Securing SQL Server - 1st Edition - ISBN: 9781597496254, 9781597496261

Securing SQL Server

1st Edition

Protecting Your Database from Attackers

Authors: Denny Cherry
eBook ISBN: 9781597496261
Paperback ISBN: 9781597496254
Imprint: Syngress
Published Date: 31st January 2011
Page Count: 272
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
49.95
34.97
34.97
34.97
34.97
34.97
39.96
39.96
30.99
21.69
21.69
21.69
21.69
21.69
24.79
24.79
38.95
27.27
27.27
27.27
27.27
27.27
31.16
31.16
Unavailable
Price includes VAT (GST)
DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Securing SQL Server: Protecting Your Database from Attackers provides readers with the necessary tools and techniques to help maintain the security of databases within their environment. It begins with a discussion of network security issues, including public versus private IP addresses; accessing an SQL server from home; physical security; and testing network security. The remaining chapters cover database encryption; SQL password security; SQL injection attacks; database backup security; security auditing; and server rights. The Appendix features checklists that database administrators can use to pass external audits.

Key Features

  • Named a 2011 Systems Administration Book by InfoSec Reviews
  • Author Denny Cherry is an MVP by Microsoft for his expertise in the SQL Server product
  • Learn expert techniques to protect your SQL database environment
  • Discover how to identify what an intruder accessed or damaged

Readership

Systems Administrators, Database Administrators, Application Developers, IT Managers

Table of Contents


Dedication

Acknowledgments

Author Bio

Introduction

Chapter 1 Securing the Network

Securing the Network

Public IP Addresses versus Private IP Addresses

Accessing SQL Server from Home

Physical Security

Social Engineering

Finding the Instances

Testing the Network Security

Summary

Chapter 2 Database Encryption

Database Encryption

Encrypting Data within Tables

Encrypting Data at Rest

Encrypting Data on the Wire

Encrypting Data with MPIO Drivers

Encrypting Data via HBAs

Summary

Chapter 3 SQL Password Security

SQL Server Password Security

Strong Passwords

Encrypting Client Connection Strings

Application Roles

Using Windows Domain Policies to Enforce Password Length

Summary

Chapter 4 Securing the Instance

What to Install, and When?

SQL Authentication and Windows Authentication

Password Change Policies

Auditing Failed Logins

Renaming the SA Account

Disabling the SA Account

Securing Endpoints

Stored Procedures as a Security Measure

Minimum Permissions Possible

Linked Servers

Using Policies to Secure Your Instance

SQL Azure Specific Settings

Instances That Leave the Office

Summary

Chapter 5 Additional Security for an Internet Facing SQL Server and Application

SQL CLR

Extended Stored Procedures

Protecting Your Connection Strings

Database Firewalls

Clear Virtual Memory Pagefile

User Access Control (UAC)

Other Domain Policies to Adjust

Reporting Services

Summary

Chapter 6 SQL Injection Attacks

What Is an SQL Injection Attack?

Why Are SQL Injection Attacks So Successful?

How to Protect Yourself from an SQL Injection Attack

Cleaning Up the Database After an SQL Injection Attack

Summary

Chapter 7 Database Backup Security

Overwriting Backups

Media Set and Backup Set Passwords

Backup Encryption

Transparent Data Encryption

Compression and Encryption

Offsite Backups

Summary

Chapter 8 Auditing for Security

Login Auditing

Data Modification Auditing

Data Querying Auditing

Schema Change Auditing

Using Policy-Based Management to Ensure Policy Compliance

C2 Auditing

Common Criteria Compliance

Summary

Chapter 9 Server Rights

OS Rights Needed by the SQL Server Service

OS Rights Needed by the DBA

OS Rights Needed to Install Service Packs

OS Rights Needed to Access SSIS Remotely

Console Apps Must Die

Default Sysadmin Rights

Vendor’s and the Sysadmin Fixed-Server Role

Summary

Appendix A: External Audit Checklists

Index


Details

No. of pages:
272
Language:
English
Copyright:
© Syngress 2011
Published:
Imprint:
Syngress
eBook ISBN:
9781597496261
Paperback ISBN:
9781597496254

About the Author

Denny Cherry

Denny Cherry (MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5. In 2009, Denny was named as a Microsoft MVP for the Microsoft SQL Server product, and in 2011 Denny earned the Microsoft Certified Master certification for SQL Server 2008. Denny has written dozens of articles for a variety of websites as well as print magazines on a variety of subjects including SQL Server, Clustering, Storage Configuration, and SharePoint.

Affiliations and Expertise

(MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5.

Awards

Best Systems Administration Books 2011, InfoSec Reviews

Reviews

"Denny Cherry is what would happen if Bill Gates and AC/DC got together to create a sibling. He’s a bare-knuckles, no holds-barred technologist, and you can bet that if he tells you that something does or doesn’t work, he’s speaking from experience. Active in the community, his passion is sharing. You’ll enjoy this book."

-Buck Woody, Senior Technology Specialist, Microsoft

 

"Securing SQL Server is a must read for any architect or database administrator wanting to secure their SQL Servers. Given the sensitive data that SQL Servers could hold, it is vital that one understands the potential attacks and how to protect yourself from them. This is the book to help you understand."

-InfoSecReviews Book Awards