Chapter 5 : Designing Windows Server-Level Security Processes

Slides:



Advertisements
Similar presentations
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Advertisements

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.
15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 19 Security.
X2O Server Installation
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Week #7 Objectives: Secure Windows 7 Desktop
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
McGraw-Hill/Irwin The Interactive Computing Series © 2002 The McGraw-Hill Companies, Inc. All rights reserved. Microsoft Access 2002 Using Access Tools.
1 Chapter Overview Planning to Install SQL Server 2000 Deciding SQL Server 2000 Setup Configuration Options Running the SQL Server 2000 Setup Program Using.
Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Creating and Managing Digital Certificates Chapter Eleven.
Privilege Management Chapter 22.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
SQL Server Encryption Ben Miller Blog:
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
ArcGIS for Server Security: Advanced
Chapter 6 Application Hardening
Chapter One: Mastering the Basics of Security
Module Overview Installing and Configuring a Network Policy Server
Configuring Windows Firewall with Advanced Security
Configuring and Troubleshooting Routing and Remote Access
Jim Fawcett CSE686 – Internet Programming Summer 2005
Introduction to SQL Server 2000 Security
Common Security Mistakes
Designing Database Solutions for SQL Server
Utilize Group Policy Terminal Server Settings
Operating System Security
Install AD Certificate Services
PLANNING A SECURE BASELINE INSTALLATION
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Chapter 5 : Designing Windows Server-Level Security Processes MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) Chapter 5 : Designing Windows Server-Level Security Processes

Windows Level Security Security for SQL Server instances on the Windows host Outside the instance Includes SQL Server 2005 subsystems © Wiley Inc. 2006. All Rights Reserved.

Password Policy For SQL Authenticated Logins Three new options for 2005 Enforce password policy Enforce password expiration Force user to change password at next login The first two options require Windows Server 2003 or newer © Wiley Inc. 2006. All Rights Reserved.

Password Policy – cont’d Password policy has requires 3 of 4 of the following in the password Upper case letters Lower case letters BASE 10 numbers Non alphanumeric characters Best practices All the options © Wiley Inc. 2006. All Rights Reserved.

Encryption Policy SQL Server 2000 had ENCRYPT() SQL Server 2005 includes many new functions and capabilities, including key management Based on encryption hierarchy © Wiley Inc. 2006. All Rights Reserved.

Encryption Hierarchy Service Master key created when instance installed. Used to encrypt master key for each database Database Master Key Manually created in each database Can be secured by Service Master (recommended) © Wiley Inc. 2006. All Rights Reserved.

Encryption Keys Symmetric Keys Faster to encrypt and decrypt Same key used to encrypt and decrypt Choice of multiple algorithms Specify encryption mechanism to secure the key when created Can be secured by password or another key © Wiley Inc. 2006. All Rights Reserved.

Encryption Keys Asymmetric Keys Uses a key pair (public and private key) Slower to encrypt/decrypt Multiple algorithms available Usually used to secure symmetric keys © Wiley Inc. 2006. All Rights Reserved.

Encryption Keys Certificates Performance Issues A type of asymmetric key Can expire, useful for limited time access Can be revoked to remove access Performance Issues Use symmetric keys to encrypt data and asymmetric keys to encrypt symmetric keys for optimum performance/security balance © Wiley Inc. 2006. All Rights Reserved.

Encryption Policy Choose algorithms to be used Choose longest keys you can within performance requirements Ensure keys are protected and escrowed for security © Wiley Inc. 2006. All Rights Reserved.

Service Accounts SQL Server 2005 has ten services available SQL Server SQL Agent Analysis Server Report Server Notification Services Integration Services Full-Text Search SQL Server Browser SQL Server Active Directory Helper SQL Writer © Wiley Inc. 2006. All Rights Reserved.

Service Accounts – cont’d Not all services are instance aware Each has a default group created when it is installed for permissions. Use SQL Configuration Manager to ensure correct permissions assignment © Wiley Inc. 2006. All Rights Reserved.

Service Accounts – cont’d Choosing Service Accounts Local System Local Service Network Service Domain User If a domain user, should not be an administrator © Wiley Inc. 2006. All Rights Reserved.

Anti-Virus Software Can co-exist with SQL Server Exclude database files, backup files, log files, other files that are written to by SQL Server services © Wiley Inc. 2006. All Rights Reserved.

Service Modes Enable only those services being used Set mode to Automatic if running Set to Disabled if the service will not be used © Wiley Inc. 2006. All Rights Reserved.

Server Firewalls Useful as another layer of security Enable those ports that are needed for the services running Set standards for those services using non-standard ports © Wiley Inc. 2006. All Rights Reserved.

Physical Security Physical security is important for database servers Ensure backup tapes and any copies of data are physically secured as well © Wiley Inc. 2006. All Rights Reserved.

Summary The security outside of SQL Server is important Follow best practices and only run those services needed Enable strong password policy Choose a strong encryption policy © Wiley Inc. 2006. All Rights Reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.