Download row level security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Data model wikipedia , lookup

Data center wikipedia , lookup

Data analysis wikipedia , lookup

PL/SQL wikipedia , lookup

Clusterpoint wikipedia , lookup

SQL wikipedia , lookup

Relational model wikipedia , lookup

3D optical data storage wikipedia , lookup

Computer security wikipedia , lookup

Business intelligence wikipedia , lookup

Information privacy law wikipedia , lookup

Data vault modeling wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Database model wikipedia , lookup

Transcript
SQL Server 2016 Security
and Privacy Features
Thomas LaRock
Head GeekTM
WHY ARE YOU HERE?
• You are responsible for data security and privacy
WHY ARE YOU HERE?
• You are responsible for data security and privacy
• You want to know more about features in SQL Server 2016
WHY ARE YOU HERE?
• You are responsible for data security and privacy
• You want to know more about features in SQL Server 2016
• You don’t like jail
A LITTLE ABOUT ME
Thomas has over 15 years experience in roles
including programmer, developer, analyst, and
DBA.
He enjoys working with data, probably too much
to be healthy, really.
ABOUT SOLARWINDS
solarwinds.com/products
AGENDA
1
Brief History of SQL Server Security
2
AlwaysEncrypted
3
Dynamic Data Masking
4
Row Level Security
5
Questions
AGENDA
1
Brief History of SQL Server Security
2
AlwaysEncrypted
3
Dynamic Data Masking
4
Row Level Security
5
Questions
AGENDA
1
Brief History of SQL Server Security
2
AlwaysEncrypted
3
Dynamic Data Masking
4
Row Level Security
5
Questions
AGENDA
1
Brief History of SQL Server Security
2
AlwaysEncrypted
3
Dynamic Data Masking
4
Row Level Security
5
Questions
AGENDA
1
Brief History ofr SQL Server Security
2
AlwaysEncrypted
3
Dynamic Data Masking
4
Row Level Security
5
Questions
A BRIEF HISTORY OF SQL SERVER SECURITY
3rd party (BitLocker, et al)
A BRIEF HISTORY OF SQL SERVER SECURITY
3rd party (BitLocker, et al)
Cell level encryption
A BRIEF HISTORY OF SQL SERVER SECURITY
3rd party (BitLocker, et al)
Cell level encryption
Transparent Data Encryption
A BRIEF HISTORY OF SQL SERVER SECURITY
3rd party (BitLocker, et al)
Cell level encryption
Transparent Data Encryption
AlwaysEncrypted
New!
Dynamic Data Masking*
Row Level Security*
TRANSPARENT DATA ENCRYPTION
• Protects data “at rest”
• Performs real-time I/O encryption
(and decryption) of both data and log files
at the page level
• Pages encrypted before written to disk,
decrypted when read into memory
• TDE does not increase the size of the
encrypted database
• Backup compression allowed, but futile
• Replication requires TDE on distribution
and subscriber databases
• Tempdb encrypted
AlwaysEncrypted
• Enabled at column level
• Protects data at rest *AND* in memory
• Uses Column Master Key (client) and
Column Encryption Key (server)
AlwaysEncrypted
AlwaysEncrypted
AlwaysEncrypted
Deterministic – good
for static values; can
be indexed
Randomized – better
security; cannot be
indexed
• ALLOWED:
• Equality JOINs,
• Grouping
• Indexing
• Point lookups
• NOT ALLOWED:
• JOINs,
• Grouping
• Indexing
• Filtering
MUST use *_BIN2 collation (Latin1_General_BIN2)
AlwaysEncrypted
text/ntext/image
Sparse column sets
XML/hierarchyid/geography/geometry Temporal tables
alias types/user-defined data types
Triggers (partial support)
SQL_VARIANT
Full text search
rowversion (timestamp)
Replication
System alias (SYSNAME)
CDC
Computed columns
In Memory OLTP
Identity columns
Stretch database
AlwaysEncrypted
Foreign keys must match encryption
types
Client code needs to support AE
(currently this means .NET 4.6)
AlwaysEncrypted
AlwaysEncrypted
AlwaysEncrypted
Why you will love it
• AlwaysEncrypted, yeah
• Allows designers to not only specify
which columns need to be protected,
but how
• Parameters are encrypted as well
• Built in to the engine, easier for devs
DYNAMIC DATA MASKING
Done at column level (NOT ENCRYPTION!)
Data in the database, at rest, has no protection.
Meant to complement other methods
Performed at the end of a database query right
before data returned
Performance impact small
DYNAMIC DATA MASKING
CREATE TABLE Membership(
MemberID int IDENTITY PRIMARY KEY,
FirstName varchar(100) MASKED WITH (FUNCTION = 'partial(1,"XXXXXXX",0)')
NULL,
LastName varchar(100) NOT NULL,
Phone# varchar(12) MASKED WITH (FUNCTION = 'default()') NULL,
Email varchar(100) MASKED WITH (FUNCTION = 'email()') NULL);
INSERT Membership (FirstName, LastName, Phone#, Email) VALUES
('Roberto', 'Tamburello', '555.123.4567', '[email protected]'),
('Janice', 'Galvin', '555.123.4568', '[email protected]'),
('Zheng', 'Mu', '555.123.4569', '[email protected]');
DYNAMIC DATA MASKING
4
functions
available
today
• Default
• Email
• Custom String
• Random
DYNAMIC DATA MASKING
Function Mask
Default
Based on Datatype
String – XXX
Numbers – 000000
Date & Times - 01.01.2000 00:00:00.0000000
Binary – Single Byte 0
Example
xxxx
0
01.01.2000 00:00:00.0000000
0
Email
First character of email, then Xs, then
.com (always .com)
[email protected]
Custom
First and last values, with Xs in middle
kxxxn
Random
For numeric types, with a range
12
DYNAMIC DATA MASKING
• Data in database is not changed
• Ad-hoc queries *can* expose data
• Does not aim to prevent users from
exposing pieces of sensitive data
DYNAMIC DATA MASKING
Cannot mask an encrypted column (AE)
Cannot be configured on computed column
But if computed column depends on a mask, then mask is
returned
Using SELECT INTO or INSERT INTO results in masked data
being inserted into target (also for import/export)
DYNAMIC DATA MASKING
Why you will love it
• Allows central, reusable design for
standard masking
• Offers more reliable masking and
more usable masking
• Removes whining about “we can do
that later”
ROW LEVEL SECURITY
Filtering result sets (predicate based access)
Predicates applied when reading data
Can be used to block write access
User defined policies tied to inline table functions
ROW LEVEL SECURITY
• No indication that results have been
filtered
• If all rows are filtered than NULL set
returned
• For block predicates, an error returned
• Works even if you are dbo or db_owner
role
ROW LEVEL SECURITY
Recommended to create schema for RLS objects
(predicate functions and security policies)
Use ALTER ANY SECURITY POLICY permissions;
this does not require SELECT on the columns
Avoid type conversions in predicate functions to
avoid runtime errors
ROW LEVEL SECURITY
Not
Allowed
• DBCC SHOW_STATISTICS
• FILESTREAM
• Polybase
• Indexed views
• CDC nor change tracking
ROW LEVEL SECURITY
Why you will love it
• Allows a designer to do this sort of
data protection IN THE DATABASE,
not just rely on code
• Replaces many, many pieces of code
Security - Summary
Key differences
TDE
AE
DDM
RLS
Encryption
Y
Y
N
N
Protect data in memory
N
Y
N
N
Low*
High
Low
Low
N
N
N
Y
Overhead
Block updates
ROW LEVEL SECURITY
Data quality?
Data availability?
Which one is
right for you?
Data recovery?
Query performance?
Legal requirements?
AGENDA
1
Brief History or SQL Server Security
2
AlwaysEncrypted
3
Dynamic Data Masking
4
Row Level Security
5
Questions
Thank You!
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common
law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification
purposes only and may be or are trademarks or registered trademarks of their respective companies.
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
FOR MORE INFORMATION
•
•
•
•
•
•
http://tinyurl.com/msdn-TDE
http://tinyurl.com/msdn-always-encrypted
http://tinyurl.com/msdn-dynamic-data-masking
http://tinyurl.com/msdn-row-level-security
http://tinyurl.com/breaking-tde
http://tinyurl.com/unmasking-DDM