Securing SQL Server

Acknowledgements

Dedication

Author Biography

About the Technical Editor

Introduction

Chapter 1. Securing the Network

Securing the network

Public IP Addresses versus private IP Addresses

Accessing SQL Server from home

Physical security

Social engineering

Finding the instances

Testing the network security

Summary

References

Chapter 2. Database Encryption

Database encryption

Encrypting data within tables

Encrypting data at rest

Encrypting data on the wire

Encrypting data with MPIO drivers

Encrypting data via HBAs

Summary

REFERENCES

Chapter 3. SQL Password Security

SQL Server Password Security

Strong Passwords

Contained Database Logins in SQL Server 2012

Encrypting client connection strings

Application Roles

Using Windows domain policies to enforce password length

Contained Databases

Summary

References

Chapter 4. Securing the Instance

What to Install, and When?

SQL Authentication and Windows Authentication

Password Change Policies

Auditing Failed Logins

Renaming the SA Account

Disabling the SA Account

Securing Endpoints

Stored Procedures as a Security Measure

Minimum Permissions Possible

Instant File Initialization

Linked Servers

Using Policies to Secure Your Instance

SQL Azure Specific Settings

Instances That Leave the Office

Securing “Always On”

Securing Contained Databases

Summary

Chapter 5. Additional Security for an Internet Facing SQL Server and Application

SQL CLR

Extended stored procedures

Protecting Your Connection Strings

Database Firewalls

Clear virtual memory pagefile

User access control (UAC)

Other domain policies to adjust

Summary

Chapter 6. Analysis Services

Logging into Analysis Services

Securing Analysis Services Objects

Summary

Chapter 7. Reporting Services

Setting up SSRS

Service Account

Web Service URL

Database

Report Manager URL

E-mail Settings

Execution Account

Encryption Keys

Scale-Out Deployment

Logging onto SQL Server Reporting Services for the first time

Security within reporting services

Reporting services authentication options

Report server object rights

Summary

Chapter 8. SQL Injection Attacks

What is an SQL Injection attack?

Why are SQL Injection attacks so successful?

How to protect yourself from an SQL Injection attack

Cleaning up the database after an SQL Injection attack

Other front-end security issues

Using xEvents to monitor for SQL Injection

Summary

Reference

Chapter 9. Database Backup Security

Overwriting backups

Media set and backup set passwords

Backup encryption

Transparent data encryption

Compression and encryption

Encryption and Data Deduplication

Offsite backups

Summary

References

Chapter 10. Storage Area Network Security

Securing the array

Securing the storage switches

Summary

Chapter 11. Auditing for Security

Login auditing

Data modification auditing

Data querying auditing

Schema change auditing

Using policy-based management to ensure policy compliance

C2 auditing

Common Criteria compliance

Summary

REFERENCES

Chapter 12. Server Rights

SQL Server service account configuration

OS rights needed by the SQL Server service

OS rights needed by the DBA

OS rights needed to install service packs

OS rights needed to access SSIS remotely

Console Apps must die

Fixed-server roles

User defined server roles

Fixed database roles

User defined database roles

Default sysadmin rights

Vendor’s and the sysadmin fixed-server role

Summary

Chapter 13. Securing Data

Granting rights

Denying rights

Revokeing rights

Column level permissions

Row level permissions

Summary

Appendix A. External Audit Checklists

Index