Scribd
Upload
60 views3 pages

70-450 SQL Server Instance Security

sec

Uploaded by

Stephen Efange
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
60 views3 pages

70-450 SQL Server Instance Security

sec

Uploaded by

Stephen Efange
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

SQL SERVER INSTANCE SECURITY

http://technet.microsoft.com/en-us/library/bb326598.aspx

Logon triggers

If sql server is in mixed authentication mode then you have the ability to create sql server logins

Read about service accounts.

A login is what identifies you to the instance itself. It does not actually give you any permissions, it just
lets the instance know who you are.

One way to give yourself a block of permissions is to give yourself server roles. Back in the day roles
used to be called groups.

Server roles are another layer of security that you can have across the entire instance.

You cannot create your own server roles.

If you need to assign a custom set of permissions you need to go to the login and do it directly.
Credential are the last piece of security that you control at the instance level. A credential can be
created and mapped to a windows identity(ID/windows user) and used elsewhere in sql server such as
to be used for sql server agent.

The last area of instance wide security will be audits. An audit is a way of automatically collecting
information that you are interested in. it consists of two parts, the audit itself and then the
specification.

The audit does the collecting.

The specification sets or says what to collect.

Endpoints are not instance wide but exists on a per instance basis.

Sql server has the ability to set itself up as a web service so that things can connect directly to it and pull
data out of it.

When you set that up, you are exposing sql server on an http port . usually port 80 by default but it does
not have to be. There is some security associated with this feature.

It cannot be set using GUI, you have to use a sql command(tsql)


You can use NTLM, KERBEROS, INTEGRATED.

INTEGRATED will use either NTLM or KERBEROS depending on what the client requests.

Digest or basic authentication is used if there is a non windows os as INTEGRATED is only used when all
clients are using windows os.

Basic authentication passes user names and password in clear text across the network. So it’s good to
combine it with https.

You might also like