Data
Reader small image

You're reading from  SQL Server 2019 Administrator's Guide - Second Edition

Product typeBook
Published inSep 2020
Reading LevelBeginner
PublisherPackt
ISBN-139781789954326
Edition2nd Edition
Languages
SQL
Concepts
Database Administration
Right arrow
Authors (2):
Marek Chmel
Marek Chmel
author image
Marek Chmel

Marek Chmel is a senior CSA at Microsoft, specializing in data and AI. He is a speaker and trainer with more than 15 years' experience. He has been a Data Platform MVP since 2012. He has earned numerous certifications, including Azure Architect, Data Engineer and Scientist Associate, Certified Ethical Hacker, and several eLearnSecurity certifications. Marek earned his master's degree in business and informatics from Nottingham Trent University. He started his career as a trainer for Microsoft Server courses and later worked as SharePoint team lead and principal database administrator. He has authored two books, Hands-On Data Science with SQL Server 2017 and SQL Server 2017 Administrator's Guide.
Read more about Marek Chmel

Vladimír Mužný
Vladimír Mužný
author image
Vladimír Mužný

Vladimír Mužný has been a freelance developer and consultant since 1997. He has been a Data Platform MVP since 2017, and he has earned certifications such as MCSE: Data Management and Analytics and MCT. His first steps with SQL Server were done on version 6.5, and from that time on, he has worked with all following versions of SQL Server. Now Vladimir teaches Microsoft database courses, participates in SQL Server adoption at various companies, and collaborates on projects for production tracking and migrations.
Read more about Vladimír Mužný

View More author details
Right arrow

Chapter 4: Securing Your SQL Server

Securing SQL Server is a crucial task, as SQL Server usually holds very important and sensitive information in your environment. You need to apply many principles in order to properly secure your databases. Fortunately, SQL Server offers many options to help you with securing the data you store on it. Securing an SQL server is quite a complex task; you need to consider that SQL Server is a client application running on the Windows server, which is accessible via a network. In order to fully secure the environment, you need to secure the Windows Operating System (OS) too and put proper security measures on the network as well.

In this chapter, we will be covering the following topics:

  • Configuring SQL Server service accounts
  • Configuring authentication and authorization
  • Encrypting SQL Server data
  • Data Discovery and Classification
  • SQL Server vulnerability assessment
  • Encrypting SQL Server connections

Configuring SQL Server service accounts

An important part of the configuration of your SQL Server environment is the service accounts that are used for running your SQL Server services. Many of these can be configured immediately during the installation of your SQL Server. There are several options for you to select from while configuring an account for SQL Server services, as follows:

  • Virtual accounts
  • Managed service accounts
  • Group managed service accounts
  • Built-in system accounts
  • Domain user accounts
  • Local Windows accounts

Let's now get into each of the accounts in detail.

Virtual accounts

The default choice of any OS higher than Windows Server 2008 R2 is a virtual account. A virtual account is a managed local account for the simple administration of your services. One of the important benefits of virtual accounts is their auto management, so you don't need to worry about regular password updates on...

Configuring authentication and authorization

SQL Server security works in layers. As a first step, SQL Server will perform authentication, whereby SQL Server determines who you are and if you can log in. If you're successfully logged on, then SQL Server will perform authorization, determining if you can do what you're trying to do. In the next part of the chapter, we will see how to configure server authentication, how to work with server objects, and how to assign server-level permissions.

Authentication

SQL Server comes with two authentication modes, as follows:

  • SQL Server and Windows Authentication mode (frequently called Mixed mode)
  • Windows Authentication mode

As the names of the modes would suggest, you can always log in with some sort of Windows credential. On top of that, SQL Server can be configured to use its own accounting and isolated accounts stored directly on SQL Server.

You can choose the authentication&...

Encrypting SQL Server data

When you are storing sensitive data on your SQL Server, you may need to encrypt the data to protect the data from accidental misuse. Your company may have business and technical requirements to encrypt the data, or even legal requirements to encrypt any sensitive information.

SQL Server has many options on how to protect data with encryption, depending on the need to protect data at rest or in transit. The whole encryption ecosystem in SQL Server is quite complex and offers many options, as can be seen in the following diagram:

Fig. 4.12 – Encryption hierarchy for SQL Server

Transparent Data Encryption

One of the options on how to encrypt the data in the database is Transparent Data Encryption option. This feature has been available since SQL Server 2008 and works at the input/output (I/O) level. Both file types—data and log—are encrypted on the disk, and SQL Server does the encryption...

Data Discovery and Classification

Whenever you need to discover and report any sensitive data in your database, you can use a new feature called Data Discovery and Classification . When you are discovering the data, you must also classify and label any data found that fits your classification needs. There are several use cases for this feature, as follows:

  • Meeting data privacy standards (for example, General Data Protection Regulation (GDPR); Payment Card Industry Data Security Standard (PCI DSS); Sarbanes-Oxley (SOX); Health Insurance Portability and Accountability Act (HIPAA))
  • Controlling access to highly sensitive data (for example, personally identifiable information (PII))

    Note

    This feature is available for SQL Server 2012 and newer and was introduced with SQL Server Management Studio 17.5; however, it's recommended to use the latest version of SQL Server Management Studio.

While you are connected to the SQL Server, you can run classification on your database...

SQL Server vulnerability assessment

SQL Server Management Studio 17.4 was released with a very handy feature—scanning for vulnerabilities on your databases. It's always better to run with the latest version of SQL Server Management Studio (screenshots in this book are based on the 18.4 and 18.5 versions). This vulnerability assessment is supported on any SQL Server with version 2012 and higher and checks for a predefined set of vulnerabilities.

To create a new scan, you have to do the following:

  1. Right-click your database.
  2. Choose Tasks.
  3. Select Vulnerability Assessment.
  4. Click on Scan for Vulnerabilities.

Once the scan is complete, you will be presented with a result view in your SSMS application, with a summary about failed and passed checks.

In the following screenshot, you can see a sample scan with several categories of findings—high, medium, and low risk:

Fig. 4.20 – Vulnerability assessment report

...

Encrypting SQL Server connections

Connection to the SQL Server is by default not encrypted, until you configure your server and client otherwise. When you're connecting to the SQL Server with SQL Server Management Studio, you can choose to encrypt your connection to the server. In the following screenshot, we can see how the server connection is configured and how Management Studio responds to such a connection attempt:

Fig. 4.22 – Encrypted connection to SQL Server

Let's see how SQL Server responds to such a connection request in the following screenshot:

Fig. 4.23 – Failed login due to untrusted certificate

As you can see, the connection was not established due to a server certificate that is not trusted. If the SQL Server is not configured to use any certificate, it will automatically generate a self-signed one during the instance startup, as illustrated in the following screenshot:

Fig...

Summary

Security is a very important part of your SQL Server deployment, and in this chapter, we have seen many options that you can use to secure your SQL Server environment. You are making important choices already during the setup of your environment, whereby you configure the service accounts and authentication. Once you have SQL Server up and running, you have to configure SQL Server logins for your groups and accounts, which provide them proper access to the SQL Server. 

It's important to understand the difference between authentication and authorization. Just because you can log in to the SQL Server does not give you the rights to change configuration, access data, or perform any data changes. There are many configuration items that require sysadmin role membership and there's a frequent push from application teams and application DBAs to be part of this restricted server role, but you should limit the members of the sysadmin role as much as possible. The same...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 7 of 17
Next Chapter
You have been reading a chapter from
SQL Server 2019 Administrator's Guide - Second Edition
Published in: Sep 2020Publisher: PacktISBN-13: 9781789954326
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Marek Chmel

Marek Chmel is a senior CSA at Microsoft, specializing in data and AI. He is a speaker and trainer with more than 15 years' experience. He has been a Data Platform MVP since 2012. He has earned numerous certifications, including Azure Architect, Data Engineer and Scientist Associate, Certified Ethical Hacker, and several eLearnSecurity certifications. Marek earned his master's degree in business and informatics from Nottingham Trent University. He started his career as a trainer for Microsoft Server courses and later worked as SharePoint team lead and principal database administrator. He has authored two books, Hands-On Data Science with SQL Server 2017 and SQL Server 2017 Administrator's Guide.
Read more about Marek Chmel

author image
Vladimír Mužný

Vladimír Mužný has been a freelance developer and consultant since 1997. He has been a Data Platform MVP since 2017, and he has earned certifications such as MCSE: Data Management and Analytics and MCT. His first steps with SQL Server were done on version 6.5, and from that time on, he has worked with all following versions of SQL Server. Now Vladimir teaches Microsoft database courses, participates in SQL Server adoption at various companies, and collaborates on projects for production tracking and migrations.
Read more about Vladimír Mužný

Other recommended products

Related to this chapter

Professional SQL Server High Availability and Disaster Recovery

Professional SQL Server High Availability and Disaster Recovery

The Professional SQL Server High Availability and Disaster Recovery book explains the high availability and the disaster recovery technologies, their technical implementation, and different topologies that you can use when creating a highly available infrastructure with hybrid topologies.

BookJan 2019564 pages
SQL Server on Azure Virtual Machines

SQL Server on Azure Virtual Machines

This book will teach you how to harness the capabilities of SQL Server and the cloud database by taking you through the steps to deploy the server in Azure virtual machine effectively.

BookJun 2020200 pages
SQL Server on Linux

SQL Server on Linux

Microsoft's launch of SQL Server on Linux has made SQL Server a truly versatile platform across different operating systems and data-types, both on-premise and on-cloud. You will start by understanding how SQL Server can be installed on supported and unsupported Linux distributions. With the help of this book you will be able to setup SQL Server on Linux and understand how SQL Server can be installed and implemented on this open source platform.

BookAug 2017222 pages
Learn T-SQL Querying

Learn T-SQL Querying

T-SQL is an extension of the SQL language which allows you to tackle advanced querying and query-tuning challenges in SQL Server and Azure SQL Database. This book will be a perfect reference for you to write more efficient T-SQL code to perform simple-to-advanced tasks for data management and data analysis.

BookMay 2019484 pages
Introducing Microsoft SQL Server 2019

Introducing Microsoft SQL Server 2019

Introducing Microsoft SQL Server 2019 takes you through what’s new in SQL Server 2019 and why it matters. After reading this book, you’ll be well placed to explore exactly how you can make MIcrosoft SQL Server 2019 work best for you.

BookApr 2020488 pages
Hands-On Data Science with SQL Server 2017

Hands-On Data Science with SQL Server 2017

Learn how to utilize Microsoft SQL Server with NoSQL concepts for data science challenges. This book will help enhance your knowledge beyond data querying & processing tasks by implementing a data science pipeline. We will implement data science tasks and show how to use them on a day-to-day basis for efficient smart predictive models.

BookNov 2018506 pages
SQL Server 2017 Developer's Guide

SQL Server 2017 Developer's Guide

This book is your guide to exploring the various developer capabilities offered by SQL Server 2017. Model your data and the complex relationships within it, and integrate SQL Server with R and Python for efficient analytics. The book also covers the performance and troubleshooting aspects to help you develop efficient database applications.

BookMar 2018816 pages
SQL Server 2017 Machine Learning Services with R

SQL Server 2017 Machine Learning Services with R

With integrated R Services within SQL Server 2017, developers and data scientists can now benefit from the integrated, effective, efficient and more streamlined analytics environment. In this book, you will understand how to leverage the capabilities of R Services in SQL Server 2017. This short yet effective guide will help you get familiar with SQL Server 2017 R Services, and will show how to implement efficient data science models using it.

BookFeb 2018338 pages
Professional Azure SQL Managed Database Administration

Professional Azure SQL Managed Database Administration

Whether it is learning different techniques to monitor and tune an Azure SQL database or improving performance using in-memory technology, this book will enable you to make the most out of Azure SQL database features and functionality for data management solutions.

BookMar 2021724 pages
SQL Server 2016 Developer's Guide

SQL Server 2016 Developer's Guide

This book is designed to get you up to speed with SQL Server 2016, covering the essential concepts and techniques. By the end of this book, you’ll be able to design efficient, high-performance database applications confidently.

BookMar 2017616 pages
SQL Server 2017 Integration Services Cookbook

SQL Server 2017 Integration Services Cookbook

SQL Server Integration Services is a tool that facilitates data extraction, consolidation, and loading options (ETL), SQL Server coding enhancements, data warehousing, and customizations. With the help of this book, you’ll gain complete hands-on experience of SSIS 2017’s new features, and design and development improvements including SCD, Profiling, Tuning, and Customizations.

BookJun 2017558 pages
ETL with Azure Cookbook

ETL with Azure Cookbook

This book will take you through hand-on recipes for extracting, transforming, and loading data using big data tools and Azure services such as Data Factory and Azure Databricks. You will learn how to interact effectively with Azure services, along with covering automation with BIML and data profiling in Azure.

BookSep 2020446 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages