SQL Server Security and Protection

The estimated reading time for this post is 3 minutes

Training Summary:

Fard Solutions Consulting understands our client busy schedules that do not allow for prolonged travel to a distant training facility. For this matter we created In-House training whereby our trainer will personally conduct the training in clients’ office. Our training classes can accommodate classroom sizes from up to twenty five(25), but we have found fifteen (15) or fewer students per class to be the most productive experience for our participants. We ensure every participant has all the tools they need to succeed in every class.

What we offer?

  1. Our participants enjoy a true technical, “hands-on” experience, with virtual images on each participant’s personalized computer. Our training lab utilizes our simple yet effective format of Learn it, Do it, Prove it. Every class is comprised of PowerPoint-driven lectures and “hands-on” labs.
  2. We have created training classes and the ability to custom-create Quest training courses that meet your company’s specific needs.
  3. At the end of the training we provide quick reference booklet to every participants which is the summary of every custom course we trained.

Course Information:

Title:             FS-3010A Microsoft SQL Server Security & Protection

Duration:    2 Days

Time:            09:00 am – 05:00 pm

This course is intended for:

  • SQL Server administrators who are responsible for the security of their database servers and installation.
  • SQL Server developers who are responsible for developing SQL Server queries and stored procedures and security objects such as Logins, Users, Keys and Certificates.

Prerequisites:

  • Experience with SQL Server.
  • Understanding of Database concept.
  • Experience with SQL Server administration.
  • Experience with Transact-SOL Programming.
  • Knowledge of SQL Server security concept.

Course Outline:

Module 1 : Introduction to SQL Server Security

  • SQL Server Security Levels
  • SQL Server Service Account Login
  • SQL Server Service Master Key
  • SQL Server Database Master Key
  • SQL Server Encryption Algorithms
  • SQL Server Database Encryption Internal Process
  • SQL Server Server Roles
  • SQL Server Database Roles
  • SQL Server Edition Comparison

 Module 2 : Server and Network Security

  • Choosing an Account for Running SQL Server
  • Managing Service SIDs
  • Using a Virtual Service Account
  • Encrypting the Session with SSL
  • Configuring a Firewall for SQL Server Access
  • Disabling SQL Server Browser
  • Stopping Unused Services
  • Using Transparent Database Encryption
  • Securing Linked Server Access
  • Configuring Endpoint Security
  • Limiting Functionalities

Module 3 : User Authentication, Authorization and Security

  • Windows vs. SQL Server Authentication
  • Login Management
  • Brute-Force Attack Solution
  • Limiting SA Account Privileges
  • Giving Granular Server Privileges
  • Preventing User and Login to See Metadata
  • Contained Database
  • Resolving Mismatch SID Issue

Module 4 : Protecting the Data

  • Understanding Permissions
  • Assigning Column-Level Permission
  • Database Roles
  • Application Role
  • Using Schema for Security
  • Managing Object Ownership
  • Protecting Data Through Views and Procedures
  • Configuring Cross-Database Security
  • Change User Execution Context

Module 5 : Code and Data Encryption

  • Encryption Introduction
  • Using Service and Database Master Keys
  • Symmetric Key Encryption
  • Asymmetric Key Encryption
  • Creating and Using Certificate
  • Encrypting Data with Symmetric Key
  • Encrypting Data with Asymmetric Key
  • Storing Hash Values
  • Signing Data
  • Signing Stored Procedures
  • Resolving Permission Chaining in Double Hops.
  • Replace Ownership Chaining by Certificates

Module 6 : Attacks and Injections

  • Defining CAS in .Net Assemblies
  • Deploying .Net Assemblies by Asymmetric Key
  • Protecting SQL Server Against Denial-Of-Service Attack
  • Protecting SQL Server Against SQL Injection
  • Protecting Dynamic SQL from SQL Injection
  • Protecting SQL Server Using SQL Firewall or Web Application Firewall

Module 7 : Securing SQL Agent Service

  • Choosing the Right Service Account
  • Creating Credential and Proxy
  • Allowing Users to Create and Run Their Own SQL Agent Jobs

Module 8 : Securing SQL Server Service-Broker

  • Setting up Secure Transportation for Service-Broker
  • Setting up Secure Dialog for Service-Broker

Module 9 : SQL Server High Availability Security

  • Securing SQL Server Replication
  • Securing SQL Server Database-Mirroring

Module 10 : SQL Server Auditing

  • Using Profiler to Audit SQL Server Access
  • Using DML Trigger to Audit Data Modification
  • Using DDL Trigger to Audit Structure Modification
  • Configuring SQL Server Audit Object
  • Auditing and Tracing User–Configurable Events
  • Using Common Criteria Compliance (C2)
  • Using Microsoft System Center to Analyze SQL Server Instances
  • Using Microsoft SQL Server Best Practice Analyzer
  • Using Policy-Based Management

Module 11 : Workshop

  • Securing the SQL Server Instance
  • Securing Databases
  • Providing Proper Authentication Mode
  • Providing Granular Permission for Every Login and User
  • Applying Encryption
  • Applying Cross-Database Ownership 

 

 

 

Hamid J. Fard

I am SQL Server Data Platform Expert with more than 9 years’ of professional experience, I am currently Microsoft Certified Master: SQL Server 2008, Microsoft Certified Solutions Master: Charter-Data Platform, Microsoft Data Platform MVP and CIW Database Design Specialist. I also do Pig, Hive and Sqoop development regarding Hadoop Big Data platform. After a few years of being a production database administrator I jumped into the role of Data Platform Expert. Being a consultant allows me to work directly with customers to help solve questions regarding database issues for SQL Server.

More Posts

Follow Me:
FacebookLinkedIn