Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 : Designing Windows Server-Level Security Processes

Similar presentations


Presentation on theme: "Chapter 5 : Designing Windows Server-Level Security Processes"— Presentation transcript:

1 Chapter 5 : Designing Windows Server-Level Security Processes
MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) Chapter 5 : Designing Windows Server-Level Security Processes

2 Windows Level Security
Security for SQL Server instances on the Windows host Outside the instance Includes SQL Server 2005 subsystems © Wiley Inc All Rights Reserved.

3 Password Policy For SQL Authenticated Logins
Three new options for 2005 Enforce password policy Enforce password expiration Force user to change password at next login The first two options require Windows Server 2003 or newer © Wiley Inc All Rights Reserved.

4 Password Policy – cont’d
Password policy has requires 3 of 4 of the following in the password Upper case letters Lower case letters BASE 10 numbers Non alphanumeric characters Best practices All the options © Wiley Inc All Rights Reserved.

5 Encryption Policy SQL Server 2000 had ENCRYPT()
SQL Server 2005 includes many new functions and capabilities, including key management Based on encryption hierarchy © Wiley Inc All Rights Reserved.

6 Encryption Hierarchy Service Master key created when instance installed. Used to encrypt master key for each database Database Master Key Manually created in each database Can be secured by Service Master (recommended) © Wiley Inc All Rights Reserved.

7 Encryption Keys Symmetric Keys Faster to encrypt and decrypt
Same key used to encrypt and decrypt Choice of multiple algorithms Specify encryption mechanism to secure the key when created Can be secured by password or another key © Wiley Inc All Rights Reserved.

8 Encryption Keys Asymmetric Keys
Uses a key pair (public and private key) Slower to encrypt/decrypt Multiple algorithms available Usually used to secure symmetric keys © Wiley Inc All Rights Reserved.

9 Encryption Keys Certificates Performance Issues
A type of asymmetric key Can expire, useful for limited time access Can be revoked to remove access Performance Issues Use symmetric keys to encrypt data and asymmetric keys to encrypt symmetric keys for optimum performance/security balance © Wiley Inc All Rights Reserved.

10 Encryption Policy Choose algorithms to be used
Choose longest keys you can within performance requirements Ensure keys are protected and escrowed for security © Wiley Inc All Rights Reserved.

11 Service Accounts SQL Server 2005 has ten services available SQL Server
SQL Agent Analysis Server Report Server Notification Services Integration Services Full-Text Search SQL Server Browser SQL Server Active Directory Helper SQL Writer © Wiley Inc All Rights Reserved.

12 Service Accounts – cont’d
Not all services are instance aware Each has a default group created when it is installed for permissions. Use SQL Configuration Manager to ensure correct permissions assignment © Wiley Inc All Rights Reserved.

13 Service Accounts – cont’d
Choosing Service Accounts Local System Local Service Network Service Domain User If a domain user, should not be an administrator © Wiley Inc All Rights Reserved.

14 Anti-Virus Software Can co-exist with SQL Server
Exclude database files, backup files, log files, other files that are written to by SQL Server services © Wiley Inc All Rights Reserved.

15 Service Modes Enable only those services being used
Set mode to Automatic if running Set to Disabled if the service will not be used © Wiley Inc All Rights Reserved.

16 Server Firewalls Useful as another layer of security
Enable those ports that are needed for the services running Set standards for those services using non-standard ports © Wiley Inc All Rights Reserved.

17 Physical Security Physical security is important for database servers
Ensure backup tapes and any copies of data are physically secured as well © Wiley Inc All Rights Reserved.

18 Summary The security outside of SQL Server is important
Follow best practices and only run those services needed Enable strong password policy Choose a strong encryption policy © Wiley Inc All Rights Reserved.


Download ppt "Chapter 5 : Designing Windows Server-Level Security Processes"

Similar presentations


Ads by Google