Download IT Security, SQL Server and You!

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Cross-site scripting wikipedia , lookup

Access control wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Outlook.com wikipedia , lookup

Wireless security wikipedia , lookup

Mobile security wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Unix security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Security-focused operating system wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Howard Pincham, MCITP, CISSP
Database and Compliance Engineer
Hyland Software, Inc.
[email protected]
Discuss the importance of good
security practices.
 Provide guidance on how to secure
SQL Server.
 Demonstrate repeatable techniques
that you can use today!

Hottest-selling ’70s/’80s
vehicle
 Most likely to be stolen…
why?

 It was easy to steal
 Big market for stolen parts
 Worth the effort to strip
“..’cuz that’s where the money is”---Willie Sutton, famed bank robber
Cutlass
Quarter window and ignition
lock
Asset
Vulnerability
Anybody with a screwdriver
Threat
Likelihood Cutlass is stolen
Risk
Alarm or kill
switch
Safeguard
You want to access tables in a
certain database instance on a
laptop.
 The instance has been hardened
by granting access to a single user.
 The user will not cooperate with
you.
 What actions would you take to
access the data?

Vulnerability
Credentials stored in plaintext
Unsecured backup files
Unsecured database services and
files
Poor physical security
Safeguard
Store credentials in a secure store
or network
Apply Least Privilege
Secure backup folders
Encrypt backup files and/or backup
volumes
Store critical data on systems
located in secure rooms or
datacenters.
You are concerned about the
security of data and metadata as it
traverses various networks.
 You suspect that some systems and
applications are vulnerable to
network based attacks.
 What actions will you take to test
these systems?

Vulnerability
Untrusted clients can identify and
interrogate SQL Server instances
Transaction data and SQL logins
are transmitted in plaintext
SQL login credentials can be
configured to allow blank
passwords
SQL Injection and other hacks can
compromise the server
Safeguard
“Hide” instances, isolate servers
Isolate network traffic and/or use
encrypted connections
Apply password policies, use
Windows Authentication
Apply single use servers, least
privilege and use secure coding.
WEBSERVERA
Local Area Network
SQLSERVERA
WEBSERVERA
External/Client
Untrusted
SQLSERVERA
Trusted
Access
Management
Network
Access
Protection
Business
Continuity
Configuration
Management
Change
Management
Content
Management
Data
Protection
Data
Lifecycle
Management
Disaster
Recovery
Encryption
Key
Management
Identity
Management
Network
Access
Protection
Intrusion
Detection
Retention
Management
Issue
Management
Surface Area
Configuration
Patch
Management
Security
Updates
Separation of
Duties
http://csrc.nist.gov/
http://microsoft.com/security
www.sans.org/top20/2002/mssql_checklist.pdf
technet.microsoft.com/en-us/library/cc646023.aspx#BKMK_basic
technet.microsoft.com/en-us/security/cc184924.aspx
www.darkreading.com/database_security
http://blogs.msdn.com/b/sqlsecurity/archive/2010/07/26/securitychecklists-on-technet-wiki.aspx
 http://www.cisecurity.org/tools2/sqlserver/CIS_SQL2005_Benchmark_
v1.1.1.pdf













Portqry http://support.microsoft.com/kb/310099
Network Monitor http://blogs.technet.com/b/netmon/
Nessus http://www.nessus.org/nessus/
Metasploit http://www.metasploit.com/
EPM http://epmframework.codeplex.com/
Windows Firewall http://technet.microsoft.com/enus/library/cc732283(WS.10).aspx
Related documents
Recruitment Authorisation Form
Recruitment Authorisation Form
Database Administrator
Database Administrator
Unitek`s 6-Day Official MCTS: SQL Server 2008
Unitek`s 6-Day Official MCTS: SQL Server 2008
Script Write / Programmer
Script Write / Programmer
B S Srinath Amruth
B S Srinath Amruth
Implementing and Maintaining Microsoft SQL Server 2008 Analysis
Implementing and Maintaining Microsoft SQL Server 2008 Analysis
Go to Start – All Programs – Microsoft SQL Server Management Studio
Go to Start – All Programs – Microsoft SQL Server Management Studio
Presentation
Presentation
How to Import MDB files to SQL Server 2008 R2
How to Import MDB files to SQL Server 2008 R2
transfer the PecStar database to a new server
transfer the PecStar database to a new server
wildlife - Seasalt
wildlife - Seasalt
PASS Pre-Conf Workshop
PASS Pre-Conf Workshop
Lecture 10 MS-SQL Server Basics
Lecture 10 MS-SQL Server Basics
Document
Document
Lecture 10 MS-SQL Server Basics
Lecture 10 MS-SQL Server Basics
SQL Server Analysis Services Fundamentals
SQL Server Analysis Services Fundamentals
Slide 1
Slide 1
How to Resolve "Error with SQL authentication" Warning
How to Resolve "Error with SQL authentication" Warning
Enterprise Manager
Enterprise Manager
Powerpoint
Powerpoint
WAHEED OPEMIPO ODUBAYO 13502 Sarento Village Sugar Land
WAHEED OPEMIPO ODUBAYO 13502 Sarento Village Sugar Land
Proposal Presentation. - Computer Science
Proposal Presentation. - Computer Science