how to secure your sql server
DESCRIPTION
http://tinyurl.com/gksecuresql Your Microsoft SQL Server database often contains the most valuable information in your organization. Get tips for securing it properly and effectively in this free, information-packed webinar with Microsoft SQL Server expert Gidget Pryor. In just an hour, Gidget will demonstrate the layered security approach used by SQL Server. She will step you through the process and best practices of setting up logins, users, roles, schemas, and permissions, and she will review the security model changes that have taken place from SQL Server 2005 through SQL Server 2012. She will also review SQL Server 2012 training and certifications. ABOUT THE PRESENTER: Gidget Pryor, SQL Server course director at Global Knowledge, is a SQL Server consultant and instructor with more than 20 years of database, systems engineering, application development, and programming experience. She worked with multiple database platforms including SQL Server, Oracle, DB2, MySQL, FoxPro, Access, and Sybase. She especially enjoys business intelligence and performance tuning.TRANSCRIPT
How To SecureYour SQL Server
Gidget Pryor
© 2003 Global Knowledge Network, Inc. All rights reserved. 04/12/2023 Page 1© 2011Global Knowledge Training LLC. All rights reserved.
© 2014 Global Knowledge Training LLC. All rights reserved.
Gidget [email protected]
SQL Server course director at Global KnowledgeHas more than 20 years of database, systems
engineering, application development, and programming experience
Worked with multiple database platforms, including SQL Server, Oracle, DB2, MySQL, FoxPro, Access, and Sybase
Especially enjoys business intelligence and performance tuning
© 2014 Global Knowledge Training LLC. All rights reserved.
Our Agenda
SQL Server Multilayered Security Approach– Discussion– Demonstration
New Security Features in SQL Server 2012– Discussion– Demonstration
© 2014 Global Knowledge Training LLC. All rights reserved.
Multilayered Security Approach
AuthenticationLoginsUsersSchemasRoles
– Server– Database
Authorization
© 2014 Global Knowledge Training LLC. All rights reserved.
Logins and Users
System LevelMaster database Logins
WindowsSQL Server
User LevelUser database Users
© 2014 Global Knowledge Training LLC. All rights reserved.
Authentication
Occurs at the SQL Server Instance LevelTwo Modes
– Windows Authentication– Mixed Mode (SQL Server and Windows)
© 2014 Global Knowledge Training LLC. All rights reserved.
Logins and Users
Logins– Created and stored in the master database– Two types
• Windows• SQL Server
– Should be created firstUsers
– Created in each individual user database– Mapped to a login– Should be created after the login
© 2014 Global Knowledge Training LLC. All rights reserved.
Schemas
Logical and Security Boundaries Around ObjectsIntroduced in SQL Server 2005Users Have a Default Schema
– Explicitly assigned– dbo if not otherwise assigned
SQL Server Uses Schemas for Object Resolution– If there is no qualified schema name, SQL Server:
1. Uses default schema
2. Checks the dbo schema
3. Returns an error if the object isn’t present in either of these
© 2014 Global Knowledge Training LLC. All rights reserved.
Roles
Server Level– Fixed
• Built in• Permissions are set• Membership is not set
– User defined (new in SQL Server 2012)Database Level
– Fixed• Built in• Permissions are set• Membership is not set
– User defined
© 2014 Global Knowledge Training LLC. All rights reserved.
Authorization
Provides Access to a ResourceScope
– Server– Database– Schema– Object– Element (i.e., column)
Grant, Revoke, DenyCombining Permissions
Demonstration:Multilayered Security
Approach
© 2014 Global Knowledge Training LLC. All rights reserved.
New Security Features in SQL Server 2012
User-Defined Server Roles– Ability to group permissions without giving too much
access– Flexible permissions– Membership is not set
Contained Databases– Partially contained only– Authentication without a login– Facilitate movement of databases from server to server
Demonstration:User-Defined Server Roles
Demonstration:Contained Databases
© 2014 Global Knowledge Training LLC. All rights reserved.
Questions?
Gidget [email protected]
www.globalknowledge.com/microsoft
© 2014 Global Knowledge Training LLC. All rights reserved.
Learn More
Recommended Global Knowledge Courses
Administering Microsoft SQL Server 2012 Databases
MCSA: SQL Server 2012 Boot Camp SQL Server 2008 R2 for
AdministrationRequest an On-Site Delivery
We can tailor our courses to meet your needs
We can deliver them in a private setting
Visit Our Knowledge Center Assessments Blog Case Studies Demos Lab Topologies Special Reports Twitter Videos Webinars White Papers
Thank You for Attending
For more information contact us at:
www.globalknowledge.com | 1-800-COURSES | [email protected]