COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Securing SQL Server - 3rd Edition - ISBN: 9780128012758, 9780128013755

Securing SQL Server

3rd Edition

Protecting Your Database from Attackers

Author: Denny Cherry
Paperback ISBN: 9780128012758
eBook ISBN: 9780128013755
Imprint: Syngress
Published Date: 23rd April 2015
Page Count: 462
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack.

In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practices as well as specific tricks that the author employs in his role as a consultant for some of the largest SQL server deployments in the world.

Fully updated to cover the latest technology in SQL Server 2014, this new edition walks you through how to secure new features of the 2014 release. New topics in the book include vLANs, setting up RRAS, anti-virus installs, key management, moving from plaintext to encrypted values in an existing application, securing Analysis Services Objects, Managed Service Accounts, OS rights needed by the DBA, SQL Agent Security, Table Permissions, Views, Stored Procedures, Functions, Service Broker Objects, and much more.

Key Features

  • Presents hands-on techniques for protecting your SQL Server database from intrusion and attack
  • Provides the most in-depth coverage of all aspects of SQL Server database security, including a wealth of new material on Microsoft SQL Server 2014.
  • Explains how to set up your database securely, how to determine when someone tries to break in, what the intruder has accessed or damaged, and how to respond and mitigate damage if an intrusion occurs.


information security professionals; administrators of databses, systems, and networks; application developers; IT and security managers; security auditors; security engineers; compliance specialists.

Table of Contents

  • Dedication
  • Author Biography
  • Technical Editor Biography
  • Acknowledgments
  • Introduction
  • Chapter 1: Identifying Security Requirements
    • Abstract
    • What are Security Objectives?
    • When Should Security Objectives been Identified?
    • How to Identify Security Objectives?
  • Chapter 2: Securing the Network
    • Abstract
    • Securing the Network
    • Public IP Addresses versus Private IP Addresses
    • vLANs
    • Accessing SQL Server from Home
    • Physical Security
    • Social Engineering
    • Finding the Instances
    • Testing the Network Security
    • Antivirus Installation on SQL Servers
    • Summary
  • Chapter 3: Key Management
    • Abstract
    • Service Master Key
    • Database Master Key
    • Encryption Password Management
    • Enterprise Key Management
    • High Availability and Disaster Recovery for Key Management
    • Conclusions
  • Chapter 4: Database Encryption
    • Abstract
    • Database Encryption
    • Encrypting Data within Tables
    • Encrypting Data at Rest
    • Encrypting Data on the Wire
    • Encrypting Data with MPIO Drivers
    • Encrypting Data via HBAs
    • Summary
  • Chapter 5: SQL Password Security
    • Abstract
    • Login Types
    • SQL Server Password Security
    • Strong Passwords
    • Password Change Policies
    • Renaming the SA Account
    • Disabling the SA Account
    • Users versus Logins
    • Contained Database Users in SQL Server 2012 and Beyond
    • Schemas
    • Encrypting Client Connection Strings
    • Application Roles
    • Using Windows Domain Policies to Enforce Password Length
    • Contained Users
    • Summary
  • Chapter 6: Securing the Instance
    • Abstract
    • What to Install, and When?
    • SQL Authentication and Windows Authentication
    • Password Change Policies
    • Auditing Failed Logins
    • Renaming the SA Account
    • Disabling the SA Account
    • Securing Endpoints
    • Stored Procedures as a Security Measure
    • Minimum Permissions Possible
    • Instant File Initialization
    • Linked Servers
    • Using Policies to Secure Your Instance
    • SQL Azure Specific Settings
    • Instances that Leave the Office
    • Securing AlwaysOn Availability Groups
    • Securing Contained Databases
    • SQL CLR
    • Extended Stored Procedures
    • Protecting Your Connection Strings
    • Database Firewalls
    • Clear Virtual Memory Pagefile
    • User Access Control (UAC)
    • Other Domain Policies to Adjust
    • Summary
  • Chapter 7: Analysis Services
    • Abstract
    • Logging into Analysis Services
    • Securing Analysis Services Objects
    • Summary
  • Chapter 8: Reporting Services
    • Abstract
    • Setting up SSRS
    • Security within Reporting Services
    • Reporting Services Authentication Options
    • Report Server Object Rights
    • Summary
  • Chapter 9: SQL Injection Attacks
    • Abstract
    • What is an SQL Injection Attack?
    • Why are SQL Injection Attacks so Successful?
    • How to Figure out you have been Attacked
    • How to Protect Yourself from an SQL Injection Attack
    • Cleaning up the Database after a SQL Injection Attack
    • Other Front end Security Issues
    • Using xEvents to Monitor for SQL Injection
    • Summary
  • Chapter 10: Database Backup Security
    • Abstract
    • Overwriting Backups
    • Media set and Backup set Passwords
    • Backup Encryption
    • Transparent Data Encryption
    • Compression and Encryption
    • Offsite Backups
    • Summary
  • Chapter 11: Storage Area Network Security
    • Abstract
    • Securing the Array
    • Securing the Storage Switches
    • Summary
  • Chapter 12: Auditing for Security
    • Abstract
    • Login Auditing
    • Data Modification Auditing
    • Data Querying Auditing
    • Schema Change Auditing
    • Using Policy-based Management to Ensure Policy Compliance
    • C2 Auditing
    • Common Criteria Compliance
    • Summary
  • Chapter 13: Server Rights
    • Abstract
    • SQL Server Service Account Configuration
    • OS Rights Needed by the SQL Server Service
    • OS Rights Needed by the DBA
    • OS Rights Needed to Install Service Packs
    • OS Rights Needed to Access SSIS Remotely
    • Console Apps Must Die
    • Fixed Server Roles
    • User Defined Server Roles
    • Fixed Database Roles
    • User-defined Database Roles
    • Default Sysadmin Rights
    • Vendor’s and the Sysadmin Fixed Server Role
    • Summary
  • Chapter 14: SQL Server Agent Security
    • Abstract
    • Proxies
    • SQL Agent Job Steps
    • Granting Rights to Proxies
    • Job Ownership
    • Summary
  • Chapter 15: Securing Data
    • Abstract
    • GRANTing Rights
    • DENYing Rights
    • REVOKEing Rights
    • Table and view Permissions
    • Stored Procedure Permissions
    • Signing Stored Procedures, Functions and Triggers
    • Function Permissions
    • Service Broker Objects
    • Separation of Duties
    • Summary
  • Appendix A: External Audit Checklists
  • Subject Index


No. of pages:
© Syngress 2015
23rd April 2015
Paperback ISBN:
eBook ISBN:

About the Author

Denny Cherry

Denny Cherry (MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5. In 2009, Denny was named as a Microsoft MVP for the Microsoft SQL Server product, and in 2011 Denny earned the Microsoft Certified Master certification for SQL Server 2008. Denny has written dozens of articles for a variety of websites as well as print magazines on a variety of subjects including SQL Server, Clustering, Storage Configuration, and SharePoint.

Affiliations and Expertise

(MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5.


"This book is recommended to both students and database administrators and staff. After reading it, users will better understand the security risks of database systems and the roles of security policies and security methods...a benchmark in terms of practice for securing databases." --Computing Reviews

"Denny Cherry is what would happen if Bill Gates and AC/DC got together to create a sibling. He's a bare-knuckles, no-holds-barred technologist, and you can bet that if he tells you that something works or doesn't work, he's speaking from experience. Active in the community, his passion is sharing. You'll enjoy this book." --Bucky Wood, Senior Technology Specialist, Microsoft

Ratings and Reviews