SlideShare una empresa de Scribd logo
1 de 66
Descargar para leer sin conexión
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
SQL Security in The Cloud
Tobiasz Janusz Koprowski
Data Platform MVP
Shadowland Consulting
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
Thanks to our sponsors
Exhibitors
Gold Sponsors
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
AGENDA
1 | Security in a Nutshell
2 | SQL Server Security Best Practices
3 | SQL Server 2014 Security Enhacement
4 | SQL Server 2016 Security Enhacement
5 | SQL Server Security in The Cloud
6 | Summary
Appendix
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
1 | Security In A Nutshell
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security? What is this?
• Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and
valuable asset, such as a person, dwelling, community, nation, or organization.
• As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3
(Open Source Security Testing Methodology Manual), security provides "a form of protection
where a separation is created between the assets and the threat." These separations are
generically called "controls," and sometimes include changes to the asset or the threat.
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 1 {IT REALM}
• Application security | http://bit.ly/18u8J6p
• Computing security | http://bit.ly/1ARdRLd
• Data security | http://bit.ly/185wfph
• Information security | http://bit.ly/1ARe0ya
• Network security | http://bit.ly/1C443R8
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 2 {PHYSICAL REALM}
• Airport security | http://bit.ly/1LPZcCZ
• Food security | http://bit.ly/1MYnii6
• Home security | http://bit.ly/1Gz3VI1
• Infrastructure security | http://bit.ly/1Bm8LIF
• Physical security | http://bit.ly/1Gz3VI1
• Port security | http://bit.ly/1ARewMH
• Supply chain security | http://bit.ly/1Ex7ob7
• School security | http://bit.ly/17Dl735
• Shopping center security | http://bit.ly/1EUb1FV
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 3 {POLITICAL REALM}
• Homeland security | http://bit.ly/1AAwZhE
• Human security | http://bit.ly/1DhojtU
• International security | http://bit.ly/1MYoyli
• National security | http://bit.ly/1FEnldu
• Public security | http://bit.ly/1wqpX9P
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Categorizing Security - part 4 {SQL SERVER REALM}
Application security Computing security
Data security Information security
Network security Home security
Infrastructure security Physical security
National security Public security
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
2 | SQL Server
Security Best Practices
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server Security Best Practices
• Efficiency and security have an inverse relationship to one another.
• You can have high efficiency or high security, but not both.
Example: `Small Bank Company` tend to favor efficiency over security:
• Cost limitations. This is the first and obvious reason. Community banks are fighting a constant battle to remain
competitive. Implementing security in systems adds costs - there is no way around it.
• Risk. It's not always a conscious decision for a bank to improve efficiency by sacrificing security. Sometimes there's
a lack of understanding of the risks associated with the systems we deploy.
• Personnel limitations. The many-hats syndrome runs rampant in smaller community banks.
• Regulatory emphasis. The current regulatory environment stresses controls as they relate to policy and
procedures.
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
authentication
• SQL Server supports:
• Windows Authentication Mode which supports
• Kerberos
• NTLM (Windows NT Lan Manager)
• Mixed Mode Authentication which supports
• Windows Accounts
• SQL Server specific accounts
SECURITY
BEST
PRACTICES
Best Practice:
use Windows Authentication mode
unless legacy application require Mixed Authentication for backward compability
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
secure sysadmin account
• sysadmin account (sa) is most vulnerable account when it’s not changed
• potential SQL Server attackers, hackers aware of this
SECURITY
BEST
PRACTICES
Best Practice:
change name of sysadmin account after installation
SSMS>Object Explorer>Logins>Rename (right click) / T-SQL
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
use complex password
SECURITY
BEST
PRACTICES
Best Practice:
ensure that complex password are used for sa and other sql-server-specific logins.
Think about ENFORCE EXPIRATION & MUST_CHANGE for any new SQL login
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
use specific logins
Best Practice:
use different accounts for different sql-server oriented services
Component Windows Server 2008
Windows 7 and Windows
Server 2008 R2 and higher
Recommended
accounts
Database Engine NETWORK SERVICE Virtual Account SQL_Engine
SQL Server Agent NETWORK SERVICE Virtual Account SQL_Agent
SSAS NETWORK SERVICE Virtual Account SQL_srvAS
SSIS NETWORK SERVICE Virtual Account SQL_srvIS
SSRS NETWORK SERVICE Virtual Account SQL_srvRS
SQL Server Distributed Replay Controller NETWORK SERVICE Virtual Account SQL_DRContro
SQL Server Distributed Replay Client NETWORK SERVICE Virtual Account SQL_DRReplay
FD Launcher (Full-text Search) LOCAL SERVICE Virtual Account
SQL Server Browser LOCAL SERVICE LOCAL SERVICE
SQL Server VSS Writer LOCAL SYSTEM LOCAL SYSTEM
SECURITY
BEST
PRACTICES
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
sysadmin membership
• Member of sysadmin fixed-server role can do whatever they want on SQL Server
• by default sysadmin fixed-server role has CONTROL SERVER permission granted explicity
• do not explicitly grant CONTROL SERVER for Windows logins, Windows Group logins and SQL logins
SECURITY
BEST
PRACTICES
Best Practice:
carefully choose the membership of sysadmin fixed-server
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
general administration
• everything (almost always) works under sa account especially with CONTROL SERVER permission
• institute dedicated Windows logins for DBAs, and assign these logins sysadmin rights on SQL Server for
administration purposes.
SECURITY
BEST
PRACTICES
Best Practice:
use built-in fixed server roles and database roles or create your custom roles, then apply for specific logins
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
revoke guest access
• by default guest accounts exist in every user and system databases
• is a potential security risk in lock down environment
• those accounts could be targets for attackers
• asssign public server role membership if you will need explicit access to user databases
SECURITY
BEST
PRACTICES
Best Practice:
disable all gueast user access from all user and system databases (excluding msdb database)
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
limit public permission
• SQL Server has many Stored Procedures and many of them have public access permission:
• OLE AUTOMATION: sp_OACreate, sp_OAGetProperty, sp_OAStop, sp_OAMethod, sp_OAGerErrorInfo,
sp_OADestroy, sp_OASetProperty
• REGISTRY ACCESS: xp_regremovemultistring, xp_regaddmultistring, xp_regread, xp_regdeletekey,
xp_regdeletevalue, xp_regwrite
• OTHER ROUTINES: sp_sdidebug, xp_logevent, sp_sprintf, xp_dsninfo, xp_msver, sp_sscanf, xp_stopmail,
xp_grantlogin, xp_eventlog, xp_dirtree
SECURITY
BEST
PRACTICES
Best Practice:
revoke public role access for some extended procedures and check other store procedures
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
hardening sql server ports
• default sql server port 1433/1434 is well known as standard target for hackers
• by using SQL Server Configuration Manager you:
• can change default port
• can use specific TCP port intead of dynamic
• remeber about similar TCP/UDP ports (1433, 1434)
SECURITY
BEST
PRACTICES
Best Practice:
change default SQL Server port if it’s possible
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
disable sql server browser
• by default SQL Server Browser is disabled
• tt’s necessary to run when multiple instances are running on a single server
• any Windows user having the following rights would be capable to run the SQL Server Browser service:
• deny access to this computer from the network / deny logon locally / deny logon as a batch job
• Deny logon through Terminal Services / log on as a service / read and write the SQL Server registry keys
related to network communication (ports and pipes)
SECURITY
BEST
PRACTICES
Best Practice:
change default SQL Server port if it’s possible
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
secure service accounts
• different service accounts for different services
• dedicated low-privileges domain accounts
• check membership on a regular basis
• use strong and different passwords for each account
SECURITY
BEST
PRACTICES
Best Practice:
create good plan and make note about service accounts and passwords
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
3 | SQL Server 2014 Security
Enhacements
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
transparent data encryption
• first introduced with SQL Server 2008 (!)
• protecting data by performing I/O encryption and decryption for database and log files
• passphrase (less secure),
• asymmetric key (strong protection, poor performance),
• symmetric key (good performance, strong enough protection),
• certificate (strong protection, good performance)
• New functionality for backup:
• takes non-encrypted backup data
• encrypt data before writing to disk
• compression is performed on the backup data first
• then encryption is applied to compressed data
• support for backup to Azure
SQL14 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
encryption key management
• Encryption options include:
• encryption algorithm
• certificate or asymmetric key
• only asymmetric key reside in EKM (Enterprise Key Management) is supported
• multiple algorithm up to AES-256 are supported
• manageable by PowerShell, SMO, SSMS, T-SQL
• VERY IMPORTANT:
• asymmetric key or certificate MUST be backed up
• location MUST be different than backup location
• No RESTORE without asymmetric key or certificate
SQL14 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
connect any database
new server-level permission
grant CONNECT ANY DATABASE to a login
that must connect to all databases currently exist and any new in future
does not grant any permission in any database beyond connect
to allow an auditing process to view all data or all database states CONNECT ANY DATABASE
may be combined with:
SELECT ALL USER SECURABLES
VIEW SERVER STATE
SQL14 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
impersonate any login
new server-level permission
when granted IMPERSONATE ANY LOGIN
allows a middle-tier process to impersonate the account of clients connecting to it
when denied IMPERSONATE ANY LOGIN
a high privileged login can be blocked from impersonating other logins
example:
CONTROL SERVER permission can be blocked
from impersonating other logins
SQL14 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
select all user securables
new server-level permission
when granted SELECT ALL USER SECURABLES a login (for example for auditing purposes)
can view data in all databases that the user can connect to
SQL14 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server Express Security
• by default:
• instance name: SQLExpress
• networking protocol: disabled
• sql server browser: disabled
• user (local) instances:
• separated instance generated from parent instance
• sysadmin privileges on SQL Express on local machine
• runs as user process not as service process
• only windows logins are supported
• RANU instance (run as normal user)
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
4 | SQL Server 2016 Security
Enhacements
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
row-level security
• Restricting access to financial data based on an employee's region and role
• Ensuring that tenants of a multi-tenant application can only access their own rows of data
• Enabling different analysts to report on different subsets of data based on their position
SQL16 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
row-level security
• A hospital can create a security policy that allows nurses to view data rows for their own patients only.
• A bank can create a policy to restrict access to rows of financial data based on the employee's business division, or
based on the employee's role within the company.
• A multi-tenant application can create a policy to enforce a logical separation of each tenant's data rows from every
other tenant's rows. Efficiencies are achieved by the storage of data for many tenants in a single table. Of course,
each tenant can see only its data rows.
SQL16 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
dynamic data masking
• Default {Full masking according to the data types of the designated fields}
• Use XXXX or fewer Xs if the size of the field is less than 4 characters for string data types (nchar, ntext, nvarchar).
• Use a zero value for numeric data types (bigint, bit, decimal, int, money, numeric, smallint, smallmoney, tinyint, float,
real).
• Use 01-01-1900 for date/time data types (date, datetime2, datetime, datetimeoffset, smalldatetime, time).
• For SQL variant, the default value of the current type is used.
• For XML the document is used.
• Use an empty value for special data types (timestamp table, hierarchyid, GUID, binary, image, varbinary spatial types).
SQL16 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
dynamic data masking
• Credit card {Masking method which exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of a
credit card}. example: XXXX-XXXX-XXXX-1234
• Social security number {Masking method which exposes the last four digits of the designated fields and adds a constant string as a prefix in the
form of an American social security number.} example: XXX-XX-1234
• Email {Masking method which exposes the first letter and replaces the domain with XXX.com using a constant string prefix in the form of an
email address}. example: aXX@XXXX.com
• Random number {Masking method which generates a random number according to the selected boundaries and actual data types. If the
designated boundaries are equal, then the masking function will be a constant number}.
• Custom text {Masking method which exposes the first and last characters and adds a custom padding string in the middle. If the original string
is shorter than the exposed prefix and suffix, only the padding string will be used. example: prefix[padding]suffix
SQL16 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
always encrypted
• The new version of SQL Server include an additional layer of security that keeps:
valuable personal data such as:
• Social Security numbers
• private healthcare data
• credit card information
protected even when the data is being used
SQL16 SECURITY
ENHACEMENTS
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
5 | SQL Server
Security IN THE CLOUD
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Cloud Security
Microsoft Cloud Security Approach in a Nutshell
• Principles, patterns, and practices
• Security engineering
• Threats and countermeasures
• Secure the network, host, and application
• Application scenarios and solutions
• Security frame
• People, process, and technology
• Application, infrastructure, and business http://bit.ly/1zmeYi2
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security Requirements for Azure Platform
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security Requirements for Azure Platform
ISO/IEC 27001:2005 Audit and Certification
ISO Scope: The following Azure features are in scope for the current ISO audit: Cloud Services (including Fabric and
RDFE), Storage (Tables, Blobs, Queues), Virtual Machines (including with SQL Server), Virtual Network, Traffic
Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Workflow, Multi-Factor
Authentication, Active Directory, Right Management Service, SQL Database, and HDInsight. This includes the
Information Security Management System (ISMS) for Azure, encompassing infrastructure, development, operations,
and support for these features. Also included are Power BI for Office 365 and Power Query Service.
SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations
Scope: The following Azure features are in scope for the current SOC 1 Type 2 and SOC 2 Type 2 attestations: Cloud
Services (includes stateless Web, and Worker roles), Storage (Tables, Blobs, Queues), Virtual Machines (includes
persistent virtual machines for use with supported operating systems) and Virtual Network (includes Traffic Manager).
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Security Requirements for Azure Platform
And of course requirements for Data Centers:
• Physical security of the data centers (locks, cameras, biometric devices, card readers, alarms)
• Firewalls, application gateways and IDS to protect the network
• Access Control Lists (ACLs) applied to virtual local area networks (VLANs) and applications
• Authentication and authorization of persons or processes that request access to data
• Hardening of the servers and operating system instances
• Redundant internal and external DNS infrastructure with restricted write access
• Securing of virtual machine objects
• Securing of static and dynamic storage containers
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
6 | SUMMARY
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server Security in the Cloud
• Same security principals like SQL Server on premise
• Full responsibility for DBA with Virtual Machine
• Partial responsibility for DBA with Azure SQL Database
• Automatic updates for Azure SQL Database
• New functionality implemented by Microsoft
• Some incompabilities with t-sql, functions, store procedures
• Increased security by default on Azure platform
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
SQL Server in Cloud: WASD vs VM
Choose Azure SQL Database, if:
• You are building brand new, cloud-based applications; or you want to migrate your existing SQL Server database to Azure and
your database is not using one of the unsupported functionalities in Azure SQL Database. For more information, see Azure
SQL Database Transact-SQL Reference. This approach provides the benefits of a fully managed cloud service and ensures the
fast time-to-market.
• You want to have Microsoft perform common management operations on your databases and require stronger availability
SLAs for databases. This approach can minimize the administration costs and at the same time provides a guaranteed
availability for the database.
Choose SQL Server in Azure VM, if:
• You have existing on-premises applications and wish to stop maintaining your own hardware or you consider hybrid solutions.
This approach lets you get access to high database capacity faster and also connects your on-premises applications to the
cloud via a secure tunnel.
• You have existing IT resources, need full administrative rights over SQL Server, and require the full compatibility with on-
premises SQL Server (for example, some features do not exist in Azure SQL Database). This approach lets you minimize costs
for development or modifications of existing applications with the flexibility to run most applications. In addition, it provides
full control on the VM, operating system, and database configuration.
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Three Pillars of a Secure Hybrid Cloud Environment
• Pillar One: risk assessment and management
• A definition of the risks that apply to various asset(s), based on their business criticality.
• An assessment of the current status of each risk before it’s moved to the cloud. Using this information, each risk can be accepted,
mitigated, transferred or avoided.
• An assessment of the risk profile of each asset, assuming it has been moved to the cloud.
• Pillar Two: policy and compliance
• Cloud providers need to understand that simply listing compliance certifications isn’t sufficient. In line with the mantra of transparency
explored in the previous point, providers should take a proactive stance to sharing their security implementations and controls.
Dimension Data often assists clients by providing them with a list of questions
that we believe they should be posing to cloud providers as part of the
evaluation process, to ensure they’re covering all the bases.’
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Three Pillars of a Secure Hybrid Cloud Environment
Pillar Three: provider transparency
• Governance: the ability of an organisation to govern and measure enterprise risk introduced by cloud.
• Legal issues: regulations, and requirements to protect the privacy of data, and the security of information and computer systems.
• Compliance and audit: maintaining and proving compliance when using the cloud.
• Information management and data security: managing cloud data, and responsibility for data confidentiality, integrity and availability.
• Portability and interoperability: the ability to move data or services from one provider to another, or bring them back in-house.
• Business continuity and disaster recovery: operational processes and procedures for business continuity and disaster recovery.
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Three Pillars of a Secure Hybrid Cloud Environment
Pillar Three: provider transparency
• Data centre: evaluating any elements of a provider’s data centre architecture and operations that could be detrimental to ongoing services.
• Incident response, notification and remediation: adequate incydent detection, response, notification, and remediation.
• Application security: securing application software running on or developed in the cloud.
• Encryption and key management: identifying proper encryption usage and scalable key management.
• Identity and access management: assessing an organisation’s readiness to conduct cloud-based identity, entitlement, and access management.
• Virtualisation: risks associated with multi-tenancy, virtual machine isolation and co- residence, hypervisor vulnerabilities, etc.
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Recommendations (SharePoint Example)
• Create a new role for an Information Manager who owns information governance across environments
• Train and educate all stakeholders about risk and liability
• Assess the appropriateness of using SharePoint versus other document management tools
• Define information governance policies for access, retention, archival, and backup
• Automate risk controls
• Audit user and data activities
• Resources:
• Microsoft TechNet
• Microsoft MSDN
• Legal Sources for Compliance Requirements
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links
• ISECOM (the Institute for Security and Open Methodologies)
• http://www.isecom.org/about-us.html
• OSSTMM (Open Source Security Testing Methodology Manual)
• http://www.isecom.org/research/osstmm.html
• Library of Resources for Industrial Control System Cyber Security
• https://scadahacker.com/library/index.html
• patterns & practices: Cloud Security Approach in a Nutshell
• https://technet.microsoft.com/en-us/ff742848.aspx
• Microsoft Azure Trust Center: Security
• http://azure.microsoft.com/en-us/support/trust-center/security/
• 10 Things to know about Azure Security
• https://technet.microsoft.com/en-us/cloud/gg663906.aspx
• Security Best Practice and Label Security Whitepapers
• http://blogs.msdn.com/b/sqlsecurity/archive/2012/03/07/security-best-practice-and-label-security-
whitepapers.aspx
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links
• Hello Secure World
• http://www.microsoft.com/click/hellosecureworld/default.mspx
• SQL Server Label Security Toolkit
• http://sqlserverlst.codeplex.com/
SQL Server Best Practices Analyzer
• Microsoft Baseline Configuration Analyzer 2.0
• http://www.microsoft.com/en-us/download/details.aspx?id=16475
• SQL Server 2005 Best Practices Analyzer (August 2008)
• http://www.microsoft.com/en-us/download/details.aspx?id=23864
• Microsoft® SQL Server® 2008 R2 Best Practices Analyzer
• http://www.microsoft.com/en-us/download/details.aspx?id=15289
• Microsoft® SQL Server® 2012 Best Practices Analyzer
• http://www.microsoft.com/en-us/download/details.aspx?id=29302
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links• Microsoft Security Assessment Tool
• http://www.microsoft.com/downloads/details.aspx?FamilyID=6D79DF9C-C6D1-4E8F-8000-
0BE72B430212&displaylang=en
• Microsoft Application Verifier
• http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-
2619bd93b3a2&DisplayLang=en
• Microsoft Threat Analysis & Modelling Tool
• http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-
944703479451&DisplayLang=en
• How To: Protect From SQL Injection in ASP.NET
• http://msdn2.microsoft.com/en-us/library/ms998271.aspx
• Securing Your Database Server
• http://msdn.microsoft.com/en-us/library/aa302434.aspx
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
links
• Threats and Countermeasures
• http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch00.mspx
• Configure Windows Service Accounts and Permissions
• https://msdn.microsoft.com/en-us/library/ms143504.aspx#Network_Service
• Select an Account for the SQL Server Agent Service
• https://msdn.microsoft.com/en-us/library/ms191543.aspx
• Server Configuration - Service Accounts
• https://msdn.microsoft.com/en-us/library/cc281953.aspx
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources: security
• Azure Security: Technical Insights
• Security Best Practices for Developing Azure Solutions
• Protecting Data in Azure
• Azure Network Security
• Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Microsoft Enterprise Cloud Red Teaming
• Microsoft Azure Security and Audit Log Management
• Security Management in Microsoft Azure
• Crypto Services and Data Security in Azure
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources: security & privacy
• Business Continuity for Azure
• Understanding Security Account Management in Azure
• Azure Data Security: Cleansing and Leakage
• Scenarios and Solutions Using Azure Active Directory Access Control
• Securing and Authenticating a Service Bus Connection
• Azure Privacy Overview (PDF)
• Azure Privacy Statement
• Law Enforcement Request Report
• Protecting Data and Privacy in the Cloud
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources: compliance & more
• Response to Cloud Security Alliance Cloud Controls Matrix (DOC)
• Azure HIPAA Implementation Guidance (PDF)
• Azure Customer PCI Guide (PDF)
• The Microsoft Approach to Cloud Transparency (PDF)
• Microsoft Trustworthy Computing
• Operational Security for Online Services Overview (PDF)
• Data Classification for Cloud Readiness
• CISO Perspectives on Data Classification (PDF)
• An Introduction to Designing Reliable Cloud Services (PDF)
• Deploying Highly Available and Secure Cloud Solutions (PDF)
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
azure resources
RESOURCE DESCRIPTION
MSDN: Azure SQL Database
MSDN: SQL Server in Azure Virtual Machines
Azure.com: Azure SQL Database
Links to the library documentation.
Azure SQL Database and SQL Server --
Performance and Scalability Compared and
Contrasted
This article explains performance differences and troubleshooting techniques when using Azure SQL
Database and SQL Server running on-premises or in a VM.
Application Patterns and Development
Strategies for SQL Server in Azure Virtual
Machines
This article discusses the most common application patterns that apply to SQL Server in Azure VMs
and also hybrid scenarios including Azure SQL Database.
Microsoft Enterprise Library Transient Fault
Handling Application Block
This library lets developers make their applications running on Azure SQL Database more resilient by
adding robust transient fault handling logic. Transient faults are errors that occur because of some
temporary condition such as network connectivity issues or service unavailability. Since Azure SQL
Database is a multitenant service, it is important to handle such errors to minimize any application
downtime.
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
credits
• Yes, 123456 is the most common password, but here’s why that’s misleading
http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats-
misleading/
• CIO’s are Listening, Security is Important…
https://communities.intel.com/community/itpeernetwork/blog/2014/05/20/cio-s-are-listening-security-is-
important
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
after session
CONTACT:
• MAIL: KoprowskiT@windowslive.com
• SOCIAL MEDIA: facebook, twitter, linkedin, xing, yammer, slack, github
SLIDES FROM SESSION:
• SlideShare Profile: http://www.slideshare.net/Anorak
• Difinity Conference Site
BLOGS:
• ITPRO Anorak’s Vision: http://itblogs.pl/notbeautifulanymore/
• My MVP Blog: http://koprowskit.eu/geek/
http://difinity.co.nz#Difinity 7th – 9th Feb 2017
Please fill the
evaluation form
https://goo.gl/forms/cokWOkZsqBYwwulD2
http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
Thanks to our sponsors
Exhibitors
Gold Sponsors

Más contenido relacionado

La actualidad más candente

KoprowskiT - SQLBITS X - 2am a disaster just began
KoprowskiT - SQLBITS X - 2am a disaster just beganKoprowskiT - SQLBITS X - 2am a disaster just began
KoprowskiT - SQLBITS X - 2am a disaster just beganTobias Koprowski
 
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloudTobias Koprowski
 
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloudTobias Koprowski
 
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBAKoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBATobias Koprowski
 
Introduction to SQL Server Analysis services 2008
Introduction to SQL Server Analysis services 2008Introduction to SQL Server Analysis services 2008
Introduction to SQL Server Analysis services 2008Tobias Koprowski
 
KoprowskiT_SPBizConference_2AMaDisasterJustBegan
KoprowskiT_SPBizConference_2AMaDisasterJustBeganKoprowskiT_SPBizConference_2AMaDisasterJustBegan
KoprowskiT_SPBizConference_2AMaDisasterJustBeganTobias Koprowski
 
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
44spotkaniePLSSUGWRO_CoNowegowKrainieChmurTobias Koprowski
 
SQLBits XIV - The Big Backup Theory
SQLBits XIV - The Big Backup TheorySQLBits XIV - The Big Backup Theory
SQLBits XIV - The Big Backup TheoryRichard Douglas
 
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginnersSQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginnersTobias Koprowski
 
Understanding the Transaction Log, Your Key to Unlocking Greater Throughput
Understanding the Transaction Log, Your Key to Unlocking Greater ThroughputUnderstanding the Transaction Log, Your Key to Unlocking Greater Throughput
Understanding the Transaction Log, Your Key to Unlocking Greater ThroughputRichard Douglas
 
Software defined storage real or bs-2014
Software defined storage real or bs-2014Software defined storage real or bs-2014
Software defined storage real or bs-2014Howard Marks
 
Windows Server 2012 R2 Jump Start - WEB
Windows Server 2012 R2 Jump Start - WEBWindows Server 2012 R2 Jump Start - WEB
Windows Server 2012 R2 Jump Start - WEBPaulo Freitas
 
KoprowskiT_it_camp2013 - 2amADisasterJustBegan
KoprowskiT_it_camp2013 - 2amADisasterJustBeganKoprowskiT_it_camp2013 - 2amADisasterJustBegan
KoprowskiT_it_camp2013 - 2amADisasterJustBeganTobias Koprowski
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...Ido Flatow
 
Backup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureBackup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureDatavail
 
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)SQL Server Best Practices - Install SQL Server like a boss (RELOADED)
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)Andre Essing
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...Trivadis
 

La actualidad más candente (20)

KoprowskiT - SQLBITS X - 2am a disaster just began
KoprowskiT - SQLBITS X - 2am a disaster just beganKoprowskiT - SQLBITS X - 2am a disaster just began
KoprowskiT - SQLBITS X - 2am a disaster just began
 
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
 
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
 
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBAKoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
 
Introduction to SQL Server Analysis services 2008
Introduction to SQL Server Analysis services 2008Introduction to SQL Server Analysis services 2008
Introduction to SQL Server Analysis services 2008
 
KoprowskiT_SPBizConference_2AMaDisasterJustBegan
KoprowskiT_SPBizConference_2AMaDisasterJustBeganKoprowskiT_SPBizConference_2AMaDisasterJustBegan
KoprowskiT_SPBizConference_2AMaDisasterJustBegan
 
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
 
SQL Azure for ITPros
SQL Azure for ITProsSQL Azure for ITPros
SQL Azure for ITPros
 
SQLBits XIV - The Big Backup Theory
SQLBits XIV - The Big Backup TheorySQLBits XIV - The Big Backup Theory
SQLBits XIV - The Big Backup Theory
 
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginnersSQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
 
Pvs slide
Pvs slidePvs slide
Pvs slide
 
Understanding the Transaction Log, Your Key to Unlocking Greater Throughput
Understanding the Transaction Log, Your Key to Unlocking Greater ThroughputUnderstanding the Transaction Log, Your Key to Unlocking Greater Throughput
Understanding the Transaction Log, Your Key to Unlocking Greater Throughput
 
Mohssen cv
Mohssen cvMohssen cv
Mohssen cv
 
Software defined storage real or bs-2014
Software defined storage real or bs-2014Software defined storage real or bs-2014
Software defined storage real or bs-2014
 
Windows Server 2012 R2 Jump Start - WEB
Windows Server 2012 R2 Jump Start - WEBWindows Server 2012 R2 Jump Start - WEB
Windows Server 2012 R2 Jump Start - WEB
 
KoprowskiT_it_camp2013 - 2amADisasterJustBegan
KoprowskiT_it_camp2013 - 2amADisasterJustBeganKoprowskiT_it_camp2013 - 2amADisasterJustBegan
KoprowskiT_it_camp2013 - 2amADisasterJustBegan
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
 
Backup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureBackup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft Azure
 
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)SQL Server Best Practices - Install SQL Server like a boss (RELOADED)
SQL Server Best Practices - Install SQL Server like a boss (RELOADED)
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
 

Destacado

Tracxn Research - Finance & Accounting Landscape, February 2017
Tracxn Research - Finance & Accounting Landscape, February 2017Tracxn Research - Finance & Accounting Landscape, February 2017
Tracxn Research - Finance & Accounting Landscape, February 2017Tracxn
 
Tracxn Research - Mobile Advertising Landscape, February 2017
Tracxn Research - Mobile Advertising Landscape, February 2017Tracxn Research - Mobile Advertising Landscape, February 2017
Tracxn Research - Mobile Advertising Landscape, February 2017Tracxn
 
2017 iosco research report on financial technologies (fintech)
2017 iosco research report on  financial technologies (fintech)2017 iosco research report on  financial technologies (fintech)
2017 iosco research report on financial technologies (fintech)Ian Beckett
 
Göteborg university(condensed)
Göteborg university(condensed)Göteborg university(condensed)
Göteborg university(condensed)Zenodia Charpy
 
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION Elvis Muyanja
 
2015 Internet Trends Report
2015 Internet Trends Report2015 Internet Trends Report
2015 Internet Trends ReportIQbal KHan
 
Enabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical EnterpriseEnabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical EnterpriseHortonworks
 
Scott Bennett - Shell Game - Whistleblowing Report
Scott Bennett - Shell Game - Whistleblowing ReportScott Bennett - Shell Game - Whistleblowing Report
Scott Bennett - Shell Game - Whistleblowing ReportExopolitics Hungary
 
KoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfastKoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfastTobias Koprowski
 
Beginning to Spatial Data in SQL Server 2008
Beginning to Spatial Data in SQL Server 2008Beginning to Spatial Data in SQL Server 2008
Beginning to Spatial Data in SQL Server 2008Tobias Koprowski
 
Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...
Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...
Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...Tomasz Kopacz
 
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLA
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLAWysoka Dostępność SQL Server 2008 w kontekscie umów SLA
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLATobias Koprowski
 
PLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLA
PLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLAPLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLA
PLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLATobias Koprowski
 

Destacado (14)

Tracxn Research - Finance & Accounting Landscape, February 2017
Tracxn Research - Finance & Accounting Landscape, February 2017Tracxn Research - Finance & Accounting Landscape, February 2017
Tracxn Research - Finance & Accounting Landscape, February 2017
 
Tracxn Research - Mobile Advertising Landscape, February 2017
Tracxn Research - Mobile Advertising Landscape, February 2017Tracxn Research - Mobile Advertising Landscape, February 2017
Tracxn Research - Mobile Advertising Landscape, February 2017
 
2017 iosco research report on financial technologies (fintech)
2017 iosco research report on  financial technologies (fintech)2017 iosco research report on  financial technologies (fintech)
2017 iosco research report on financial technologies (fintech)
 
Göteborg university(condensed)
Göteborg university(condensed)Göteborg university(condensed)
Göteborg university(condensed)
 
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION
DATA SCIENCE IS CATALYZING BUSINESS AND INNOVATION
 
2015 Internet Trends Report
2015 Internet Trends Report2015 Internet Trends Report
2015 Internet Trends Report
 
Enabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical EnterpriseEnabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical Enterprise
 
Scott Bennett - Shell Game - Whistleblowing Report
Scott Bennett - Shell Game - Whistleblowing ReportScott Bennett - Shell Game - Whistleblowing Report
Scott Bennett - Shell Game - Whistleblowing Report
 
KoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfastKoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfast
 
State of Nation - Feb 2017
State of Nation - Feb 2017State of Nation - Feb 2017
State of Nation - Feb 2017
 
Beginning to Spatial Data in SQL Server 2008
Beginning to Spatial Data in SQL Server 2008Beginning to Spatial Data in SQL Server 2008
Beginning to Spatial Data in SQL Server 2008
 
Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...
Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...
Tomasz Kopacz MTS 2012 Azure - Co i kiedy użyć (IaaS vs paas vshybrid cloud v...
 
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLA
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLAWysoka Dostępność SQL Server 2008 w kontekscie umów SLA
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLA
 
PLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLA
PLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLAPLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLA
PLSSUG Meeting - Wysoka dostepność SQL Server 2008 w kontekscie umów SLA
 

Similar a KoprowskiT-Difinify2017-SQL_Security_In_The_Cloud

KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudTobias Koprowski
 
Secure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseSecure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseMuleSoft
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationTriNimbus
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedHoward Greenberg
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Beau Bullock
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?Ohyama Masanori
 
PHP challenge on PaaS
PHP challenge on PaaSPHP challenge on PaaS
PHP challenge on PaaSBoaz Ziniman
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & ComplianceNuno Godinho
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...Amazon Web Services
 
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?TechWell
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunk
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 

Similar a KoprowskiT-Difinify2017-SQL_Security_In_The_Cloud (20)

KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
 
Secure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterpriseSecure by design: Scaling security across the enterprise
Secure by design: Scaling security across the enterprise
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPN
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of Security
 
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
 
Adminblast 2013
Adminblast 2013Adminblast 2013
Adminblast 2013
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?
 
PHP challenge on PaaS
PHP challenge on PaaSPHP challenge on PaaS
PHP challenge on PaaS
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности
 
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...
Start Building CI/CD as Code. The 7 Lessons Learnt from Deploying and Managin...
 
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017
 

Más de Tobias Koprowski

KoprowskiT_2AMaDisasterJustBeganAD2018
KoprowskiT_2AMaDisasterJustBeganAD2018KoprowskiT_2AMaDisasterJustBeganAD2018
KoprowskiT_2AMaDisasterJustBeganAD2018Tobias Koprowski
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
KoprowskiT_SQLDay2016_2AMaDisasterJustBegan
KoprowskiT_SQLDay2016_2AMaDisasterJustBeganKoprowskiT_SQLDay2016_2AMaDisasterJustBegan
KoprowskiT_SQLDay2016_2AMaDisasterJustBeganTobias Koprowski
 
KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015
KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015
KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015Tobias Koprowski
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersTobias Koprowski
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 
KoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbegan
KoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbeganKoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbegan
KoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbeganTobias Koprowski
 
KoprowskiT_SQLSaturday409_MaintenancePlansForBeginners
KoprowskiT_SQLSaturday409_MaintenancePlansForBeginnersKoprowskiT_SQLSaturday409_MaintenancePlansForBeginners
KoprowskiT_SQLSaturday409_MaintenancePlansForBeginnersTobias Koprowski
 
KoprowskiT_SPBizConf_2AMaDisasterJustBegan
KoprowskiT_SPBizConf_2AMaDisasterJustBeganKoprowskiT_SPBizConf_2AMaDisasterJustBegan
KoprowskiT_SPBizConf_2AMaDisasterJustBeganTobias Koprowski
 
KoprowskiT_InfoTRAMS_TrustThePrimer
KoprowskiT_InfoTRAMS_TrustThePrimerKoprowskiT_InfoTRAMS_TrustThePrimer
KoprowskiT_InfoTRAMS_TrustThePrimerTobias Koprowski
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersTobias Koprowski
 
KoprowskiT_ESRM_TrustThePrimer
KoprowskiT_ESRM_TrustThePrimerKoprowskiT_ESRM_TrustThePrimer
KoprowskiT_ESRM_TrustThePrimerTobias Koprowski
 
KoprowskiT_ECCV_Trust.ThePrimer
KoprowskiT_ECCV_Trust.ThePrimerKoprowskiT_ECCV_Trust.ThePrimer
KoprowskiT_ECCV_Trust.ThePrimerTobias Koprowski
 
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloudTobias Koprowski
 
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginnersKoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginnersTobias Koprowski
 
KoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloudTobias Koprowski
 
KoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginners
KoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginnersKoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginners
KoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginnersTobias Koprowski
 

Más de Tobias Koprowski (18)

KoprowskiT_2AMaDisasterJustBeganAD2018
KoprowskiT_2AMaDisasterJustBeganAD2018KoprowskiT_2AMaDisasterJustBeganAD2018
KoprowskiT_2AMaDisasterJustBeganAD2018
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
 
KoprowskiT_SQLDay2016_2AMaDisasterJustBegan
KoprowskiT_SQLDay2016_2AMaDisasterJustBeganKoprowskiT_SQLDay2016_2AMaDisasterJustBegan
KoprowskiT_SQLDay2016_2AMaDisasterJustBegan
 
KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015
KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015
KoprowskiT_SQLRelayNottingham_BackupAndRestoreAD2015
 
KoprowskiT_SBIPTI_Keynote
KoprowskiT_SBIPTI_KeynoteKoprowskiT_SBIPTI_Keynote
KoprowskiT_SBIPTI_Keynote
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginners
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginners
 
KoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbegan
KoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbeganKoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbegan
KoprowskiT_SQLSaturdayManchester_2AMaDisasterJustbegan
 
KoprowskiT_SQLSaturday409_MaintenancePlansForBeginners
KoprowskiT_SQLSaturday409_MaintenancePlansForBeginnersKoprowskiT_SQLSaturday409_MaintenancePlansForBeginners
KoprowskiT_SQLSaturday409_MaintenancePlansForBeginners
 
KoprowskiT_SPBizConf_2AMaDisasterJustBegan
KoprowskiT_SPBizConf_2AMaDisasterJustBeganKoprowskiT_SPBizConf_2AMaDisasterJustBegan
KoprowskiT_SPBizConf_2AMaDisasterJustBegan
 
KoprowskiT_InfoTRAMS_TrustThePrimer
KoprowskiT_InfoTRAMS_TrustThePrimerKoprowskiT_InfoTRAMS_TrustThePrimer
KoprowskiT_InfoTRAMS_TrustThePrimer
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
KoprowskiT_ESRM_TrustThePrimer
KoprowskiT_ESRM_TrustThePrimerKoprowskiT_ESRM_TrustThePrimer
KoprowskiT_ESRM_TrustThePrimer
 
KoprowskiT_ECCV_Trust.ThePrimer
KoprowskiT_ECCV_Trust.ThePrimerKoprowskiT_ECCV_Trust.ThePrimer
KoprowskiT_ECCV_Trust.ThePrimer
 
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
 
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginnersKoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
 
KoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#5_Newcastle_FromPlanToBackupToCloud
 
KoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginners
KoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginnersKoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginners
KoprowskiT_SQLRelay2014#4_Caerdydd_MaintenancePlansForBeginners
 

Último

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 

Último (20)

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 

KoprowskiT-Difinify2017-SQL_Security_In_The_Cloud

  • 1. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 SQL Security in The Cloud Tobiasz Janusz Koprowski Data Platform MVP Shadowland Consulting
  • 2. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 Thanks to our sponsors Exhibitors Gold Sponsors
  • 3. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz AGENDA 1 | Security in a Nutshell 2 | SQL Server Security Best Practices 3 | SQL Server 2014 Security Enhacement 4 | SQL Server 2016 Security Enhacement 5 | SQL Server Security in The Cloud 6 | Summary Appendix
  • 4. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
  • 5. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
  • 6. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 1 | Security In A Nutshell
  • 7. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Security? What is this? • Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. • As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 (Open Source Security Testing Methodology Manual), security provides "a form of protection where a separation is created between the assets and the threat." These separations are generically called "controls," and sometimes include changes to the asset or the threat.
  • 8. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Categorizing Security - part 1 {IT REALM} • Application security | http://bit.ly/18u8J6p • Computing security | http://bit.ly/1ARdRLd • Data security | http://bit.ly/185wfph • Information security | http://bit.ly/1ARe0ya • Network security | http://bit.ly/1C443R8
  • 9. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Categorizing Security - part 2 {PHYSICAL REALM} • Airport security | http://bit.ly/1LPZcCZ • Food security | http://bit.ly/1MYnii6 • Home security | http://bit.ly/1Gz3VI1 • Infrastructure security | http://bit.ly/1Bm8LIF • Physical security | http://bit.ly/1Gz3VI1 • Port security | http://bit.ly/1ARewMH • Supply chain security | http://bit.ly/1Ex7ob7 • School security | http://bit.ly/17Dl735 • Shopping center security | http://bit.ly/1EUb1FV
  • 10. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Categorizing Security - part 3 {POLITICAL REALM} • Homeland security | http://bit.ly/1AAwZhE • Human security | http://bit.ly/1DhojtU • International security | http://bit.ly/1MYoyli • National security | http://bit.ly/1FEnldu • Public security | http://bit.ly/1wqpX9P
  • 11. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Categorizing Security - part 4 {SQL SERVER REALM} Application security Computing security Data security Information security Network security Home security Infrastructure security Physical security National security Public security
  • 12. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 2 | SQL Server Security Best Practices
  • 13. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz SQL Server Security Best Practices • Efficiency and security have an inverse relationship to one another. • You can have high efficiency or high security, but not both. Example: `Small Bank Company` tend to favor efficiency over security: • Cost limitations. This is the first and obvious reason. Community banks are fighting a constant battle to remain competitive. Implementing security in systems adds costs - there is no way around it. • Risk. It's not always a conscious decision for a bank to improve efficiency by sacrificing security. Sometimes there's a lack of understanding of the risks associated with the systems we deploy. • Personnel limitations. The many-hats syndrome runs rampant in smaller community banks. • Regulatory emphasis. The current regulatory environment stresses controls as they relate to policy and procedures.
  • 14. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz authentication • SQL Server supports: • Windows Authentication Mode which supports • Kerberos • NTLM (Windows NT Lan Manager) • Mixed Mode Authentication which supports • Windows Accounts • SQL Server specific accounts SECURITY BEST PRACTICES Best Practice: use Windows Authentication mode unless legacy application require Mixed Authentication for backward compability
  • 15. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz secure sysadmin account • sysadmin account (sa) is most vulnerable account when it’s not changed • potential SQL Server attackers, hackers aware of this SECURITY BEST PRACTICES Best Practice: change name of sysadmin account after installation SSMS>Object Explorer>Logins>Rename (right click) / T-SQL
  • 16. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz use complex password SECURITY BEST PRACTICES Best Practice: ensure that complex password are used for sa and other sql-server-specific logins. Think about ENFORCE EXPIRATION & MUST_CHANGE for any new SQL login
  • 17. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz use specific logins Best Practice: use different accounts for different sql-server oriented services Component Windows Server 2008 Windows 7 and Windows Server 2008 R2 and higher Recommended accounts Database Engine NETWORK SERVICE Virtual Account SQL_Engine SQL Server Agent NETWORK SERVICE Virtual Account SQL_Agent SSAS NETWORK SERVICE Virtual Account SQL_srvAS SSIS NETWORK SERVICE Virtual Account SQL_srvIS SSRS NETWORK SERVICE Virtual Account SQL_srvRS SQL Server Distributed Replay Controller NETWORK SERVICE Virtual Account SQL_DRContro SQL Server Distributed Replay Client NETWORK SERVICE Virtual Account SQL_DRReplay FD Launcher (Full-text Search) LOCAL SERVICE Virtual Account SQL Server Browser LOCAL SERVICE LOCAL SERVICE SQL Server VSS Writer LOCAL SYSTEM LOCAL SYSTEM SECURITY BEST PRACTICES
  • 18. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz sysadmin membership • Member of sysadmin fixed-server role can do whatever they want on SQL Server • by default sysadmin fixed-server role has CONTROL SERVER permission granted explicity • do not explicitly grant CONTROL SERVER for Windows logins, Windows Group logins and SQL logins SECURITY BEST PRACTICES Best Practice: carefully choose the membership of sysadmin fixed-server
  • 19. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz general administration • everything (almost always) works under sa account especially with CONTROL SERVER permission • institute dedicated Windows logins for DBAs, and assign these logins sysadmin rights on SQL Server for administration purposes. SECURITY BEST PRACTICES Best Practice: use built-in fixed server roles and database roles or create your custom roles, then apply for specific logins
  • 20. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz revoke guest access • by default guest accounts exist in every user and system databases • is a potential security risk in lock down environment • those accounts could be targets for attackers • asssign public server role membership if you will need explicit access to user databases SECURITY BEST PRACTICES Best Practice: disable all gueast user access from all user and system databases (excluding msdb database)
  • 21. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz limit public permission • SQL Server has many Stored Procedures and many of them have public access permission: • OLE AUTOMATION: sp_OACreate, sp_OAGetProperty, sp_OAStop, sp_OAMethod, sp_OAGerErrorInfo, sp_OADestroy, sp_OASetProperty • REGISTRY ACCESS: xp_regremovemultistring, xp_regaddmultistring, xp_regread, xp_regdeletekey, xp_regdeletevalue, xp_regwrite • OTHER ROUTINES: sp_sdidebug, xp_logevent, sp_sprintf, xp_dsninfo, xp_msver, sp_sscanf, xp_stopmail, xp_grantlogin, xp_eventlog, xp_dirtree SECURITY BEST PRACTICES Best Practice: revoke public role access for some extended procedures and check other store procedures
  • 22. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz hardening sql server ports • default sql server port 1433/1434 is well known as standard target for hackers • by using SQL Server Configuration Manager you: • can change default port • can use specific TCP port intead of dynamic • remeber about similar TCP/UDP ports (1433, 1434) SECURITY BEST PRACTICES Best Practice: change default SQL Server port if it’s possible
  • 23. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz disable sql server browser • by default SQL Server Browser is disabled • tt’s necessary to run when multiple instances are running on a single server • any Windows user having the following rights would be capable to run the SQL Server Browser service: • deny access to this computer from the network / deny logon locally / deny logon as a batch job • Deny logon through Terminal Services / log on as a service / read and write the SQL Server registry keys related to network communication (ports and pipes) SECURITY BEST PRACTICES Best Practice: change default SQL Server port if it’s possible
  • 24. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz secure service accounts • different service accounts for different services • dedicated low-privileges domain accounts • check membership on a regular basis • use strong and different passwords for each account SECURITY BEST PRACTICES Best Practice: create good plan and make note about service accounts and passwords
  • 25. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
  • 26. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 3 | SQL Server 2014 Security Enhacements
  • 27. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz transparent data encryption • first introduced with SQL Server 2008 (!) • protecting data by performing I/O encryption and decryption for database and log files • passphrase (less secure), • asymmetric key (strong protection, poor performance), • symmetric key (good performance, strong enough protection), • certificate (strong protection, good performance) • New functionality for backup: • takes non-encrypted backup data • encrypt data before writing to disk • compression is performed on the backup data first • then encryption is applied to compressed data • support for backup to Azure SQL14 SECURITY ENHACEMENTS
  • 28. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz encryption key management • Encryption options include: • encryption algorithm • certificate or asymmetric key • only asymmetric key reside in EKM (Enterprise Key Management) is supported • multiple algorithm up to AES-256 are supported • manageable by PowerShell, SMO, SSMS, T-SQL • VERY IMPORTANT: • asymmetric key or certificate MUST be backed up • location MUST be different than backup location • No RESTORE without asymmetric key or certificate SQL14 SECURITY ENHACEMENTS
  • 29. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz connect any database new server-level permission grant CONNECT ANY DATABASE to a login that must connect to all databases currently exist and any new in future does not grant any permission in any database beyond connect to allow an auditing process to view all data or all database states CONNECT ANY DATABASE may be combined with: SELECT ALL USER SECURABLES VIEW SERVER STATE SQL14 SECURITY ENHACEMENTS
  • 30. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz impersonate any login new server-level permission when granted IMPERSONATE ANY LOGIN allows a middle-tier process to impersonate the account of clients connecting to it when denied IMPERSONATE ANY LOGIN a high privileged login can be blocked from impersonating other logins example: CONTROL SERVER permission can be blocked from impersonating other logins SQL14 SECURITY ENHACEMENTS
  • 31. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz select all user securables new server-level permission when granted SELECT ALL USER SECURABLES a login (for example for auditing purposes) can view data in all databases that the user can connect to SQL14 SECURITY ENHACEMENTS
  • 32. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz SQL Server Express Security • by default: • instance name: SQLExpress • networking protocol: disabled • sql server browser: disabled • user (local) instances: • separated instance generated from parent instance • sysadmin privileges on SQL Express on local machine • runs as user process not as service process • only windows logins are supported • RANU instance (run as normal user)
  • 34. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 4 | SQL Server 2016 Security Enhacements
  • 35. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz row-level security • Restricting access to financial data based on an employee's region and role • Ensuring that tenants of a multi-tenant application can only access their own rows of data • Enabling different analysts to report on different subsets of data based on their position SQL16 SECURITY ENHACEMENTS
  • 36. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz row-level security • A hospital can create a security policy that allows nurses to view data rows for their own patients only. • A bank can create a policy to restrict access to rows of financial data based on the employee's business division, or based on the employee's role within the company. • A multi-tenant application can create a policy to enforce a logical separation of each tenant's data rows from every other tenant's rows. Efficiencies are achieved by the storage of data for many tenants in a single table. Of course, each tenant can see only its data rows. SQL16 SECURITY ENHACEMENTS
  • 37. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz dynamic data masking • Default {Full masking according to the data types of the designated fields} • Use XXXX or fewer Xs if the size of the field is less than 4 characters for string data types (nchar, ntext, nvarchar). • Use a zero value for numeric data types (bigint, bit, decimal, int, money, numeric, smallint, smallmoney, tinyint, float, real). • Use 01-01-1900 for date/time data types (date, datetime2, datetime, datetimeoffset, smalldatetime, time). • For SQL variant, the default value of the current type is used. • For XML the document is used. • Use an empty value for special data types (timestamp table, hierarchyid, GUID, binary, image, varbinary spatial types). SQL16 SECURITY ENHACEMENTS
  • 38. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz dynamic data masking • Credit card {Masking method which exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of a credit card}. example: XXXX-XXXX-XXXX-1234 • Social security number {Masking method which exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of an American social security number.} example: XXX-XX-1234 • Email {Masking method which exposes the first letter and replaces the domain with XXX.com using a constant string prefix in the form of an email address}. example: aXX@XXXX.com • Random number {Masking method which generates a random number according to the selected boundaries and actual data types. If the designated boundaries are equal, then the masking function will be a constant number}. • Custom text {Masking method which exposes the first and last characters and adds a custom padding string in the middle. If the original string is shorter than the exposed prefix and suffix, only the padding string will be used. example: prefix[padding]suffix SQL16 SECURITY ENHACEMENTS
  • 39. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz always encrypted • The new version of SQL Server include an additional layer of security that keeps: valuable personal data such as: • Social Security numbers • private healthcare data • credit card information protected even when the data is being used SQL16 SECURITY ENHACEMENTS
  • 40. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
  • 41. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 5 | SQL Server Security IN THE CLOUD
  • 42. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Cloud Security Microsoft Cloud Security Approach in a Nutshell • Principles, patterns, and practices • Security engineering • Threats and countermeasures • Secure the network, host, and application • Application scenarios and solutions • Security frame • People, process, and technology • Application, infrastructure, and business http://bit.ly/1zmeYi2
  • 43. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Security Requirements for Azure Platform
  • 44. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
  • 45. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Security Requirements for Azure Platform ISO/IEC 27001:2005 Audit and Certification ISO Scope: The following Azure features are in scope for the current ISO audit: Cloud Services (including Fabric and RDFE), Storage (Tables, Blobs, Queues), Virtual Machines (including with SQL Server), Virtual Network, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Workflow, Multi-Factor Authentication, Active Directory, Right Management Service, SQL Database, and HDInsight. This includes the Information Security Management System (ISMS) for Azure, encompassing infrastructure, development, operations, and support for these features. Also included are Power BI for Office 365 and Power Query Service. SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations Scope: The following Azure features are in scope for the current SOC 1 Type 2 and SOC 2 Type 2 attestations: Cloud Services (includes stateless Web, and Worker roles), Storage (Tables, Blobs, Queues), Virtual Machines (includes persistent virtual machines for use with supported operating systems) and Virtual Network (includes Traffic Manager).
  • 46. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Security Requirements for Azure Platform And of course requirements for Data Centers: • Physical security of the data centers (locks, cameras, biometric devices, card readers, alarms) • Firewalls, application gateways and IDS to protect the network • Access Control Lists (ACLs) applied to virtual local area networks (VLANs) and applications • Authentication and authorization of persons or processes that request access to data • Hardening of the servers and operating system instances • Redundant internal and external DNS infrastructure with restricted write access • Securing of virtual machine objects • Securing of static and dynamic storage containers
  • 47. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz
  • 48. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 6 | SUMMARY
  • 49. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz SQL Server Security in the Cloud • Same security principals like SQL Server on premise • Full responsibility for DBA with Virtual Machine • Partial responsibility for DBA with Azure SQL Database • Automatic updates for Azure SQL Database • New functionality implemented by Microsoft • Some incompabilities with t-sql, functions, store procedures • Increased security by default on Azure platform
  • 50. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz SQL Server in Cloud: WASD vs VM Choose Azure SQL Database, if: • You are building brand new, cloud-based applications; or you want to migrate your existing SQL Server database to Azure and your database is not using one of the unsupported functionalities in Azure SQL Database. For more information, see Azure SQL Database Transact-SQL Reference. This approach provides the benefits of a fully managed cloud service and ensures the fast time-to-market. • You want to have Microsoft perform common management operations on your databases and require stronger availability SLAs for databases. This approach can minimize the administration costs and at the same time provides a guaranteed availability for the database. Choose SQL Server in Azure VM, if: • You have existing on-premises applications and wish to stop maintaining your own hardware or you consider hybrid solutions. This approach lets you get access to high database capacity faster and also connects your on-premises applications to the cloud via a secure tunnel. • You have existing IT resources, need full administrative rights over SQL Server, and require the full compatibility with on- premises SQL Server (for example, some features do not exist in Azure SQL Database). This approach lets you minimize costs for development or modifications of existing applications with the flexibility to run most applications. In addition, it provides full control on the VM, operating system, and database configuration.
  • 51. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Three Pillars of a Secure Hybrid Cloud Environment • Pillar One: risk assessment and management • A definition of the risks that apply to various asset(s), based on their business criticality. • An assessment of the current status of each risk before it’s moved to the cloud. Using this information, each risk can be accepted, mitigated, transferred or avoided. • An assessment of the risk profile of each asset, assuming it has been moved to the cloud. • Pillar Two: policy and compliance • Cloud providers need to understand that simply listing compliance certifications isn’t sufficient. In line with the mantra of transparency explored in the previous point, providers should take a proactive stance to sharing their security implementations and controls. Dimension Data often assists clients by providing them with a list of questions that we believe they should be posing to cloud providers as part of the evaluation process, to ensure they’re covering all the bases.’
  • 52. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Three Pillars of a Secure Hybrid Cloud Environment Pillar Three: provider transparency • Governance: the ability of an organisation to govern and measure enterprise risk introduced by cloud. • Legal issues: regulations, and requirements to protect the privacy of data, and the security of information and computer systems. • Compliance and audit: maintaining and proving compliance when using the cloud. • Information management and data security: managing cloud data, and responsibility for data confidentiality, integrity and availability. • Portability and interoperability: the ability to move data or services from one provider to another, or bring them back in-house. • Business continuity and disaster recovery: operational processes and procedures for business continuity and disaster recovery.
  • 53. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Three Pillars of a Secure Hybrid Cloud Environment Pillar Three: provider transparency • Data centre: evaluating any elements of a provider’s data centre architecture and operations that could be detrimental to ongoing services. • Incident response, notification and remediation: adequate incydent detection, response, notification, and remediation. • Application security: securing application software running on or developed in the cloud. • Encryption and key management: identifying proper encryption usage and scalable key management. • Identity and access management: assessing an organisation’s readiness to conduct cloud-based identity, entitlement, and access management. • Virtualisation: risks associated with multi-tenancy, virtual machine isolation and co- residence, hypervisor vulnerabilities, etc.
  • 54. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Recommendations (SharePoint Example) • Create a new role for an Information Manager who owns information governance across environments • Train and educate all stakeholders about risk and liability • Assess the appropriateness of using SharePoint versus other document management tools • Define information governance policies for access, retention, archival, and backup • Automate risk controls • Audit user and data activities • Resources: • Microsoft TechNet • Microsoft MSDN • Legal Sources for Compliance Requirements
  • 55. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz links • ISECOM (the Institute for Security and Open Methodologies) • http://www.isecom.org/about-us.html • OSSTMM (Open Source Security Testing Methodology Manual) • http://www.isecom.org/research/osstmm.html • Library of Resources for Industrial Control System Cyber Security • https://scadahacker.com/library/index.html • patterns & practices: Cloud Security Approach in a Nutshell • https://technet.microsoft.com/en-us/ff742848.aspx • Microsoft Azure Trust Center: Security • http://azure.microsoft.com/en-us/support/trust-center/security/ • 10 Things to know about Azure Security • https://technet.microsoft.com/en-us/cloud/gg663906.aspx • Security Best Practice and Label Security Whitepapers • http://blogs.msdn.com/b/sqlsecurity/archive/2012/03/07/security-best-practice-and-label-security- whitepapers.aspx
  • 56. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz links • Hello Secure World • http://www.microsoft.com/click/hellosecureworld/default.mspx • SQL Server Label Security Toolkit • http://sqlserverlst.codeplex.com/ SQL Server Best Practices Analyzer • Microsoft Baseline Configuration Analyzer 2.0 • http://www.microsoft.com/en-us/download/details.aspx?id=16475 • SQL Server 2005 Best Practices Analyzer (August 2008) • http://www.microsoft.com/en-us/download/details.aspx?id=23864 • Microsoft® SQL Server® 2008 R2 Best Practices Analyzer • http://www.microsoft.com/en-us/download/details.aspx?id=15289 • Microsoft® SQL Server® 2012 Best Practices Analyzer • http://www.microsoft.com/en-us/download/details.aspx?id=29302
  • 57. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz links• Microsoft Security Assessment Tool • http://www.microsoft.com/downloads/details.aspx?FamilyID=6D79DF9C-C6D1-4E8F-8000- 0BE72B430212&displaylang=en • Microsoft Application Verifier • http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b- 2619bd93b3a2&DisplayLang=en • Microsoft Threat Analysis & Modelling Tool • http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1- 944703479451&DisplayLang=en • How To: Protect From SQL Injection in ASP.NET • http://msdn2.microsoft.com/en-us/library/ms998271.aspx • Securing Your Database Server • http://msdn.microsoft.com/en-us/library/aa302434.aspx
  • 58. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz links • Threats and Countermeasures • http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch00.mspx • Configure Windows Service Accounts and Permissions • https://msdn.microsoft.com/en-us/library/ms143504.aspx#Network_Service • Select an Account for the SQL Server Agent Service • https://msdn.microsoft.com/en-us/library/ms191543.aspx • Server Configuration - Service Accounts • https://msdn.microsoft.com/en-us/library/cc281953.aspx
  • 59. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz azure resources: security • Azure Security: Technical Insights • Security Best Practices for Developing Azure Solutions • Protecting Data in Azure • Azure Network Security • Microsoft Antimalware for Azure Cloud Services and Virtual Machines • Microsoft Enterprise Cloud Red Teaming • Microsoft Azure Security and Audit Log Management • Security Management in Microsoft Azure • Crypto Services and Data Security in Azure
  • 60. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz azure resources: security & privacy • Business Continuity for Azure • Understanding Security Account Management in Azure • Azure Data Security: Cleansing and Leakage • Scenarios and Solutions Using Azure Active Directory Access Control • Securing and Authenticating a Service Bus Connection • Azure Privacy Overview (PDF) • Azure Privacy Statement • Law Enforcement Request Report • Protecting Data and Privacy in the Cloud
  • 61. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz azure resources: compliance & more • Response to Cloud Security Alliance Cloud Controls Matrix (DOC) • Azure HIPAA Implementation Guidance (PDF) • Azure Customer PCI Guide (PDF) • The Microsoft Approach to Cloud Transparency (PDF) • Microsoft Trustworthy Computing • Operational Security for Online Services Overview (PDF) • Data Classification for Cloud Readiness • CISO Perspectives on Data Classification (PDF) • An Introduction to Designing Reliable Cloud Services (PDF) • Deploying Highly Available and Secure Cloud Solutions (PDF)
  • 62. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz azure resources RESOURCE DESCRIPTION MSDN: Azure SQL Database MSDN: SQL Server in Azure Virtual Machines Azure.com: Azure SQL Database Links to the library documentation. Azure SQL Database and SQL Server -- Performance and Scalability Compared and Contrasted This article explains performance differences and troubleshooting techniques when using Azure SQL Database and SQL Server running on-premises or in a VM. Application Patterns and Development Strategies for SQL Server in Azure Virtual Machines This article discusses the most common application patterns that apply to SQL Server in Azure VMs and also hybrid scenarios including Azure SQL Database. Microsoft Enterprise Library Transient Fault Handling Application Block This library lets developers make their applications running on Azure SQL Database more resilient by adding robust transient fault handling logic. Transient faults are errors that occur because of some temporary condition such as network connectivity issues or service unavailability. Since Azure SQL Database is a multitenant service, it is important to handle such errors to minimize any application downtime.
  • 63. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz credits • Yes, 123456 is the most common password, but here’s why that’s misleading http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats- misleading/ • CIO’s are Listening, Security is Important… https://communities.intel.com/community/itpeernetwork/blog/2014/05/20/cio-s-are-listening-security-is- important
  • 64. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz after session CONTACT: • MAIL: KoprowskiT@windowslive.com • SOCIAL MEDIA: facebook, twitter, linkedin, xing, yammer, slack, github SLIDES FROM SESSION: • SlideShare Profile: http://www.slideshare.net/Anorak • Difinity Conference Site BLOGS: • ITPRO Anorak’s Vision: http://itblogs.pl/notbeautifulanymore/ • My MVP Blog: http://koprowskit.eu/geek/
  • 65. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 Please fill the evaluation form https://goo.gl/forms/cokWOkZsqBYwwulD2
  • 66. http://difinity.co.nz#Difinity 7th – 9th Feb 2017 http://difinity.co.nz Thanks to our sponsors Exhibitors Gold Sponsors