SQL Server 2005 Part 1 - Security (Authentication)

In this installment of our series covering new and improved functionality of SQL Server 2005 Beta 2, we will focus on the topic of security, which has been becoming increasingly prominent among the issues on every database and system administrator's agenda. A new approach to software development started with the Trustworthy Computing initiative launched in early 2002, necessitated by the growing number of exploits directed at the Microsoft operating system and applications, resulted in a "secure by default" product with highly customizable security features further increasing the degree of protection. We will start with the features related to authentication (the process of identifying logins connecting to the SQL Server and users accessing databases), and continue with authorization (determining the level of permissions granted once the initial connection is established) and encryption in the future articles. In particular, we will cover here, password policy implementation and management as

DATA PIRACY: THE THREAT FROM WITHIN

Databases are being stolen. Customer data, credit card data, taxpayer data - they're all vulnerable. Scary? Yes - but wait, there's more. It's not just "their" data that's vulnerable - it's ours too!

Removing the Builtin Administrators - Some Pitfalls to Avoid

The SQL Server 2000 security model is not the best one of all the RDBMS platforms and requires some work to secure properly. One of the practices that is recommended is removing the builtin/administrators group from accessing the SQL Server. New author Kathi Kellenberger shows us some of the pitfalls she encountered when removing this group from her servers.

Securing Your Microsoft SQL Server Databases in an Enterprise Environm

If you are running Microsoft SQL Server databases to support critical enterprise applications, you are part of a growing trend.

Manipulating Microsoft SQL Server Using SQL Injection

Focuses on advanced techniques that can be used in an attack on an application utilizing Microsoft SQL Server as a backend. These techniques demonstrate how an attacker could use a SQL Injection vulnerability to retrieve the database content from behind a firewall and penetrate the internal network. Also provided are recommendations on how to prevent such attacks.

Which of the following commands will successfully create...

Is there a way to determine the last...

Securing your databases: Improving protection with a proactive securit

The key to effective security is embracing it as an ongoing process rather than a one time event. This document examines how database security can be enhanced with a proactive security lifecycle approach.

An Enterprise-Class Plan for Securing Microsoft SQL Server Databases

If you are running Microsoft SQL Server databases to support critical enterprise applications, you are part of a growing trend. The cost/performance benefits of Microsoft SQL Server on the Microsoft Windows NT and Windows 2000 platforms have fueled the growth of SQL Server as a platform for enterprise-class applications.

Common Vulnerabilities in Database Security

Creating an enterprise security plan is a complex endeavour. It involves evaluating multiple threats that gain access through many network paths to a hodgepodge of different applications and systems. With the focus on systems and paths, databases are frequently overlooked. Securing the database should be a fundamental tenet for any security practitioner when developing his or her security plan. The database is the source of data, the "crown jewels" in the information economy. Any security effort must start with this in mind and end with the strongest level of controls applied at the database layer.