SQL Server 2005 Security
Panya Damdee
Microsoft Certified Trainer
�What Will We Cover?
New security concepts
Database and object security
Monitoring data security
�Helpful Experience
Microsoft Windows Server 2003
SQL Server or other RDBMS
Security concepts
Level 200
�Agenda
Server Level Security
Database Level Security
Permissions
Monitoring Security
�Facets of SQL Server Security
Windows
Server
Domain
Policies
SQL Server
Database
Monitoring
Connections
Logins
Schema
Catalog
Triggers
Notification
SQL Server 2005 Security
�Facets of SQL Server Security - Notes
Windows
Server
Domain
Policies
SQL Server
Database
Monitoring
Connections
Logins
Schema
Catalog
Triggers
Notification
SQL Server 2005 Security
�Server Level Security Features
Secure by default
Encryption
HTTP endpoints
Surface Area Configuration
�Server Level Security Features - Notes
Secure by Default
Encryption
HTTP Endpoints
Surface Area Configuration
�Demo
demonstration
Server Level Security
Surface Area Configuration Manager
� Encrypting Connections
� HTTP Endpoint Security
�
�Agenda
Server Level Security
Database Level Security
Permissions
Monitoring Security
�User-Schema Separation
Prior to SQL
Server 2005,
object
namespace
included
object owner
Schema
as
Change of
part
of
ownership
namespace
required
removes
this
application
issue
rewrites
LON-SQL-01.AdventureWorks.User
.Sales
.User1.Customer
�Demo
demonstration
Database Level Security
Understanding Catalog Views
� Encrypting Data
� Understanding Schemas
�
�Agenda
Server Level Security
Database Level Security
Permissions
Monitoring Security
�General Permission Scheme
Terms
Grantee
Server level: Logins
Database level:
Principals (for example,
users or roles)
Securable
Entity to be secured
Example: Tables,
databases, servers
Concepts
Same permission can be set
for multiple scopes.
Example: CONTROL on
schema or database level
DENY at any level always take
precedence
�Demo
demonstration
Permissions
Understanding Object Execution
Context
�Understanding User-Schema
Separation
�Using Granular Permissions
�Using Schemas to Grant Permissions
�
�Agenda
Server Level Security
Database Level Security
Permissions
Monitoring Security
�Triggers and Eventdata
DDL
Triggers
Fired on alteration
Server or database level
Logging and auditing
Eventdata
Function
What fired a trigger
Type, SPID, User, Time
Returns XML data
�Demo
demonstration
Monitoring Security
Monitoring SQL Server Security Events
�Using Dedicated Administrator
Connection
�Using Triggers and Alerts
�
�Session Summary
Secure by default
Multi-faceted security
Granular permissions
�For More Information
Visit TechNet at
www.microsoft.com/technet
Visit the url below for additional information
www.microsoft.com/technet/sql-05
�Heard the News about TechNet?
Software without time limits
Complimentary technical support
The most current resources available
www.microsoft.com/technet/subscriptions
�Find all these support options at www.microsoft.com/technet/support
Microsoft offers a progressive series of support options starting with no-charge online support and developing
through subscription, incident, and contract support.
1. No-Charge Online
Support
2. Subscription-Based
Support
3. Assisted Incident
Support
4. Contract-Based
Support
Knowledge Base
TechNet Subscription
E-mail Support
Premier Support
Search a vast database of articles to
pinpoint the information you need.
Subscribe to TechNet for a personal
library of articles, service packs, how-tos,
resource kits, tools, utilities, and more. Your
subscription includes monthly updates
delivered on CD or DVD, so you always
have the latest information,
straight from the source.
Get online incident help by e-mail from a
Microsoft Support Professional.
Upgrade to a TechNet Plus subscription and
add all this:
Save with a discounted 5-Pack Phone
Support contract.
1.
evaluation software,
Office
Advisory Services
Get the flexibility to match support
options to your organization and
enjoy direct access to Microsoft
technical experts at any time, day
or night. Premier Support delivers
customized options for businesses
with complex needs, including
dedicated technical professionals to
oversee your support, 24-hour problem
resolution, and training and workshops
that keep your IT staff up to date.
Newsgroups
Access over 20,000 active newsgroups
on scores of topics.
Product Support Centers
Get answers to frequently asked
questions, plus how-to articles and stepby-step instructions organized
by product.
DLL Help Database
Search here to identify the software used
to install a specific DLL version.
Events and Errors Message
Center
Resolve event and error messages fast
with explanations, recommendations, and
links to support and resources.
Support Webcasts
Tune in to live technical presentations by
Microsoft experts and take part in realtime Q&A.
Chats
Chat online with Microsoft specialists
or search the transcript archives.
User Group Program
Access information and support for IT
and other interest-specific user groups.
TechNet Security Resource
Center
Get ahead of security risks with
resources that keep you current,
including security newsletters and
the Microsoft notification service.
Server
without
Full-version
including Microsoft
System and Windows
System products,
time restrictions.
2.
complimentary
discount on other
Free support two
incidents, plus a
support calls.
3.
business-day
Unlimited, nextaccess to reliable
answers from
the IT community and
Microsoft
Support
Professionals through Managed
Newsgroups (English only).
Phone Support
Get incident help over the phone from a
Microsoft Support Professional.
Phone Support Contract
Add remotely delivered consultation options
from Microsoft Advisory Services for
proactive support that goes far beyond
routine product maintenance.
Essential Support
Essential Support offers prepackaged
options specifically designed to meet
the fundamental support requirements
of any business, large or small. Includes
account management, problem
resolution, and information services.
�Where Else Can I Get Help?
Free chats and webcasts
List of newsgroups
Microsoft community sites
Community events and columns
www.microsoft.com/technet/community
