Securing SQL Server book cover

Securing SQL Server

Protecting Your Database from Attackers

Securing SQL Server: Protecting Your Database from Attackers provides readers with the necessary tools and techniques to help maintain the security of databases within their environment. It begins with a discussion of network security issues, including public versus private IP addresses; accessing an SQL server from home; physical security; and testing network security. The remaining chapters cover database encryption; SQL password security; SQL injection attacks; database backup security; security auditing; and server rights. The Appendix features checklists that database administrators can use to pass external audits.

,

Published: January 2011

Imprint: Syngress

ISBN: 978-1-59749-625-4

Reviews

  • "Denny Cherry is what would happen if Bill Gates and AC/DC got together to create a sibling. He’s a bare-knuckles, no holds-barred technologist, and you can bet that if he tells you that something does or doesn’t work, he’s speaking from experience. Active in the community, his passion is sharing. You’ll enjoy this book."

    -Buck Woody, Senior Technology Specialist, Microsoft

     

    "Securing SQL Server is a must read for any architect or database administrator wanting to secure their SQL Servers. Given the sensitive data that SQL Servers could hold, it is vital that one understands the potential attacks and how to protect yourself from them. This is the book to help you understand."

    -InfoSecReviews Book Awards


Contents


  • Dedication

    Acknowledgments

    Author Bio

    Introduction

    Chapter 1 Securing the Network

    Securing the Network

    Public IP Addresses versus Private IP Addresses

    Accessing SQL Server from Home

    Physical Security

    Social Engineering

    Finding the Instances

    Testing the Network Security

    Summary

    Chapter 2 Database Encryption

    Database Encryption

    Encrypting Data within Tables

    Encrypting Data at Rest

    Encrypting Data on the Wire

    Encrypting Data with MPIO Drivers

    Encrypting Data via HBAs

    Summary

    Chapter 3 SQL Password Security

    SQL Server Password Security

    Strong Passwords

    Encrypting Client Connection Strings

    Application Roles

    Using Windows Domain Policies to Enforce Password Length

    Summary

    Chapter 4 Securing the Instance

    What to Install, and When?

    SQL Authentication and Windows Authentication

    Password Change Policies

    Auditing Failed Logins

    Renaming the SA Account

    Disabling the SA Account

    Securing Endpoints

    Stored Procedures as a Security Measure

    Minimum Permissions Possible

    Linked Servers

    Using Policies to Secure Your Instance

    SQL Azure Specific Settings

    Instances That Leave the Office

    Summary

    Chapter 5 Additional Security for an Internet Facing SQL Server and Application

    SQL CLR

    Extended Stored Procedures

    Protecting Your Connection Strings

    Database Firewalls

    Clear Virtual Memory Pagefile

    User Access Control (UAC)

    Other Domain Policies to Adjust

    Reporting Services

    Summary

    Chapter 6 SQL Injection Attacks

    What Is an SQL Injection Attack?

    Why Are SQL Injection Attacks So Successful?

    How to Protect Yourself from an SQL Injection Attack

    Cleaning Up the Database After an SQL Injection Attack

    Summary

    Chapter 7 Database Backup Security

    Overwriting Backups

    Media Set and Backup Set Passwords

    Backup Encryption

    Transparent Data Encryption

    Compression and Encryption

    Offsite Backups

    Summary

    Chapter 8 Auditing for Security

    Login Auditing

    Data Modification Auditing

    Data Querying Auditing

    Schema Change Auditing

    Using Policy-Based Management to Ensure Policy Compliance

    C2 Auditing

    Common Criteria Compliance

    Summary

    Chapter 9 Server Rights

    OS Rights Needed by the SQL Server Service

    OS Rights Needed by the DBA

    OS Rights Needed to Install Service Packs

    OS Rights Needed to Access SSIS Remotely

    Console Apps Must Die

    Default Sysadmin Rights

    Vendor’s and the Sysadmin Fixed-Server Role

    Summary

    Appendix A: External Audit Checklists

    Index


Advertisement

advert image