Too often security issues can be the Achilles’ heel of an otherwise well-rounded DBA. Even simple practices can be detrimental when overlooked. This presentation covers six security staples to help prevent points of vulnerability and costly liabilities.
2. 2 Global MarketingUnderstanding Query Execution Plans
It was a day like any other…
Until a hacked system administrator password led
to a system lockdown.
It’s not an uncommon story.
Since the server was online – six physical business
locations were negatively affected while the IT
team scrambled to right the ship.
3. 3 Global MarketingUnderstanding Query Execution Plans
It was a day like any other…
Too often security issues can be the Achilles’ heel
of an otherwise well-rounded DBA.
Even simple practices can be detrimental when
overlooked.
4. 4 Global MarketingUnderstanding Query Execution Plans
The basics
1. As illustrated by the above anecdote, don’t give
out your system administrator password.
2. Another basic network security staple is
choosing the right kind of authentication
(Windows vs. SQL login).
• Windows authentication is more highly recommended for
an internal network.
• A database logged into a local Windows machine can use
Windows authentication, which will automatically enforce a
certain level of good practice.
3. Smartly using your system’s role-based access
capabilities is another common-sense
safeguard that is too often overlooked.
5. 5 Global MarketingUnderstanding Query Execution Plans
Points of vulnerability
4. SQL Injection Attack – When SQL syntax is
being transferred between a web or Windows
app and a database, a hacker can inject code
into the app’s text box, manipulating the
application to drop or delete needed tables.
• This is one area where a bit of coding ability (and the
willingness to proactively communicate with your
developer) makes a more well-rounded DBA.
• At the DBA level, you can set DDL (data definition language)
triggers in the database so that when an injection attempts
to create, drop or delete a table, the trigger prevents it.
• Establishing stored procedures on your database—so that
non-stored procedures are eliminated—is another
safeguard against SQL injection.
6. 6 Global MarketingUnderstanding Query Execution Plans
Points of vulnerability
5. Backups are another area of vulnerability –
What kind of encryption are you using for
database backups, and are they protected with
a keyword so that wayward backup files would
be harder for a bad actor to decrypt and open?
• Unforced errors are part of database backup pitfall.
– Let’s say the database has been running great for the last few
months, but an event dictates that you have to recover data.
– If you haven’t tested your backups to see if they were
properly configured and now you have three months’ worth
of broken or corrupted data, you have just ―hacked‖ yourself.
7. 7 Global MarketingUnderstanding Query Execution Plans
Points of vulnerability
6. Not every threat is virtual – How many times
have you seen a completely unlocked server
room or unlocked server racks?
• If that room is in your workplace, you know what to do,
today.
– We have seen one company where that room was right
behind the reception desk.
• Absorbed by performance issues or the daily routine, some
IT teams fail to imagine that somebody could walk right into
one of their server rooms, unplug a box, and walk right out
the front door.
8. 8 Global MarketingUnderstanding Query Execution Plans
Costly liabilities
A lot of costly security liabilities can be avoided by
adding just a few common-sense, basic practices
to your DBA routine.
So in the event that your database or equipment
becomes a target, you don’t have to explain why
you didn’t protect your company’s or client’s data
from the most basic and obvious threats.
9. Learn More
Click to view Dell’s webinar Building a Bulletproof
Security Strategy for SQL Server, part of our expert
series on protecting your SQL Server installation.