Microsoft SQL Server 2012 Security Cookbook

Over 70 practical, focused recipes to bullet-proof your SQL Server database and protect it from hackers and security threats

• Practical, focused recipes for securing your SQL Server database
• Master the latest techniques for data and code encryption, user authentication and authorization, protection against brute force attacks, denial-of-service attacks, and SQL Injection, and more
• A learn-by-example recipe-based approach that focuses on key concepts to provide the foundation to solve real world problems

In Detail

In 2011, a big corporation suffered a 23-day network outage after a breach of security that allowed the theft of millions of registered accounts on its gaming network. A month later, hackers claimed in a press release to have stolen personal information of 1 million users by a single SQL injection attack. In these days of high-profile hacking, SQL Server 2012 database security has become of prime importance.

"Microsoft SQL Server 2012 Security Cookbook" will show you how to secure your database using cutting-edge methods and protect it from hackers and other security threats. You will learn the latest techniques for data and code encryption, user authentication and authorization, protection against brute force attacks, denial-of-service attacks, and SQL Injection, securing business intelligence, and more.

We will start with securing SQL Server right from the point where you install it. You will learn to secure your server and network with recipes such as managing service SIDs, configuring a firewall for SQL Server access, and encrypting the session by SSL. We will then address internal security : creating logins to connect to SQL Server, and users to gain access to a database. We will also see how to grant privileges to securable objects on the server or inside the database.

After having managed authentication through logins and users, we will assign privileges inside a database using permissions. We will then learn about symmetric keys, asymmetric keys and certificates, which can be used to encrypt data or sign data and modules with a choice of cipher algorithms, as well as creating hash representations of data.

Then we will cover methods to protect your database against brute force attacks, denial-of-service attacks, and SQL Injection. Finally we will learn about auditing and compliance and securing SQL Server Analysis Services (SSAS) and Reporting Services (SSRS).

What you will learn from this book

• Start securing your database right from the first step when you install it
• Protect your database against brute force attacks, denial-of-service attacks, and SQL Injection
• Secure SQL Server Analysis Services (SSAS) and Reporting Services (SSRS)
• Use a SQL or Web Application Firewall
• Perform user authentication and authorization
• Manage object ownership and protect data through views and stored procedures
• Create and use certificates, and symmetric and asymmetric encryption keys
• Authenticate stored procedures by signatures
• Monitor SQL Server logs and use DML and DDL trigger for auditing
• Configure SQL Server database audit and manage audit resilience after a crash

Approach

Each recipe comprises step-by-step instructions followed by an analysis of what was done in each task and other useful information. The book is designed so that you can read it chapter by chapter, or look at the list of recipes and refer to them in no particular order. Each example comes with its expected output to make your learning even easier thus enabling you to successfully secure your SQL Server 2012 database.

Who this book is written for

This book is for SQL Server administrators, developers, and consultants who want to secure their SQL Server database with cutting edge techniques for data and code encryption, user authentication and authorization, protection against brute force attacks, denial-of-service attacks, and SQL Injection, securing business intelligence, and more.

Working knowledge of SQL Server is expected.