My picture album
My code library
Search my site
SQL Server Articles New
Database encryption for SQL Server and MSDE:
NEW!!! Subscribe to my
|Want to keep in touch with the
latest in SQL Server world? Email firstname.lastname@example.org with
'subscribe' in the subject line
Click here for more information or to buy this book from:
||SQL Server Security Distilled
This book review is divided into the following sections:
What this book covers?
SQL Server Security Distilled
- An in-depth look at SQL
- For SQL Server
- Covers versions 6.5, 7.0,
Securing SQL Server is one of
the most important responsibilities of the SQL Server
professional. Ensuring your data is safe requires a combination
of good systems and database administration, and intelligent
application design - weaving a security plan that matches the
capabilities and vulnerabilities of each contributing part.
But at its root, security is concerned with controlling access -
authenticating who can access the data on the server, authorizing
what users can do with that data, and securing data as it is
transported. These core topics are the focus of this book.
SQL Server Security Distilled shows you:
- What you can do to secure
data in SQL Server
- How SQL Server handles
authentication and authorization in different versions
- How SQL Server security
integrates with Windows security
- The security pros and cons
of different transport protocols
- Ways to tailor SQL Server
security to different applications, including
client-server and Web applications
- How to secure DTS packages
- The implications of
different types of replication for security
- The security features of
SQL Server CE and its server-side agents
My review of this book:
At last!!! Yes, at last, we have a book dedicated to SQL Server security. It's been a long due, and finally Morris Lewis filled the gap by coming up with this new book "SQL Server Security Distilled", which purely focuses on all things SQL Server security. Thanks to Curlingstone Publishing, I had a chance to review this book.
It is a very concise, yet comprehensive book on SQL Server security (hardly 300 pages). Good thing about this book is, it covers SQL Server security in all three major versions of SQL Server, that can be found in production environments, SQL Server 6.5, 7.0 and 2000. Very nice to see SQL Server security guru like Chip Andrews on the list of technical reviewers of this book.
Had a chance to glance through all the chapters of this book and am impressed with the quality of the information and the depth at which topics are covered. Author often refers to undocumented registry locations, where appropriate. It is a useful book for SQL Server database administrators at all levels. If you are a senior DBA, it serves you as a security reference. Junior to intermediate level SQL Server DBAs will benefit from this book as well, as it helps them understand how SQL Server security works, and how one should secure data in all its states, from prying eyes. It even helps database developers by introducing them to secure coding techniques. Overall, a good book and I highly recommend it.
Now let me walk you through the chapters:
Chapter 1: A Security Roadmap
This chapter covers the basic security concepts, Authentication and Authorization and goes on to discuss the different authentication mechanisms available in SQL Server 6.5, 7.0 and 2000 and even discusses the Kerberos and Active Directory (AD) authentication. Then it covers how authorization can be implemented using logins, user accounts, groups and roles.
Chapter 2: Authentication Logins
The first part of this chapter focuses on creating strong passwords, and discusses how passwords are handled in different authentication methods, and how secure SQL Server and Windows passwords are. The second part of this chapter focuses on how the authentication process works in SQL Server 6.5, 7.0, 2000, with different server net libraries like TCP/IP, named pipes, multiprotocol etc. It also shows you how to monitor the network login traffic using network monitoring and sniffing tools. The remaining part of this chapter concentrates on logins and fixed server roles.
Chapter 3: Database Security in SQL Server 6.5
This chapter covers how security works in SQL Server 6.5. Discusses the basics like aliasing, logins, users, granting and revoking permissions, object ownership etc., with examples. Goes on to discuss advanced topics like ownership chains.
Chapter 4: Database Security in SQL Server 7.0 and 2000
This chapter covers SQL Server 7.0 and 2000 security in detail. Starts off by examining the system table sysusers. Then there is a detailed section on managing permissions, called "The Art of Assigning Permissions". Then it covers database roles and object ownership chains.
Chapter 5: Designing Security for Applications
First part of this chapter helps you choose an authentication scheme among SQL Server authentication, Windows authentication, Kerberos security. Second part of this chapter covers how to secure your SQL Server, especially, when it is on the Internet. Author provides you with detailed steps and guidelines one should follow to tighten up security of production SQL Server computers. Next part helps you understand how to use technologies like Virtual Private Networks (VPN), Private Subnetwork, IPSec etc for protecting SQL Server data. The remaining part of this chapter covers SQL Injection attacks in detail.
Chapter 6: Securing Data Transformation Services (DTS)
Starts off with basics like creating , saving and managing DTS packages, and goes on to cover aspects like password protecting DTS packages, package versioning, different methods of package execution etc. There's a section on SQL Server Agent account permissions, and ownership issues involved in moving DTS packages from one server to another.
Chapter 7: Replication Security
Covers the basics of replication and introduces you to snapshot, transactional and merge replication and shows you how to secure different types of replication topologies. A section is dedicated to securing replication data stream.
Chapter 8: Managing Security for SQL Server CE
Last but not the least, this chapter covers various security aspects related to SQL Server CE, the future of mobile databases.
Appendix A: References
Contains links to valuable SQL Server and Windows security related books, site, tools etc.
Click here for more information or to buy this book from:
Morris Lewis has been smitten with Structured Query Language
since the first time his professor wrote Select * from Authors on
the chalkboard 14 years ago. He has worked with no other database
server since he first installed SQL Server 4.21a on his 16 MHZ,
Intel 386 computer with all of 32 megabytes of RAM running
Windows NT 3.51, more than 8 years ago. With the mantra "It
is ok to worry if they really are out to get you," he has
focused on all aspects of securing Windows and SQL Server since
he connected his first server to the Internet, six years ago.
Now, he runs a training and consulting company, Holistech
Incorporated (http://www.holistech.com), that focuses on helping
clients create better and more secure database applications, and
on teaching them how to avoid the mistakes that can lead to
problems in the future. He can be contacted at
Morris@Holistech.com if you need help keeping the bad guys out of