Securing SQL Server

Securing SQL Server

Protecting Your Database from Attackers

2nd Edition - July 17, 2012

Write a review

  • Author: Denny Cherry
  • eBook ISBN: 9781597499521

Purchase options

Purchase options
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


SQL server is the most widely used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack. In Securing SQL Server, 2e, readers learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book written by Denny Cherry, a Microsoft SQL MVP and one of the biggest names in SQL server today, readers learn how to properly secure a SQL server database from internal and external threats using best practices as well as specific tricks the authors employ in their roles as database administrators for some of the largest SQL server deployments in the world. "Denny Cherry is what would happen if Bill Gates and AC/DC got together to create a sibling. He's a bare-knuckles, no holds-barred technologist, and you can bet that if he tells you that something does or doesn't work, he's speaking from experience. Active in the community, his passion is sharing. You'll enjoy this book."--Buck Woody, Senior Technology Specialist, Microsoft

Key Features

  • Presents hands-on techniques for protecting your SQL Server database from intrusion and attack
  • Provides the most in-depth coverage of all aspects of SQL Server database security, including a wealth of new material on Microsoft SQL Server 2012 (Denali)
  • Explains how to set up your database securely, how to determine when someone tries to break in, what the intruder has accessed or damaged, and how to respond and mitigate damage if an intrusion occurs

Table of Contents

  • Acknowledgements


    Author Biography

    About the Technical Editor


    Chapter 1. Securing the Network

    Securing the network

    Public IP Addresses versus private IP Addresses

    Accessing SQL Server from home

    Physical security

    Social engineering

    Finding the instances

    Testing the network security



    Chapter 2. Database Encryption

    Database encryption

    Encrypting data within tables

    Encrypting data at rest

    Encrypting data on the wire

    Encrypting data with MPIO drivers

    Encrypting data via HBAs



    Chapter 3. SQL Password Security

    SQL Server Password Security

    Strong Passwords

    Contained Database Logins in SQL Server 2012

    Encrypting client connection strings

    Application Roles

    Using Windows domain policies to enforce password length

    Contained Databases



    Chapter 4. Securing the Instance

    What to Install, and When?

    SQL Authentication and Windows Authentication

    Password Change Policies

    Auditing Failed Logins

    Renaming the SA Account

    Disabling the SA Account

    Securing Endpoints

    Stored Procedures as a Security Measure

    Minimum Permissions Possible

    Instant File Initialization

    Linked Servers

    Using Policies to Secure Your Instance

    SQL Azure Specific Settings

    Instances That Leave the Office

    Securing “Always On”

    Securing Contained Databases


    Chapter 5. Additional Security for an Internet Facing SQL Server and Application


    Extended stored procedures

    Protecting Your Connection Strings

    Database Firewalls

    Clear virtual memory pagefile

    User access control (UAC)

    Other domain policies to adjust


    Chapter 6. Analysis Services

    Logging into Analysis Services

    Securing Analysis Services Objects


    Chapter 7. Reporting Services

    Setting up SSRS

    Service Account

    Web Service URL


    Report Manager URL

    E-mail Settings

    Execution Account

    Encryption Keys

    Scale-Out Deployment

    Logging onto SQL Server Reporting Services for the first time

    Security within reporting services

    Reporting services authentication options

    Report server object rights


    Chapter 8. SQL Injection Attacks

    What is an SQL Injection attack?

    Why are SQL Injection attacks so successful?

    How to protect yourself from an SQL Injection attack

    Cleaning up the database after an SQL Injection attack

    Other front-end security issues

    Using xEvents to monitor for SQL Injection



    Chapter 9. Database Backup Security

    Overwriting backups

    Media set and backup set passwords

    Backup encryption

    Transparent data encryption

    Compression and encryption

    Encryption and Data Deduplication

    Offsite backups



    Chapter 10. Storage Area Network Security

    Securing the array

    Securing the storage switches


    Chapter 11. Auditing for Security

    Login auditing

    Data modification auditing

    Data querying auditing

    Schema change auditing

    Using policy-based management to ensure policy compliance

    C2 auditing

    Common Criteria compliance



    Chapter 12. Server Rights

    SQL Server service account configuration

    OS rights needed by the SQL Server service

    OS rights needed by the DBA

    OS rights needed to install service packs

    OS rights needed to access SSIS remotely

    Console Apps must die

    Fixed-server roles

    User defined server roles

    Fixed database roles

    User defined database roles

    Default sysadmin rights

    Vendor’s and the sysadmin fixed-server role


    Chapter 13. Securing Data

    Granting rights

    Denying rights

    Revokeing rights

    Column level permissions

    Row level permissions


    Appendix A. External Audit Checklists


Product details

  • No. of pages: 408
  • Language: English
  • Copyright: © Syngress 2012
  • Published: July 17, 2012
  • Imprint: Syngress
  • eBook ISBN: 9781597499521

About the Author

Denny Cherry

Denny Cherry (MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5. In 2009, Denny was named as a Microsoft MVP for the Microsoft SQL Server product, and in 2011 Denny earned the Microsoft Certified Master certification for SQL Server 2008. Denny has written dozens of articles for a variety of websites as well as print magazines on a variety of subjects including SQL Server, Clustering, Storage Configuration, and SharePoint.

Affiliations and Expertise

(MCSA, MCDBA, MCTS, MCITP, MCM) has been working with Microsoft technology for over 15 years starting with Windows 3.51 and SQL Server 6.5.

Ratings and Reviews

Write a review

There are currently no reviews for "Securing SQL Server"