Download lesson15

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
Document related concepts

Concurrency control wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Oracle Database wikipedia , lookup

Tandem Computers wikipedia , lookup

Microsoft Access wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Btrieve wikipedia , lookup

Team Foundation Server wikipedia , lookup

Database model wikipedia , lookup

Relational model wikipedia , lookup

Clusterpoint wikipedia , lookup

Open Database Connectivity wikipedia , lookup

SQL wikipedia , lookup

PL/SQL wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Transcript 
Additional Security Tools
Lesson 15
Skills Matrix
Guarding Your Data
• Maintaining data integrity can also involve
data encryption and auditing.
Encryption
• You can put another layer, encryption, on top
of all this security. SQL Server encrypts data
with hierarchical encryption and key
management infrastructure.
• Each layer encrypts the layer below it by
using a combination of certificates,
asymmetric keys, and symmetric keys, in
scopes that parallel the permissions
hierarchy
SQL Server Encryption
• To encrypt your connections to SQL Server, you first
need to get a certificate.
• You can get one from one of the major vendors
such as VeriSign, or you can install Windows
Certificate services and supply your own.
• Once you have a certificate, you need to install it
on the server.
• Finally, you need to configure the clients to request
encrypted connections to the server.
SQL Server Encryption
• The database-level cryptographic features in
SQL Server rely on a database master key.
• This key does not generate automatically
when you create the database.
– It must be created by the system
administrator.
• You need but one master key per database.
Transparent Data Encryption
• SQL Server 2008 includes a new feature known as
Transparent Data Encryption (TDE).
• This encryption is transparent to the application
code as SQL Server 2008 automatically handles
the encryption and decryption of all data going in to
and out of the database.
• The primary purpose of this TDE feature is to have
the entire database encrypted so that any
unauthorized person having direct access to copies
of the database files and / or transaction log files
cannot decrypt and read the data.
Transparent Data Encryption
• It is critically important to understand that the
database master key and the encryption certificate
need to be backed up to a secure location.
• This location also needs to be separate from
regular backups or other copies of the database
files.
• The encryption security provided by TDE is
meaningless if database files and the certificate
both fall into the hands of the wrong person.
Extensible Key Management
• SQL Server 2008 includes a new feature known as
Extensible Key Management (EKM).
• This is a method of providing for encryption methods
using software and possibly hardware such as smart
cards or USB devices provided by third-party entities.
• With EKM, encryption can be established using physical
hardware known as a Hardware Security Module (HSM).
• This can be a more secure solution because the
encryption keys do not reside with encrypted data in the
database.
• Instead, the keys are stored on the hardware device.
Audits
• Audits keep a record of database activities.
Set configuration options for the factors of
concern and then review the results.
• If you suspect someone uses an employee’s
login inappropriately, audit for logins and
look for suspicious behaviors.
C2 Criteria
• In 1985, the Department of Defense published DOD
Directive 5200.28-STD, Department of Defense
Standard, “Department of Defense Trusted Computer
System Evaluation Criteria” known familiarly as the
“Orange Book” which was part of the “Rainbow Series”
of security evaluation criteria.
• The Orange Book laid out a matrix where A was the
most trusted and D the least trusted.
• Numbers were also used where 1 was the most
stringent criteria.
• The resultant classes, then, are A1, B1, B2, B3, C1, C2
and D.
C2 Criteria
• C2 requires controlled access protection and
is deemed appropriate for “business
sensitive” data—less guarded then
confidential, secret or top secret
classifications.
• C2 requires individual accountability through
login procedures, audit trails, object reuse
and resource isolation.
• SQL Server provides these protections
Auditing
• Auditing an instance of SQL Server or a SQL
Server database involves tracking and
logging events that occur on the system.
• SQL Server Utility provides you a means to
audit and manage your SQL Server
environment as a whole through the concept
of application and multiserver management.
SQL Server Utility
• SQL Server Utility provides you a means to
audit and manage your SQL Server
environment as a whole through the concept
of application and multiserver management.
• The SQL Server Utility models your
organization’s SQL Server-related entities in
a unified view.
SQL Server
Utility
Architecture
SQL Server Utility
• Utility Explorer and SQL Server Utility
viewpoints (in SSMS) provide administrators
a holistic view of resource health through an
instance of SQL Server that serves as a
utility control point (UCP).
• Entities viewable in a SQL Server UCP
include instances of SQL Server, data-tier
applications, database files and storage
volumes. Resource use can be monitored for
CPU and storage use.
Summary
• SQL Server encryption provides an additional
security protection from hackers or
eavesdroppers.
• While someone might access your file
stream or table, they will find the information
undecipherable.
• This comes at the expense of additional
overhead.
Summary
• With auditing you can create a record of
what happens on your SQL Server instance.
You can record successful connections to
learn who uses what resources how often.
• A management report might be appropriate
to reward diligent employees.
• With SQL Utility you can monitor the
resource health of your entire enterprise and
produce near real-time management and
analysis reports.
Summary for Certification Examination
• Know how to configure encryption on a
column.
• Understand transparent data encryption and
its value.
• For a given situation, determine which
auditing technique can be of value.
Related documents
Job Descriptions - Human Resources Department JOB GOAL
Job Descriptions - Human Resources Department JOB GOAL
Business Intelligence and Data Warehousing
Business Intelligence and Data Warehousing
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
Recruitment Authorisation Form
Recruitment Authorisation Form
mysql> show tables
mysql> show tables
Elements of SQL Data Definition Language
Elements of SQL Data Definition Language
BIS 3204 Database DB Programming
BIS 3204 Database DB Programming
Using Power BI with my DBA Database
Using Power BI with my DBA Database
Implementing and Maintaining Microsoft SQL Server 2008 Analysis
Implementing and Maintaining Microsoft SQL Server 2008 Analysis
MidRange Concepts - Fox Valley Technical College
MidRange Concepts - Fox Valley Technical College
SQL server Network utility
SQL server Network utility
Vievu/DVMS
Vievu/DVMS