Securing SQL Server
Protecting Your Database from Attackers
- 3rd Edition - April 23, 2015
- Imprint: Syngress
- Author: Denny Cherry
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 0 1 2 7 5 - 8
- eBook ISBN:9 7 8 - 0 - 1 2 - 8 0 1 3 7 5 - 5
SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business da… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteSQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack.
In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practices as well as specific tricks that the author employs in his role as a consultant for some of the largest SQL server deployments in the world.
Fully updated to cover the latest technology in SQL Server 2014, this new edition walks you through how to secure new features of the 2014 release. New topics in the book include vLANs, setting up RRAS, anti-virus installs, key management, moving from plaintext to encrypted values in an existing application, securing Analysis Services Objects, Managed Service Accounts, OS rights needed by the DBA, SQL Agent Security, Table Permissions, Views, Stored Procedures, Functions, Service Broker Objects, and much more.
- Presents hands-on techniques for protecting your SQL Server database from intrusion and attack
- Provides the most in-depth coverage of all aspects of SQL Server database security, including a wealth of new material on Microsoft SQL Server 2014.
- Explains how to set up your database securely, how to determine when someone tries to break in, what the intruder has accessed or damaged, and how to respond and mitigate damage if an intrusion occurs.
information security professionals; administrators of databses, systems, and networks; application developers; IT and security managers; security auditors; security engineers; compliance specialists.
- Dedication
- Author Biography
- Technical Editor Biography
- Acknowledgments
- Introduction
- Chapter 1: Identifying Security Requirements
- Abstract
- What are Security Objectives?
- When Should Security Objectives been Identified?
- How to Identify Security Objectives?
- Chapter 2: Securing the Network
- Abstract
- Securing the Network
- Public IP Addresses versus Private IP Addresses
- vLANs
- Accessing SQL Server from Home
- Physical Security
- Social Engineering
- Finding the Instances
- Testing the Network Security
- Antivirus Installation on SQL Servers
- Summary
- Chapter 3: Key Management
- Abstract
- Service Master Key
- Database Master Key
- Encryption Password Management
- Enterprise Key Management
- High Availability and Disaster Recovery for Key Management
- Conclusions
- Chapter 4: Database Encryption
- Abstract
- Database Encryption
- Encrypting Data within Tables
- Encrypting Data at Rest
- Encrypting Data on the Wire
- Encrypting Data with MPIO Drivers
- Encrypting Data via HBAs
- Summary
- Chapter 5: SQL Password Security
- Abstract
- Login Types
- SQL Server Password Security
- Strong Passwords
- Password Change Policies
- Renaming the SA Account
- Disabling the SA Account
- Users versus Logins
- Contained Database Users in SQL Server 2012 and Beyond
- Schemas
- Encrypting Client Connection Strings
- Application Roles
- Using Windows Domain Policies to Enforce Password Length
- Contained Users
- Summary
- Chapter 6: Securing the Instance
- Abstract
- What to Install, and When?
- SQL Authentication and Windows Authentication
- Password Change Policies
- Auditing Failed Logins
- Renaming the SA Account
- Disabling the SA Account
- Securing Endpoints
- Stored Procedures as a Security Measure
- Minimum Permissions Possible
- Instant File Initialization
- Linked Servers
- Using Policies to Secure Your Instance
- SQL Azure Specific Settings
- Instances that Leave the Office
- Securing AlwaysOn Availability Groups
- Securing Contained Databases
- SQL CLR
- Extended Stored Procedures
- Protecting Your Connection Strings
- Database Firewalls
- Clear Virtual Memory Pagefile
- User Access Control (UAC)
- Other Domain Policies to Adjust
- Summary
- Chapter 7: Analysis Services
- Abstract
- Logging into Analysis Services
- Securing Analysis Services Objects
- Summary
- Chapter 8: Reporting Services
- Abstract
- Setting up SSRS
- Security within Reporting Services
- Reporting Services Authentication Options
- Report Server Object Rights
- Summary
- Chapter 9: SQL Injection Attacks
- Abstract
- What is an SQL Injection Attack?
- Why are SQL Injection Attacks so Successful?
- How to Figure out you have been Attacked
- How to Protect Yourself from an SQL Injection Attack
- Cleaning up the Database after a SQL Injection Attack
- Other Front end Security Issues
- Using xEvents to Monitor for SQL Injection
- Summary
- Chapter 10: Database Backup Security
- Abstract
- Overwriting Backups
- Media set and Backup set Passwords
- Backup Encryption
- Transparent Data Encryption
- Compression and Encryption
- Offsite Backups
- Summary
- Chapter 11: Storage Area Network Security
- Abstract
- Securing the Array
- Securing the Storage Switches
- Summary
- Chapter 12: Auditing for Security
- Abstract
- Login Auditing
- Data Modification Auditing
- Data Querying Auditing
- Schema Change Auditing
- Using Policy-based Management to Ensure Policy Compliance
- C2 Auditing
- Common Criteria Compliance
- Summary
- Chapter 13: Server Rights
- Abstract
- SQL Server Service Account Configuration
- OS Rights Needed by the SQL Server Service
- OS Rights Needed by the DBA
- OS Rights Needed to Install Service Packs
- OS Rights Needed to Access SSIS Remotely
- Console Apps Must Die
- Fixed Server Roles
- User Defined Server Roles
- Fixed Database Roles
- User-defined Database Roles
- Default Sysadmin Rights
- Vendor’s and the Sysadmin Fixed Server Role
- Summary
- Chapter 14: SQL Server Agent Security
- Abstract
- Proxies
- SQL Agent Job Steps
- Granting Rights to Proxies
- Job Ownership
- Summary
- Chapter 15: Securing Data
- Abstract
- GRANTing Rights
- DENYing Rights
- REVOKEing Rights
- Table and view Permissions
- Stored Procedure Permissions
- Signing Stored Procedures, Functions and Triggers
- Function Permissions
- Service Broker Objects
- Separation of Duties
- Summary
- Appendix A: External Audit Checklists
- Subject Index
- Edition: 3
- Published: April 23, 2015
- Imprint: Syngress
- No. of pages: 462
- Language: English
- Paperback ISBN: 9780128012758
- eBook ISBN: 9780128013755
DC
Denny Cherry
Denny Cherry (MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5. In 2009, Denny was named as a Microsoft MVP for the Microsoft SQL Server product, and in 2011 Denny earned the Microsoft Certified Master certification for SQL Server 2008. Denny has written dozens of articles for a variety of websites as well as print magazines on a variety of subjects including SQL Server, Clustering, Storage Configuration, and SharePoint.
Affiliations and expertise
(MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5.Read Securing SQL Server on ScienceDirect