Security and Encryption in SQL Server 2012 and 2014
Learn how to secure SQL Server: Access, authentication, permissions, SQL injections, encryption and much more.
What you'll learn
Security in SQL Server is often overlooked. Companies tend to concentrate on availability and performance, but a database system often stores virtually all of a company's valuable and confidential data. So what happens if this data is stolen? In this course, we will cover all areas you need to protect to effectively secure SQL Server. It means system and network protection, user authentication, permissions on the objects and data, and data encryption. We will also use some penetration testing frameworks to show you how attacks are performed against SQL Server through various types of exploits, including SQL injection. The course is focused on SQL Server 2012 and 2014, but most of the information applies to all versions from SQL Server 2005 onward.
Table of contents
- Module Introduction and System Account 6m
- Other System Accounts 8m
- Surface Area Configuration 8m
- Opening Ports on Windows Firewall With the GUI 3m
- Opening Ports on Windows Firewall by Script 8m
- Enabling TCP on an Instance by Script 6m
- Hiding an Instance in SQL Server Browser 3m
- Fixing a TCP Port for an Instance 5m
- Encrypting the Connection Between Client and Server Using SSL 9m
- Using Extended Protection Against Authentication Relay Attacks 4m
- Conclusion 2m
- Introduction, Permissions 1m
- Principals, Roles, Owners, ... 3m
- What are Securables and How to Assign Permissions 4m
- Fixed Server Roles 2m
- Demo: Fixed Server Roles 8m
- Demo: Server Permissions 8m
- Demo: User-defined Server Roles 7m
- Demo: Setting Permissions 8m
- System Database Users 3m
- Database Roles 2m
- Demo: Mapping Windows Groups to Database Users 4m
- Summary 2m
- Introduction, What are SQL Injections? 3m
- Demo: Basic SQL Injection Techniques 7m
- The Different Types of Injections 6m
- Some SQL Injection Tools 2m
- Installing and Using SQLMap 8m
- Demo: Using SQLMap to Perform Injection Against our Server 6m
- How to Prevent Injection 8m
- Detecting Common Injection Patterns 6m
- Demo: Avoiding Dynamic SQL 7m
- Ownership Chaining 6m
- Summary 4m
- Introduction 1m
- Encryption Keys: Symmetric and Asymmetric Encryption 8m
- Service and Database Master Keys 6m
- Demo: Database Master Key 5m
- Transparent Data Encryption 7m
- Demo: Encrypted Backup in SQL Server 2014 3m
- Demo: Encrypting Data Using a Symmetric Key 7m
- Demo: Using Asymmetric Keys 3m
- Demo: Using Certificates 10m
- Demo: Encrypting Data With Authenticators 7m
- Non-reversible Encryption With Hashing 4m
- Summary 2m
About the author
Rudi Bruchez is a freelance consultant and trainer based in Paris, France. He has more than 15 years of experience with SQL Server and started to venture into NoSQL territories. He worked first as a developer and started as a DBA in 2001, in Switzerland at MSC (Mediterranean Shipping Company). He moved to France in 2005 and is working freelance since 2006. He provides consulting, administration, audits and training. As SQL Server evolves into a more complex solution, he tries to make sure that d... more