Written by Denny Cherry, a Microsoft MVP for the SQL Server product, a Microsoft Certified Master for SQL Server 2008, and one of the biggest names in SQL Server today, Securing SQL Server, Second Edition explores the potential attack vectors someone can use to break into your SQL Server database as well as how to protect your database from these attacks. In this book, you will learn how to properly secure your database from both internal and external threats using best practices and specific tricks the author uses in his role as an independent consultant while working on some of the largest and most complex SQL Server installations in the world. This edition includes new chapters on Analysis Services, Reporting Services, and Storage Area Network Security. Presents hands-on techniques for protecting your SQL Server database from intrusion and attack. Provides the most in-depth coverage of all aspects of SQL Server database security, including a wealth of new material on Microsoft SQL Server 2012 (Denali). Explains how to set up your database securely, how to determine when someone tries to break in, what the intruder has accessed or damaged, and how to respond and mitigate damage if an intrusion occurs.
Author: Peter A. Carter
Release Date: 2018-11-14
Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy for your database enterprise. This new edition covers threat analysis, common attacks and countermeasures, and provides an introduction to compliance that is useful for meeting regulatory requirements such as the GDPR. The multi-layered approach in this book helps ensure that a single breach does not lead to loss or compromise of confidential, or business sensitive data. Database professionals in today’s world deal increasingly with repeated data attacks against high-profile organizations and sensitive data. It is more important than ever to keep your company’s data secure. Securing SQL Server demonstrates how developers, administrators and architects can all play their part in the protection of their company’s SQL Server enterprise. This book not only provides a comprehensive guide to implementing the security model in SQL Server, including coverage of technologies such as Always Encrypted, Dynamic Data Masking, and Row Level Security, but also looks at common forms of attack against databases, such as SQL Injection and backup theft, with clear, concise examples of how to implement countermeasures against these specific scenarios. Most importantly, this book gives practical advice and engaging examples of how to defend your data, and ultimately your job, against attack and compromise. What You'll Learn Perform threat analysis Implement access level control and data encryption Avoid non-reputability by implementing comprehensive auditing Use security metadata to ensure your security policies are enforced Mitigate the risk of credentials being stolen Put countermeasures in place against common forms of attack Who This Book Is For Database administrators who need to understand and counteract the threat of attacks against their company’s data, and useful for SQL developers and architects
The perfect book for multi-tasked IT managers responsible for securing the latest version of SQL Server 2005. SQL Server is the perfect product for the How to Cheat series. It is an ambitious product that, for the average SysAdmin, will present a difficult migration path from earlier versions and a vexing number of new features. How to Cheat promises help in order to get SQL Server secured as quickly and safely as possible. Provides the multi-tasked Sys Admin with the essential information needed to perform the daily tasks Covers SQL Server 2005, which is a massive product with significant challenges for IT managers Emphasizes best-practice security measures
SQL Server is the dominant relational database in the Windows market and data security is a huge and growing concern for all businesses. Securing SQL Server is one of the most important responsibilities of the SQL Server professional. SQL Server Distilled, Second Edition is a very carefully researched, clearly explained book on securing SQL Server, by an author who knows SQL Server inside and out. If you follow the practical guidelines that are clearly set out in this book, then you stand a very good chance of making sure that the data stored in your database is secure and that the conversation between your applications and the database is secure (preventing SQL injection attacks, etc.). For example, any database administrator who implemented the security precautions detailed in the book would not have been affected by the infamous Slammer virus. This second edition offers practical advice on how to implement good practices that will ward off future viruses before they are even created, and it contains new content that reflects all updates to SQL Server's security mechanisms. Table of Contents A Security Roadmap Authenticating Logins Database Security in SQL Server 6.5 Database Security in SQL Server 7.0 and 2000 Securing Data on the Network Designing Security for Applications Securing Data Transformation Services Replication Security Managing Security for SQL Server CE
Author: David Litchfield
Publisher: McGraw Hill Professional
Release Date: 2003-10-15
Addresses SQL Server vulnerabilities and provides security solutions. Covers installation, administration, and programming--plus security issues such as authentication, encryption, intrusion detection, and more. Written for IT professionals administering or programming any SQL Server-based application--includes coverage of SQL Server 7, SQL Server 2000, and SQL Server (Yukon).
Author: Michael Coles
Release Date: 2011-06-08
Every day, organizations large and small fall victim to attacks on their data. Encryption provides a shield to help defend against intruders. Because of increasing pressure from government regulators, consumers, and the business community at large, the job descriptions of SQL DBAs and developers are expanding to include encryption. Expert SQL Server 2008 Encryption will show you how to efficiently implement SQL Server 2008 encryption functionality and features to secure your organizational data. Introduces encryption, guiding readers through its implementation in SQL Server Demonstrates advanced techniques such as the use of hardware security modules Covers all that a SQL Server database administrator needs to know about encryption
“What Kevvie Fowler has done here is truly amazing: He has defined, established, and documented SQL server forensic methods and techniques, exposing readers to an entirely new area of forensics along the way. This fantastic book is a much needed and incredible contribution to the incident response and forensic communities.” —Curtis W. Rose, founder of Curtis W. Rose and Associates and coauthor of Real Digital Forensics The Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions Many forensics investigations lead to the discovery that an SQL Server database might have been breached. If investigators cannot assess and qualify the scope of an intrusion, they may be forced to report it publicly–a disclosure that is painful for companies and customers alike. There is only one way to avoid this problem: Master the specific skills needed to fully investigate SQL Server intrusions. In SQL Server Forensic Analysis, author Kevvie Fowler shows how to collect and preserve database artifacts safely and non-disruptively; analyze them to confirm or rule out database intrusions; and retrace the actions of an intruder within a database server. A chapter-length case study reinforces Fowler’s techniques as he guides you through a real-world investigation from start to finish. The techniques described in SQL Server Forensic Analysis can be used both to identify unauthorized data access and modifications and to gather the information needed to recover from an intrusion by restoring the pre-incident database state. Coverage includes Determining whether data was actually compromised during a database intrusion and, if so, which data Real-world forensic techniques that can be applied on all SQL Server instances, including those with default logging Identifying, extracting, and analyzing database evidence from both published and unpublished areas of SQL Server Building a complete SQL Server incident response toolkit Detecting and circumventing SQL Server rootkits Identifying and recovering previously deleted database data using native SQL Server commands SQL Server Forensic Analysis is the first book of its kind to focus on the unique area of SQL Server incident response and forensics. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, auditor, or database professional, you’ll find this book an indispensable resource.
Author: Mike Young
Publisher: John Wiley & Sons
Release Date: 2003-06-17
Learn how to protect corporate information by properly designing, managing, and maintaining security at the database level Security is a primary concern in all aspects of development and IT administration. While locking down networks and erecting firewalls will always be necessary, so much more can be done to protect a corporation's most valuable intangible assets: accounting records, customer lists, and inventories. Microsoft SQL Server 2000 has proven itself to be the fastest and most reliable product available for protecting corporate data. No other book covers as thoroughly the subject of security design and implementation strategies; Mastering SQL Server 2000 Security fills that gap in literature with practical, hands-on advice. Packed with indispensable design information that can make a tightly secured database faster and easier to use, this book is essential reading for both administrators and developers of databases. The authors explain just how much more is possible in the task of protecting corporate information by properly designing, managing, and maintaining security at the database level. From this book you will: Learn the ins and outs of SQL Server 2000 Security design Understand the implementation differences between SQL Server Authentication and Windows Authentication Understand the security options in SQL Server 2000 for Internet applications Integrate the security of Windows 2000 (Kerberos) into your SQL Server deployment Master the security requirements for distributed data environments, such as DTS, replication, linked servers, and data warehousing
Learn effective and scalable database design techniques in a SQL Server environment. Pro SQL Server 2008 Relational Database Design and Implementation covers everything from design logic that business users will understand, all the way to the physical implementation of the design in a SQL Server database. Grounded in best practices and a solid understanding of the underlying theory, authors Louis Davidson, Kevin Kline, Scott Klein, and Kurt Windisch show how to 'get it right' in SQL Server database design and lay a solid groundwork for the future use of valuable business data. Solid foundation in best practices and relational theory Maximize SQL Server features to enhance security, performance, scalability Thorough treatment from conceptual design to an effective, physical implementation
Author: Robert Vieira
Publisher: John Wiley & Sons
Release Date: 2010-09-29
This book is written for SQL Server 2008. However, it does maintain roots going back a few versions and looks out for backward compatibility issues with SQL Server 2005 and SQL Server 2000. These versions are old enough that there is little to no time spent on them except in passing. The book is oriented around developing on SQL server. Most of the concepts are agnostic to what client language you use although the examples that leverage a client language general do so in C#. For those who are migrating from early versions of SQL Server, some “gotchas” that exist any time a product has versions are discussed to the extent that they seem to be a genuinely relevant issue. This book assumes that you have some experience with SQL Server and are at an intermediate to advanced level. The orientation of the book is highly developer focused. While there is a quick reference-oriented appendix, there is very little coverage given to beginner level topics. It is assumed that you already have experience with data manipulation language (DML) statements and know the basics of the mainstream SQL Server objects (views, stored procedures, user defined functions, etc.). If you would like to brush up on your knowledge before diving into this book, the author recommends reading Beginning SQL Server 2008 Programming first. There is very little overlap between the Beginning and Professional books and they are designed to work as a pair.