Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 : Designing Windows Server-Level Security Processes

Published byJocelin Spencer Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 5 : Designing Windows Server-Level Security Processes"— Presentation transcript:

1 Chapter 5 : Designing Windows Server-Level Security Processes
MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) Chapter 5 : Designing Windows Server-Level Security Processes

2 Windows Level Security
Security for SQL Server instances on the Windows host Outside the instance Includes SQL Server 2005 subsystems © Wiley Inc All Rights Reserved.

3 Password Policy For SQL Authenticated Logins
Three new options for 2005 Enforce password policy Enforce password expiration Force user to change password at next login The first two options require Windows Server 2003 or newer © Wiley Inc All Rights Reserved.

4 Password Policy – cont’d
Password policy has requires 3 of 4 of the following in the password Upper case letters Lower case letters BASE 10 numbers Non alphanumeric characters Best practices All the options © Wiley Inc All Rights Reserved.

5 Encryption Policy SQL Server 2000 had ENCRYPT()
SQL Server 2005 includes many new functions and capabilities, including key management Based on encryption hierarchy © Wiley Inc All Rights Reserved.

6 Encryption Hierarchy Service Master key created when instance installed. Used to encrypt master key for each database Database Master Key Manually created in each database Can be secured by Service Master (recommended) © Wiley Inc All Rights Reserved.

7 Encryption Keys Symmetric Keys Faster to encrypt and decrypt
Same key used to encrypt and decrypt Choice of multiple algorithms Specify encryption mechanism to secure the key when created Can be secured by password or another key © Wiley Inc All Rights Reserved.

8 Encryption Keys Asymmetric Keys
Uses a key pair (public and private key) Slower to encrypt/decrypt Multiple algorithms available Usually used to secure symmetric keys © Wiley Inc All Rights Reserved.

9 Encryption Keys Certificates Performance Issues
A type of asymmetric key Can expire, useful for limited time access Can be revoked to remove access Performance Issues Use symmetric keys to encrypt data and asymmetric keys to encrypt symmetric keys for optimum performance/security balance © Wiley Inc All Rights Reserved.

10 Encryption Policy Choose algorithms to be used
Choose longest keys you can within performance requirements Ensure keys are protected and escrowed for security © Wiley Inc All Rights Reserved.

11 Service Accounts SQL Server 2005 has ten services available SQL Server
SQL Agent Analysis Server Report Server Notification Services Integration Services Full-Text Search SQL Server Browser SQL Server Active Directory Helper SQL Writer © Wiley Inc All Rights Reserved.

12 Service Accounts – cont’d
Not all services are instance aware Each has a default group created when it is installed for permissions. Use SQL Configuration Manager to ensure correct permissions assignment © Wiley Inc All Rights Reserved.

13 Service Accounts – cont’d
Choosing Service Accounts Local System Local Service Network Service Domain User If a domain user, should not be an administrator © Wiley Inc All Rights Reserved.

14 Anti-Virus Software Can co-exist with SQL Server
Exclude database files, backup files, log files, other files that are written to by SQL Server services © Wiley Inc All Rights Reserved.

15 Service Modes Enable only those services being used
Set mode to Automatic if running Set to Disabled if the service will not be used © Wiley Inc All Rights Reserved.

16 Server Firewalls Useful as another layer of security
Enable those ports that are needed for the services running Set standards for those services using non-standard ports © Wiley Inc All Rights Reserved.

17 Physical Security Physical security is important for database servers
Ensure backup tapes and any copies of data are physically secured as well © Wiley Inc All Rights Reserved.

18 Summary The security outside of SQL Server is important
Follow best practices and only run those services needed Enable strong password policy Choose a strong encryption policy © Wiley Inc All Rights Reserved.

Download ppt "Chapter 5 : Designing Windows Server-Level Security Processes"

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
15.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 19 Security.

Chapter 19 Security.
X2O Server Installation

X2O Server Installation
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Similar presentations

Ads by Google