Home / IT Books / Microsoft SQL Server 2012 Security Cookbook

Microsoft SQL Server 2012 Security Cookbook

Read Books Online Microsoft SQL Server 2012 Security Cookbook

The art of SQL injection is complex. Attackers are imaginative and it is very difficult to build a 100 percent effective protection against them. If injection is a real issue for your company, the solution might be to invest in a SQL firewall or a Web Application Firewall (WAF). A SQL firewall sits between the client and the SQL Server, and monitors all SQL queries to intercept injection attempts based on suspicious patterns found in the SQL code.

Chapter 1: Securing Your Server and Network
Choosing an account for running SQL Server
Managing service SIDs
Using a managed service account
Using a virtual service account
Encrypting the session with SSL
Configuring a firewall for SQL Server access
Disabling SQL Server Browser
Stopping unused services
Using Kerberos for authentication
Using extended protection to prevent authentication relay attacks
Using transparent database encryption
Securing linked server access
Configuring endpoint security
Limiting functionalities – xp_cmdshell and OPENROWSET
Chapter 2: User Authentication, Authorization, and Security
Choosing between Windows and SQL authentication
Creating logins
Protecting your server against brute-force attacks
Limiting administrative permissions of the SA account
Using fixed server roles
Giving granular server privileges
Creating and using user-defined server roles
Creating database users and mapping them to logins
Preventing logins and users to see metadata
Creating a contained database
Correcting user to login mapping errors on restored databases
Chapter 3: Protecting the Data
Understanding permissions
Assigning column-level permissions
Creating and using database roles
Creating and using application roles
Using schemas for security
Managing object ownership
Protecting data through views and stored procedures
Configuring cross-database security
Managing execution-plan visibility
Using EXECUTE AS to change the user context
Chapter 4: Code and Data Encryption
Using service and database master keys
Creating and using symmetric encryption keys
Creating and using asymmetric keys
Creating and using certificates
Encrypting data with symmetric keys
Encrypting data with asymmetric keys and certificates
Creating and storing hash values
Signing your data
Authenticating stored procedure by signature
Using module signatures to replace cross-database ownership chaining
Encrypting SQL code objects
Chapter 5: Fighting Attacks and Injection
Defining Code Access Security for .NET modules
Protecting SQL Server against Denial of Service
Protecting SQL Server against SQL injection
Securing dynamic SQL from injections
Using a SQL firewall or Web Application Firewall
Chapter 6: Securing Tools and High Availability
Choosing the right account for SQL Agent
Allowing users to create and run their own SQL Agent jobs
Creating SQL Agent proxies
Setting up transport security for Service Broker
Setting up dialog security for Service Broker
Securing replication
Securing SQL Server Database Mirroring and AlwaysOn
Chapter 7: Auditing
Using the profiler to audit SQL Server access
Using DML trigger for auditing data modification
Using DDL triggers for auditing structure modification
Configuring SQL Server auditing
Auditing and tracing user-configurable events
Configuring and using Common Criteria Compliance
Using System Center Advisor to analyze your instances
Using the SQL Server Best Practice Analyzer
Using Policy Based Management
Chapter 8: Securing Business Intelligence
Configuring Analysis Services access
Managing Analysis Services HTTP client authentication
Securing Analysis Services access to SQL Server
Using Role-Based Security in Analysis Services
Securing Reporting Services Server
Managing permissions in Reporting Services with roles
Defining access to data sources in reporting services
Managing Integration Services password encryption

Microsoft SQL Server 2012 Security Cookbook


Top books

About huydam

Check Also

[UWP] The program could not build Windows Universal Samples

If you get this error like this: “Type universe cannot resolve assembly: System.Runtime, Version=4.0.0.0, Culture=neutral, …

Leave a Reply

Your email address will not be published. Required fields are marked *