Digital Signing Demo

This post demonstrates the use of a digital signing function to ensure data within a table is unaltered outside a given set of stored procs. To understand how these and other crytographic functions can be employed to improve the security of database applications, please review this post. The first step in the demonstration is to create an empty database within…

3

Cryptographic Function Demo

This post demonstrates the use of a cryptographic function encrypt data within a table. To understand how the crytographic functions can be employed to improve the security of database applications, please review this post. The first step in the demonstration is to create an empty database within which sensitive data will be housed: USE master;GO IF EXISTS (SELECT…

2

Encrypt the Data

SQL Server supports the encryption of data through a number of mechanisms.  These include: Cryptographic functions for the encryption and signing of individual values, The Transparent Data Encryption (TDE) feature through which the data and log files associated with a database are encrypted, and Support for SSL and IPSec to encrypt data as it is…

0

Module Signing Demo

This post demonstrates the use of module signing to provide controlled access to objects to which a user otherwise does not have permissions. To understand how module signing can be employed to improve the security of database applications, please review this post The first step in the demonstration is to create an empty database.  In…

0

Context Switching Demo

This post demonstrates the use of context switching to provide controlled access to objects to which a user otherwise does not have permissions. To understand how context switching can be employed to improve the security of database applications, please review this post The first step in the demonstration is to create an empty database.  In…

0

Ownership Chain Demo

This post demonstrates the use of ownership chains to provide controlled access to objects to which a user otherwise does not have permissions. To understand how ownership chains can be employed to improve the security of database applications, please review this post. The first step in the demonstration is to create an empty database.  In…

0

Application-Specific Endpoint Demo

This post demonstrates the use of endpoints to secure application connectivity to an instance of SQL Server. The first step in the demonstration is to create two logins to test the functionality of the endpoints.  In the code below, I’m using local user accounts on a machine named MyServer.  You’ll need to create these accounts…

0

Assign Minimal Permissions

Users should be permitted to perform just those operations required within the context of an application and nothing more. Restricting user permissions in this manner limits the potential for inappropriate data access and database actions. With this in mind, the fixed server- and database-level roles are seldom appropriate for application users as membership in these roles…

0

Secure the Authentication Process

SQL Server supports two authentication mechanisms: Windows authentication and SQL Server (SQL) authentication.  With Windows authentication, SQL Server simply validates a user’s Windows identity with an identity management solution such as Active Directory.  With SQL authentication, SQL Server generates, stores, and manages instance-specific user name and password information.  While SQL Server can be configured to…

0

Harden the Database Server

Reducing the database server’s exposure to attacks (hardening) is a pretty big task. The physical security of the server along with that of the infrastructure on which it depends must be considered.  Then there’s the network and the operating system on which the database server runs and then the practices and procedures that prevent folks from inadvertently (or purposefully)…

0