Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing and Administering the Data

Published byDennis Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing and Administering the Data"— Presentation transcript:

1 Securing and Administering the Data
SQL Security Securing and Administering the Data

2 Objectives Basic concepts of SQL Server Security
Understand the security architecture of SQL Server Authentication modes Database components Manage logins, users and roles Manage permissions Control access with database objects and ownership chains Audit SQL Server Every user that connects to SQL Server must have a valid login id, and that login id must be registered with SQL Server.

3 SQL Server Administrator’s Duties
Install and configure SQL Server Plan and create databases Back up the databases Restore the databases when necessary Set up and manage users for SQL Server Manage security for new users and existing users Import and export data Set up and manage tasks, alerts, and operators Manage the replication environment Tune the SQL Server system for the optimal performance Troubleshoot any SQL Server problems

4 Security Architecture
A Securable is a resource that someone might want to access (like the Financial Folder). A Principal is anything that might want to gain access to the securable (like Tom). Principals can be given permissions to access an object, such as tables or views in the database. Principals can exist at 3 levels: Windows (Local User accounts, Domain user accounts, Windows Group) SQL Server (SQL Server Login, SQL Server Role) Database (Database User, Database Role, Application Role) A Permission is the level of access a principal has to a securable (like Read). The Securable can be the entire SQL Server itself. The Principal is a user named either Tom, Murray or Sara. The Permission(s) will either be ‘Control Server’ or ‘Alter Any Database’.

5 Security Architecture
Securables are objects that are accessed by the principals. For example, a database or database object or service. Similar to principals, securables also exists at different levels: Windows Level (consist of files and registry keys that the SQL Server uses) SQL Server Level (with nested hierarchies called scope) Server Scope (logins, database and end points) Database Scope (database users, roles, application roles, assemblies, full text catalogs, schemas and DDL events (which are created at the database level) Schema Scope (tables, views, functions, procedures and types)

6 Security Architecture
You can allow or disallow principals to access the securables by setting permissions. Permissions govern the level of access that principals have on securables. Depending the role different users can perform different actions on the database.

7 Security Architecture
Authentication First stage of security Identifies users based on login information they provide Only verifies that users can connect to a SQL Server instance Does not provide access to databases and their objects Authorization Second stage of security Occurs when database permissions are checked to determine which actions a particular user can perform within a database

8 Security Architecture
Logins provide access to an instance and are, in turn, mapped to database users to provide access to various databases housed within the instance Clients (users/applications) connect to SQL Server by having a login that SQL Server can authenticate. SQL Server Login Windows Login SQL Server logins consist of a login name and password that are actually stored in the SQL Server Database.

9 Security Architecture

10 Security Authentication Modes
Windows Authentication Mode The user logs on to a Windows domain; the user name and password are verified by Windows The user then opens a trusted connection with SQL Server (Password Encryption) Since this is a trusted connection, SQL does not need to verify the user password Mixed Mode (SQL Server and Windows) The user logs on to their network, Windows or otherwise Next, the user opens a non-trusted connection to SQL Server using a separate user name and password The user name and password should be verified by SQL Server

11 Windows Authentication Mode
When using Windows authentication, SQL Server calls out to the Windows domain to validate the account When a user tries to connect to an instance of SQL Server without specifying a user name or password, Windows Authentication Mode is used If the Windows credentials of the user are flagged as a valid login for a SQL Server, then the user is allowed to connect to the instance

12 Security Authentication Modes
With Windows authentication SQL Server relies on the Windows Server to provide the Logon security. Network security attributes are validated thru an encryption process. Because SQL Server Login and windows logon security processes are integrated, no further authentication methods are required to access when you are authenticated by the OS. It is a better security method because of additional security features: Secure validation and encryption of password Auditing Password expiration Minimum password length Automated account locked after a number of unsuccessful logon attempts

13 Windows Authentication Mode
Along with limiting administration of a user to a single location (within a Windows domain), Windows authentication provides the following benefits: Secure validation of credentials through Windows and encryption of passwords passed over the network Windows password requirements Automatic locking out of accounts that repeatedly fail to connect Native auditing capabilities of Windows accounts

14 Mixed Authentication Mode
In Mixed Authentication Mode, either a Windows-based account or a SQL Server- based login can be used to connect to an instance Mixed Authentication Mode is provided for backward compatibility with older applications designed to utilize SQL Server-based logins Mixed Authentication Mode is also necessary for situations where users connecting to an instance of SQL Server do not have a Windows domain account

15 Mixed Authentication Mode
With Mixed Mode authentication, users can access SQL Server by using either authentication modes. Web Applications require SQL Server authentication because users of these applications are most likely not with in the same domain as the server and thus can not rely on Windows security. By default SQL Serer authentication uses encrypted communication process, implemented by self signed certificate to encrypt username/password packet. Capability of integrating the password policy from windows and applying it to SQL Server Logins for example password expiration and automated account lockout after a number of unsuccessful logon attempts.

16 Changing Authentication Mode
Once an authentication mode is specified for a SQL Server 2000 instance, it can be modified easily through Enterprise Manager

17 Logins Authentication is implemented using logins in SQL Server Logins
SQL Server object that provides connection access to an instance of SQL Server (authentication) Logins can be based on Windows users and groups defined natively in SQL Server Once a login has access to a particular SQL Server, the user may perform server- level tasks or database-level tasks.

18 Create A Standard Login
Open Management Studio and expand your server Expand Security and then click Logins Right-click Logins and select New Login from the context menu In the Logic name box, type “SQLClass_User” Select SQL Server Authentication mode In the Password text box, type a complex string and confirm it Uncheck “User must change password at next login” Under Default database, select your target database as the default database Click the OK button

19

20 Managing Logins with T-SQL
Windows-based logins The sp_grantlogin system-stored procedure is used to add Windows users and groups to a SQL Server instance The sp_denylogin system-stored procedure is used to deny access to a particular Windows user or group, without removing its SQL Server login entries The sp_revokelogin system-stored procedure is used to remove a login for a Windows user or group

21 Managing Logins with T-SQL
SQL Server-based logins The system-stored procedures used to add and remove logins for SQL Server authentication are: The sp_addlogin system-stored procedure The sp_droplogin system-stored procedure EXEC sp_addlogin 'Albert', ‘SQLCLass_DB', 'corporate'; GO

22 Other Stored Procedures for working with Logins
As seen in the Enterprise Manager interface for creating new logins, both a default database and default language can be set for each new or existing login The sp_defaultdb and sp_defaultlanguage stored procedures are used to specify a default database and language for a login Stored procedure Description sp_grantlogin Adds a Windows user or group. sp_password Changes the password of a user. sp_defaultdb Changes the default database of a user. sp_defaultlanguage Changes the default language of a user.

23 Database Schema A schema is a logical collection of objects that form a unique namespace. In SQL Server schema and users are decoupled. By assigning the ownership of a schema to a role, multiple users can own a schema. If a user is deleted, the ownership of an object is not required to be changed. Dropping users is simplified. Multiple users can share the same schema, providing uniform name resolution of objects among users. Fully qualified name with be: server.database.schema.object

24 Database Users Database users
Individual accounts stored within each database that control access to database objects through permissions Database users are mapped to Windows users, Windows groups and SQL Server logins

25 Roles Roles Allow you to group database users (and even logins) who perform similar functions and to apply permissions for the group instead of the individual users Allow both Windows and SQL Server logins to be grouped together, which eases administration in diverse network environments In addition to database users and roles, there is also a concept application roles, which contain sets of privileges that an application can switch to after logging in. To gain access to database objects, every login must be mapped either to a database user or to an application role.

26 Fixed Server Roles Fixed Server Roles
Associated with Windows and SQL Server logins defined for an instance Used to provide special permissions, like configuring instance-wide settings and creating databases that cannot be explicitly provided to individual logins

27 Fixed Server Roles Fixed Server Role Description Sysadmin
Allowed to perform any action in SQL Server Serveradmin Allowed to configure instance-wide settings and shut down the instance Setupadmin Allowed to manage linked servers and startup procedures Securityadmin Allowed to manage logins and provide CREATE DATABASE permissions to them, read error logs, and change passwords Processadmin Allowed to manage running processes in SQL Server Dbcreator Allowed to create, modify, and delete databases Diskadmin Allowed to manage disk files Bulkadmin Allowed to use the BULD INSERT statement to perform mass imports of data

28 Fixed Server Roles The sysadmin role is the most important of all the server roles. Quite simply, if a login is a member of this role, it can do anything within the SQL Server. Moreover, it bypasses all security checks. So even if you are able to set up a scenario that should block a login from doing something, by nature of the login being a member of this role, it will ignore that restriction. As a result, membership in this role should be carefully controlled. In typical production environments you would only see DBAs being a member of this role. In very strict environments, you'll even see it restricted so that only particular DBAs within an organization have this level of access. This role can do anything within SQL Server. This role completely bypasses all security checks. This role can do everything any other role can do and more. This is the most powerful role in SQL Server. Limit its access to only those who absolutely need it.

29 Fixed Server Roles The dbcreator role allows a login the ability to create databases. Again, this is typically not something a normal user is a member of. In environments where you might have junior DBAs who aren't given full sysadmin rights, this is typically one of the roles which are used. This role allows creation of databases within SQL Server. This is another role that should be rarely used. It is an ideal role for a junior DBA to give him/her some control over SQL Server, but not the level of permission sysadmin grants. Some applications will need to be a member of this role if they "roll over" databases as part of their operations.

30 Fixed Server Roles The processadmin server role has the ability to alter any connection. That basically means it can disconnect folks from SQL Server. Because it doesn't have much more than this capability, it's also a server role that's typically not used. However, because it can terminate a connection to SQL Server, it's a powerful server role. Therefore, if you do use it, make sure the logins which are members of this role are trustworthy. Someone with this role could effectively create a denial of service attack on your SQL Server by terminating connections as they come in. This is a powerful role because it can kill connections to SQL Server. This is another role that should be rarely used. I have never seen this role used in practice because typically if connections are to be killed off, you want a fully trained DBA handling this, who are typically members of the sysadmin role.

31 Fixed Server Roles The securityadmin role controls security for the SQL Server... to a point. This role allows a login to manage logins to SQL Server as far as granting/revoking, enabling/disabling, and determining what databases logins have access to. But once you cross that database boundary, a login without additional rights on the specific database can't manage permissions within the database. However, due to the fact that it can manage logins, it is a powerful role. I should also point out that a member of securityadmin can manage the other server roles with the exception of the sysadmin role. Therefore, membership in this role should be carefully controlled. This is another role you might see be given to junior DBAs where sysadmin rights aren't appropriate. This role controls logins for SQL Server. This role can grant access to databases within SQL Server. This role, by itself, cannot define any further security within a database. This is another good role for junior DBAs when sysadmin is too much. Because it is a security related role, membership in it should be carefully restricted, especially in production.

32 Fixed Server Roles A member of serveradmin can control the SQL Server configuration and even shutdown SQL Server by issuing the SHUTDOWN command if connected. Because of this, you should rarely see anyone be a member of this role. Typically DBAs control SQL Server configuration and they are usually in the sysadmin fixed server role, which already has such permissions. There are occasions where you might want junior DBAs to have this level of access, but typically you want your SQL Server configurations standardized and changed rarely, and even then, only intentionally. So you'd typically see senior DBAs with such access. This role manages the SQL Server configuration. This is another role I've not seen used in practice very much because typically you want DBAs who are members of sysadmin handing configuration. This is possibly a role you would hand to a junior DBA, but I wouldn't, especially on a production system.

33 Fixed Database Roles There are several predefined roles in each database that provide sets of permissions for the database users who belongs to them

34 Fixed Database Roles Fixed Database Role Description db_owner
Allowed to perform all of the operations permitted to the other roles, as well as activities to maintain and configure the database db_accessadmin Allowed to manage database users mapped from Windows users, Windows Groups, and SQL Server Logins db_datareader Allowed to see (read access) all data in all of the user-defined tables in a database db_datawriter Allowed to insert, update, and delete data from all user-defined tables db_ddladmin Allowed to create, modify, and remove all database objects, like tables and views db_securityadmin Allowed to manage roles and role membership, as well as to apply permissions to database users and roles db_backupoperator Allowed to back up the database db_denydatereader Not allowed to view data in the database db-denydatawriter Not allowed to modify data in the database public The default role of which every database user is a member. If a user does not have permission to access an object like a table, then the permissions of the public role are checked as last resort

35 Creating a Database User Account
Open Management Studio and expand your server Expand Databases by clicking the plus sign next to the icon Expand the target database, then expand Security Right-click the Users icon and from the context menu, select New User Input a User name Click the button at the right of Login name box, then browse all the available names Select the target name (SQLClass_User, the one you just created) Click OK

36 Implementing Security
When you log into a fresh SQL Server installation, SQL Server security can seem invisible. When you sue the sa login, or use a trusted connection and your windows login belongs to that severs administrators group, you can immediately access all the databases and their objects (tables, views and stored procedures). Privileged logins automatically map to the dbo of every database. Any login with system administrator rights can immediately see all the database objects of every database in the server. Therefore, implementing SQL Server security consists of using logins other than the following: sa Windows server login with local administrator rights In the above cases you are bypassing the SQL Server security

37 Implementing Security
SA Login SQL Server comes preinstalled with one SQL Server login, sa, short for System Administrator. The sa login automatically has administrative rights over the entire SQL Server and its databases. Every SQL Server login requires a password. In the case of sa, it is recommended not to set it to blank (or no password at all)

38

39 DBO and the Guest Database User
Every database in an instance of SQL Server 2000 can have two special users: Database owner Special user that has permissions to perform all database activities Guest user Special account that allows database access to a login without a mapped database user

40 Object Permissions The three types of permissions that can be used to control user access within a database: Object permissions Allow access/modification to data as well as execution of stored procedures and user-defined functions Statement permissions Allow access to certain object-creation T-SQL statements like CREATE DATABASE and CREATE TABLE Implied permissions Permissions only available through predefined roles

41 Object Permissions Object permissions
Allow users to work with objects and they can be granted to users or roles for database objects Allow users to insert, update, delete and select data from tables and views

42 Object Permissions Statement permissions
Used to allow users to create databases and database objects Access to the following statements are controlled through the statement permissions CREATE DATABASE BACKUP DATABASE BACKUP LOG CREATE TABLE

43 Object Permissions Implied permissions
Special privileges that are provided through membership to a user-defined role These are often permissions that cannot be explicitly provided to individual users

44 Granting, Revoking and Denying Rights
Permissions within databases are hierarchical and, consequently, are inherited through group and role membership Since a database role can contain users, groups and other roles, permissions could be applied to a high-level role and all of the users and groups associated with that role would receive the rights assigned to it Both statement and object permissions can be assigned to users, groups and roles within a database Each permission can be granted, denied or revoked When a permission is granted to a user, the user is able to perform the operation in the database

45 Granting, Revoking and Denying Rights
The GRANT keyword is a DCL statement that creates permissions on a securable and grants these permissions to a principal. With the GRANT keyword, you can tell the SQL Server (securable) to allow the ‘Alter Any Database’ (permission level) to Murray (principal), while also allowing the ‘Control Server’ (permission level) to Murray and Sara (principal). With the DENY keyword, you can tell the SQL Server to explicitly deny the ‘Alter Any Database’ to Sara, without affecting any of the permissions already given to Murray. However; this action will prevent Sara from having the ability to modify or create any databases on the SQL Server securable. The REVOKE keyword will simply remove an existing GRANT or DENY permission from the SQL Server access list.

46 Granting, Revoking and Denying Rights
Open Management Studio, expand your server and Databases, then select the target database Expand the database, then expand Security and Users Double-Click the target user, and select the Securables page from the dialog window In Securables section, click Search, and in the Add Objects window click OK In the Select Objects window, click Object Types, then check Tables and click OK Browse available table and check the target table, then click OK If necessary, define more detailed permissions on the target table Click OK to return to Enterprise Manager

47

48 Resolving Permission Conflicts
SQL Server always applies deny permissions first when evaluating a particular action for authorization Denied permissions always take precedence over conflicting granted permissions at the user or role level When permissions are revoked, SQL Server simply removes the previous granted or denied permission

49 Implementing Security through Database Objects
Securing data with views Views can be defined to provide either a filtered set of table columns or a limited set of data rows from underlying tables A common use of a view is to create a special representation of a table that does not contain certain sensitive information Securing data with stored procedures and user-defined functions Stored procedures and user-defined functions allow sets of T-SQL statements to be stored and executed as a single unit They are typically used to enforce business rules or perform logic

50 Implementing Security through Database Objects
Controlling access with triggers Triggers are similar to stored procedures in that they contain saved groups of T-SQL statements However, triggers are not called directly, so permissions cannot be granted directly to use them They are controlled by insert, update and delete permissions on the table with which they are defined

51 Summary The upshot is that to gain access to a database, every login must have some explicit or implect mapping to a database user application role in the database SQL Server has a flexible and scalable security architecture capable of supporting the full spectrum of requirements from 10 users to 10,000 users Validating user activity is implemented as a two-part process consisting of authentication and authorization Logins require a separate database user account in each database to gain access Objects and statement permissions are assigned at the database level to users Roles are an organizational unit in databases that allows users to be grouped together and share a set of permissions SQL Server is capable of meeting rigorous C2 certification standards for security and auditing

Download ppt "Securing and Administering the Data"

Similar presentations

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Mike Fal - www.mikefal.net SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.

Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

Similar presentations

Ads by Google