SQL Server Security Basics
SQL Server Security Basics
SQL Server Security Basics
Objectives
Understand potential data threats and how SQL Servers design protects against them Learn about SQL Server and Windows integrated authentication See how SQL Server provides an authorization system to control access to data and objects
Agenda
Security Overview Authentication Authorization
Security Overview
Relational data is a tempting target for attackers SQL Server 2008 provides plenty of features to secure your data and server
Need to understand the threats
The Threats
Identifying threats is a critical first step
Type of data will probably influence security measures
Sometimes the best way to protect data is to never put it in a database Typical threats
Theft of data Data vandalism Protecting data integrity Illegal storage
Agenda
Security Overview Authentication Authorization
Authentication
Process of verifying that a principal is who or what it claims to be
SQL Server has to uniquely identify principals in order to
authorize
Authentication modes
Mixed Mode Authentication Windows Only Authentication Mode
Learn More @ http://www.learnnowonline.com
Copyright by Application Developers Training Company
Advantages
Single user login Auditing features Simplified login management Password policies
Contained Databases
Not a security feature per se
But introduces a new authentication scheme
Yes
Password match?
Yes
SQL Server No
Initial catalog specified?
Yes
Yes
Authentication type?
Authentication failure No
Matching principal in database ?
No No
Permission in database ?
Yes
No
No
Windows
Matching login or group?
Yes
Yes
No
Server-level authentication
Database authentication
Agenda
Security Overview Authentication Authorization
Authorization
Principals: user or process allowed to access securable objects Securables: protected resource Permissions: type of access
Principals
Windows-level principals
Windows Domain Login Windows Group Windows Local Login
SQL Server Login SQL Server Login mapped to a certificate SQL Server login mapped to a Windows login SQL Server Login mapped to an asymmetric key Application Role Database Role Database User Database User mapped to a certificate Database User mapped to a Windows login Database User mapped to an asymmetric key Public Role
Learn More @ http://www.learnnowonline.com
Copyright by Application Developers Training Company
Database-level principals
Principals
Scope of a principal determines scope of permission Principal can be a login, user, or role
Roles are analogous to Windows groups
Users in role inherit roles permissions Simplify security management
Types of roles
Fixed server roles User-defined server roles Fixed database roles User-defined database roles
Learn More @ http://www.learnnowonline.com
Copyright by Application Developers Training Company
System administrator Bulk insert administrator Database creator Disk administrator Process administrator Server administrator Setup administrator Security administrator
Learn More @ http://www.learnnowonline.com
Copyright by Application Developers Training Company
Used to be, only way to grant some permissions was through a fixed server role SQL Server 2012 solves these problems
Securable Objects
Protected resource that you can control access to Physical object or action
Securable Objects
Server Database Endpoint Remote Binding Route Server Role SQL Server Login
Database Application Role Assembly Asymmetric Key Certificate Database user Fixed Database Role Full-Text Catalog Message Type Schema Service Service Contract Symmetric Key
Schema Default Function Procedure Query Stats Queue Rule Synonym Table Trigger Type View XML Schema Collection
Learn More!
This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn more about about SQL Server on SlideShare
A Tour of SQL Server