Securing SQL Server: Protecting Your Database from Attackers provides readers with the necessary tools and techniques to help maintain the security of databases within their environment. It begins with a discussion of network security issues, including public versus private IP addresses; accessing an SQL server from home; physical security; and testing network security. The remaining chapters cover database encryption; SQL password security; SQL injection attacks; database backup security; security auditing; and server rights. The Appendix features checklists that database administrators can use to pass external audits.
- Named a 2011 Systems Administration Book by InfoSec Reviews
- Author Denny Cherry is an MVP by Microsoft for his expertise in the SQL Server product
- Learn expert techniques to protect your SQL database environment
- Discover how to identify what an intruder accessed or damaged
Systems Administrators, Database Administrators, Application Developers, IT Managers
Dedication Acknowledgments Author Bio Introduction Chapter 1 Securing the Network Securing the Network Public IP Addresses versus Private IP Addresses Accessing SQL Server from Home Physical Security Social Engineering Finding the Instances Testing the Network Security Summary Chapter 2 Database Encryption Database Encryption Encrypting Data within Tables Encrypting Data at Rest Encrypting Data on the Wire Encrypting Data with MPIO Drivers Encrypting Data via HBAs Summary Chapter 3 SQL Password Security SQL Server Password Security Strong Passwords Encrypting Client Connection Strings Application Roles Using Windows Domain Policies to Enforce Password Length Summary Chapter 4 Securing the Instance What to Install, and When? SQL Authentication and Windows Authentication Password Change Policies Auditing Failed Logins Renaming the SA Account Disabling the SA Account Securing Endpoints Stored Procedures as a Security Measure Minimum Permissions Possible Linked Servers Using Policies to Secure Your Instance SQL Azure Specific Settings Instances That Leave the Office Summary Chapter 5 Additional Security for an Internet Facing SQL Server and Application SQL CLR Extended Stored Procedures Protecting Your Connection Strings Database Firewalls Clear Virtual Memory Pagefile User Access Control (UAC) Other Domain Policies to Adjust Reporting Services Summary Chapter 6 SQL Injection Attacks What Is an SQL Injection Attack? Why Are SQL Injection Attacks So Successful? How to Protect Yourself from an SQL Injection Attack Cleaning Up the Database After an SQL Injection Attack Summary Chapter 7 Database Backup Security Overwriting Backups Media Set and Backup
- No. of pages:
- © Syngress 2011
- 31st January 2011
- eBook ISBN:
- Paperback ISBN:
Denny Cherry (MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5. In 2009, Denny was named as a Microsoft MVP for the Microsoft SQL Server product, and in 2011 Denny earned the Microsoft Certified Master certification for SQL Server 2008. Denny has written dozens of articles for a variety of websites as well as print magazines on a variety of subjects including SQL Server, Clustering, Storage Configuration, and SharePoint.
(MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5.
Best Systems Administration Books 2011, InfoSec Reviews
"Denny Cherry is what would happen if Bill Gates and AC/DC got together to create a sibling. He’s a bare-knuckles, no holds-barred technologist, and you can bet that if he tells you that something does or doesn’t work, he’s speaking from experience. Active in the community, his passion is sharing. You’ll enjoy this book."
-Buck Woody, Senior Technology Specialist, Microsoft
"Securing SQL Server is a must read for any architect or database administrator wanting to secure their SQL Servers. Given the sensitive data that SQL Servers could hold, it is vital that one understands the potential attacks and how to protect yourself from them. This is the book to help you understand."
-InfoSecReviews Book Awards