Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER



Similar documents
Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

General DBA Best Practices

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4

SQL Server 2008 Administration

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Eleventh Hour Security+

Network Security: A Practical Approach. Jan L. Harrington

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

SQL Server Hardening

Dell InTrust Preparing for Auditing Microsoft SQL Server

Owner of the content within this article is Written by Marc Grote

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions

Xerox DocuShare Security Features. Security White Paper

Microsoft SQL Server Security Best Practices

Hacking Database for Owning your Data

Web Plus Security Features and Recommendations

Web. Security Options Comparison

Measuring Data Quality for Ongoing Improvement

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

SQL Server AlwaysOn. Michal Tinthofer 11. Praha What to avoid and how to optimize, deploy and operate.

SQL Server 2008 Designing, Optimizing, and Maintaining a Database Session 1

Server 2008 SQL. Administration in Action ROD COLLEDGE MANNING. Greenwich. (74 w. long.)

Virtualization and Forensics

Private Cloud Computing

Workflow Templates Library

Enterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky

enicq 5 System Administrator s Guide

Interact Intranet Version 7. Technical Requirements. August Interact

WhatsUp Gold v16.1 Installation and Configuration Guide

Beginning SQL Server Administration. Apress. Rob Walters Grant Fritchey

Securing Data on Microsoft SQL Server 2012

Enterprise and Standard Feature Compare

NNT CIS Microsoft SQL Server 2008R2 Database Engine Level 1 Benchmark Report 0514a

4cast Server Specification and Installation

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Novi Survey Installation & Upgrade Guide

Training module 2 Installing VMware View

Upgrade Guide BES12. Version 12.1

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

System Administration Training Guide. S100 Installation and Site Management

Office 365. Migrating and Managing Your. Business in the Cloud. Matthew Katzer. Don Crawford

MS-55096: Securing Data on Microsoft SQL Server 2012

WhatsUp Gold v16.2 Installation and Configuration Guide

The Data Access Handbook

D50323GC20 Oracle Database 11g: Security Release 2

Setup and configuration for Intelicode. SQL Server Express

NSi Mobile Installation Guide. Version 6.2

Click Studios. Passwordstate. High Availability Installation Instructions

WhatsUp Gold v16.3 Installation and Configuration Guide

FileCloud Security FAQ

Microsoft SQL Server Security & Auditing. March 23, 2011 ISACA Chapter Meeting

FaxCore Ev5 Database Migration Guide :: Microsoft SQL 2008 Edition

Using Delphix Server with Microsoft SQL Server (BETA)

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

BestSync Tutorial. Synchronize with a FTP Server. This tutorial demonstrates how to setup a task to synchronize with a folder in FTP server.

Microsoft SQL Database Administrator Certification

HP LeftHand SAN Solutions

EMR Link Server Interface Installation

Expert Oracle Application. Express Security. Scott Spendolini. Apress"

SQL Server for Database Administrators Course Syllabus

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

Installing Globodox Web Client on Windows Server 2012

SOFTWARE INSTALLATION INSTRUCTIONS CLIENT/SERVER EDITION AND WEB COMPONENT VERSION 10

Author: Ryan J Adams. Overview. Policy Based Management. Terminology

Oracle Database 11g: Security Release 2

Locking down a Hitachi ID Suite server

Table of Contents. FleetSoft Installation Guide

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

PowerLink for Blackboard Vista and Campus Edition Install Guide

BlackBerry Enterprise Service 10. Version: Configuration Guide

Database Security Guide

Microsoft SQL Server Security and Auditing Clay Risenhoover ISACA North Texas April 14,

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

Table of Contents. RFMS SQL Backup

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Data Warehousing in the Age of Big Data

FieldIT Limited FieldIT CRM. Installation Manual v1.3.i3 (Enterprise Install)

Microsoft SQL Server 2012 Administration. Real-World Skills for MCSA Certification and Beyond (Exams , , and )

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Windows Server 2008/2012 Server Hardening

Click Studios. Passwordstate. Installation Instructions

Data Stored on a Windows Server Connected to a Network

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

Immotec Systems, Inc. SQL Server 2005 Installation Document

Xerox Mobile Print Cloud

Management Reporter Integration Guide for Microsoft Dynamics GP

How To Manage A Database Server 2012

Version 4.61 or Later. Copyright 2013 Interactive Financial Solutions, Inc. All Rights Reserved. ProviderPro Network Administration Guide.

Managing Data in Motion

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

How To Install Powerpoint 6 On A Windows Server With A Powerpoint 2.5 (Powerpoint) And Powerpoint On A Microsoft Powerpoint 4.5 Powerpoint (Powerpoints) And A Powerpoints 2

The manual contains complete instructions on 'converting' your data to version 4.21.

In this topic we will cover the security functionality provided with SAP Business One.

SQL Server 2012/2014 AlwaysOn Availability Group

Avatier Identity Management Suite

Transcription:

Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SVNGRESS Syngress is an Imprint of Elsevier

CONTENTS Acknowledgments Dedication Author Biography About the Technical Editor Introduction v vii ix xi xxi CHAPTER 1 Securing the Network 1 Securing the Network 1 Network Firewalls 2 Server Firewalls 7 Direct Internet Access 9 Public IP Addresses versus Private IP Addresses 11 Accessing SQL Server from Home 14 Physical Security 15 Keep Your Hands Off My Box 16 Open Network Ports 17 Unlocked Workstations 17 Social Engineering 20 Finding the Instances 20 Testing the Network Security 22 Summary 24 CHAPTER 2 Database Encryption 25 Database Encryption 25 Hashing versus Encryption 25 Hashing 27 Encrypting Objects 29 Encrypting Data within Tables 30 Encrypting within Microsoft SQL Server 32 Encrypting Data at Rest 41 TDE and FILESTREAM 44 Log Shipping, Database Mirroring, and Always On 44 Key Protection 45 Encrypting Data on the Wire 46 SQL Server Over SSL 46 Hiding the Instance 54 IP Sec 54 xiii

xiv Contents Encrypting Data with MPIO Drivers 60 PowerPath Encryption with RSA Requirements and Setup 62 Encrypting Data via HBAs 72 Summary 73 CHAPTER 3 SQL Password Security 75 SQL Server Password Security 75 Extended Protection 77 Strong Passwords 81 Contained Database Logins in SQL Server 2012 84 Encrypting Client Connection Strings 88 SQL Reporting Services 88 Application Roles 89 Using Windows Domain Policies to Enforce Password Length 93 Windows Authentication Group Policies 95 Windows Domain Requirements to Use Domain Policies to Manage SQL Authentication Logins 97 Contained Databases 100 Contained Databases and Auto Close 100 db_owners Can Now Add New Users to the Instance 100 Password Policies and Contained Users 101 Summary 101 CHAPTER 4 Securing the Instance 103 What to Install, and When? 103 SQL Authentication and Windows Authentication 106 Editing the master.mdf File 110 Using a Debugger to Intercept Passwords Ill Purchased Products 111 Password Change Policies Ill Auditing Failed Logins 114 Renaming the SA Account 115 Disabling the SA Account 116 Securing Endpoints 118 Stored Procedures as a Security Measure 119 Access to Base Tables Isn't Required 120 Minimum Permissions Possible 121 Instant File Initialization 123

Contents Linked Servers 125 NTLM Double Hop Problems 126 Securing Linked Servers 126 Using Policies to Secure Your Instance 132 SQL Azure Specific Settings 137 Instances That Leave the Office 138 Securing "Always On" 140 Securing Contained Databases 141 Contained Databases and Always On 144 Summary 144 CHAPTER 5 Additional Security for an Internet Facing SQL Server and Application 147 SQL CLR 147 Extended Stored Procedures 152 Protecting Your Connection Strings 154 Database Firewalls 155 Clear Virtual Memory Pagefile 155 User Access Control (UAC) 159 Other Domain Policies to Adjust 162 Summary 163 CHAPTER 6 Analysis Services 165 Logging into Analysis Services 165 Granting Administrative Rights 166 Granting Rights to an Analysis Services Database 168 Securing Analysis Services Objects 172 Data Sources 172 Cubes 174 Cell Data 177 Dimensions 179 Dimension Data 181 Mining Structures 185 Summary 190 CHAPTER 7 Reporting Services 191 Setting upssrs 191 Service Account 194 Web Service URL 195 Database 197 Report Manager URL 200

xvi Contents E-mail Settings 200 Execution Account 202 Encryption Keys 202 Scale-Out Deployment 204 Logging onto SQL Server Reporting Services for the first time 205 Security within Reporting Services 206 Item Roles 206 System Roles 208 Adding System Roles 209 Adding Folder Roles 211 Reporting Services Authentication Options 213 Anonymous Authentication 214 Forms Authentication 216 Security Within Reporting Services 217 Report Server Object Rights 218 Changing Permissions on an Object 218 Hiding Objects 220 Summary 220 CHAPTER 8 SQL Injection Attacks 221 What is an SQL Injection Attack? 221 Why are SQL Injection Attacks so Successful? 226 How to Protect Yourself From an SQL Injection Attack 227 NET Protection Against SQL Injection 227 Protecting Dynamic SQL Within Stored Procedures from SQL Injection Attack 232 Using "EXECUTE AS" to Protect Dynamic SQL 233 Removing Extended Stored Procedures 236 Not Using Best Practice Code Logic can Hurt You 236 What to Return to the End User 238 Database Firewalls 239 Test, Test, Test 240 Cleaning Up the Database After an SQL Injection Attack 240 Other Front-End Security Issues 243 The Web Browser URL is Not the Place for Sensitive Data 243 Using xevents to Monitor For SQL Injection 245 Summary 247

Contents xvii CHAPTER 9 Database Backup Security 249 Overwriting Backups 250 Deleting Old Backups 252 Media Set and Backup Set Passwords 255 Backup Encryption 256 LiteSpeed for SQL Server 257 Red Gate SQL HyperBac 257 Red Gate SQL Backup 258 Third-Party Tape Backup Solutions 259 Transparent Data Encryption 260 Securing the Certificates 261 Compression and Encryption 262 Encryption and Data Deduplication 263 Offsite Backups 264 Summary 266 CHAPTER 10 Storage Area Network Security 267 Securing the Array 267 Locking Down the Management Ports 268 Authentication 269 User Access to the Storage Array 270 Locking Down the iscsi Ports 270 LUN Security 270 Snapshots and Clones 271 Securing the Storage Switches 272 Fiber Channel 272 iscsi 273 Fiber Channel over Ethernet 273 Management Ports 273 Authentication 274 Zone Mapping 274 Summary 274 CHAPTER 11 Auditing for Security 275 Login Auditing 276 SQL Server 2005 and Older 276 SQL Server 2008 and Newer 278 Using xevents for Auditing Logins 284 Auditing sysadmin Domain Group Membership 289 Data Modification Auditing 290 Change Data Capture Configuration 291

xviii Contents Querying Changed Data 293 Using xevents For Data Modification Auditing 294 Using SQL Server Audit for Data Modification 296 Data Querying Auditing 297 Schema Change Auditing 300 Using Extended Events for Schema Change Auditing Using Policy-Based Management to Ensure Policy Compliance C2 Auditing Common Criteria Compliance Summary CHAPTER 12 Server Rights 300 302 306 308 310 3ii SQL Server Service Account Configuration 312 One Account for All Services 312 One Account Per Sever 313 One Account for Each Service 313 Using Local Service Accounts for Running SQL Server Services 314 Credentials 317 SQL Server Agent Proxy Accounts 320 OS Rights Needed by the SQL Server Service 323 Windows System Rights 323 SQL Server's NTFS Permissions 325 OS Rights Needed by the DBA 325 Dual Accounts 326 OS Rights Needed to Install Service Packs 327 OS Rights Needed to Access SSIS Remotely 327 Console Apps must die 330 Fixed-Server Roles 331 User Defined Server Roles 332 AlwaysOn 333 Instance Wide Permissions 334 Fixed Database Roles 334 Fixed Database Roles in the msdb Database 335 User Defined Database Roles 337 Default Sysadmin Rights 339 Vendor's and the Sysadmin Fixed-Server Role 340 Summary 341

Contents xix CHAPTER 13 Securing Data 343 GRANTing Rights 344 DENYing Rights 348 REVOKEing Rights 349 Column Level Permissions 349 Row Level Permissions 351 Summary 354 Appendix 355 Index 367

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information