Linked e-resources
Details
Table of Contents
Intro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Part I: Database Security; Chapter 1: Threat Analysis and Compliance; Threat Modeling; Understanding Threat Modeling; Identifying Assets; Creating an Architecture Overview; Creating the Infrastructure Components; Identifying the Technology Stack; Creating a Security Profile; Identifying Threats; Understanding STRIDE; Using STRIDE; Rating Threats; Understanding Threat Rating Methodologies; Understanding DREAD Methodology; Using DREAD Methodology; Creating Countermeasures.
Compliance ConsiderationsIntroducing SOX for SQL Server; Introducing GDPR For SQL Server; Summary; Chapter 2: SQL Server Security Model; Security Principal Hierarchy; Instance Level Security; Logins; Creating a Login; Migrating Logins Between Instances; Server Roles; Credentials; Database-Level Security; Users; Users With a Login; Users Without a Login; Database Roles; Summary; Chapter 3: SQL Server Audit; Understanding SQL Server Audit; SQL Server Audit Actions and Action Groups; Implementing SQL Server Audit; Creating a Server Audit; Create a Server Audit Specification.
Create a Database Audit SpecificationCreating Custom Audit Events; Creating the Server Audit and Database Audit Specification; Raising the Event; Summary; Chapter 4: Data-Level Security; Schemas; Ownership Chaining; Impersonation; Row-Level Security; Security Predicates; Security Policies; Implementing RLS; Dynamic Data Masking; Summary; Chapter 5: Encryption in SQL Server; Generic Encryption Concepts; Defense in Depth; Symmetric Keys; Asymmetric Keys; Certificates; Self-Signed Certificates; Windows Data Protection API; SQL Server Encryption Concepts; Master Keys; EKM and Key Stores.
SQL Server Encryption HierarchyEncrypting Data; Encrypting Data With a Password or Passphrase; Encrypting Data with Keys and Certificates; Transparent Data Encryption; Considerations for TDE With Other Technologies; Implementing TDE; Administering TDE; Backing Up the Certificate; Migrating an Encrypted Database; Always Encrypted; Implementing Always Encrypted; Always Encrypted Limitations; Summary; Chapter 6: Security Metadata; Security Principal Metadata; Finding a User's Effective Permissions; Securable Metadata; Code Signing; Permissions Against a Specific Table; Audit Metadata.
Encryption MetadataAlways Encrypted Metadata; TDE Metadata; Credentials Metadata; Securing Metadata; Risks of Metadata Visibility; Summary; Chapter 7: Implementing Service Accounts for Security; Service Account Types; Virtual Accounts; Managed Service Accounts; SQL Server Services; How Service Accounts Can Become Compromised; Designing a Pragmatic Service Account Strategy; Summary; Chapter 8: Protecting Credentials; Protecting the sa Account; DBA Steps to Mitigate the Risks; Disabling the sa Account; Renaming the sa Account; Ensuring Reputability; Enforcing Constant Password Changes.
Compliance ConsiderationsIntroducing SOX for SQL Server; Introducing GDPR For SQL Server; Summary; Chapter 2: SQL Server Security Model; Security Principal Hierarchy; Instance Level Security; Logins; Creating a Login; Migrating Logins Between Instances; Server Roles; Credentials; Database-Level Security; Users; Users With a Login; Users Without a Login; Database Roles; Summary; Chapter 3: SQL Server Audit; Understanding SQL Server Audit; SQL Server Audit Actions and Action Groups; Implementing SQL Server Audit; Creating a Server Audit; Create a Server Audit Specification.
Create a Database Audit SpecificationCreating Custom Audit Events; Creating the Server Audit and Database Audit Specification; Raising the Event; Summary; Chapter 4: Data-Level Security; Schemas; Ownership Chaining; Impersonation; Row-Level Security; Security Predicates; Security Policies; Implementing RLS; Dynamic Data Masking; Summary; Chapter 5: Encryption in SQL Server; Generic Encryption Concepts; Defense in Depth; Symmetric Keys; Asymmetric Keys; Certificates; Self-Signed Certificates; Windows Data Protection API; SQL Server Encryption Concepts; Master Keys; EKM and Key Stores.
SQL Server Encryption HierarchyEncrypting Data; Encrypting Data With a Password or Passphrase; Encrypting Data with Keys and Certificates; Transparent Data Encryption; Considerations for TDE With Other Technologies; Implementing TDE; Administering TDE; Backing Up the Certificate; Migrating an Encrypted Database; Always Encrypted; Implementing Always Encrypted; Always Encrypted Limitations; Summary; Chapter 6: Security Metadata; Security Principal Metadata; Finding a User's Effective Permissions; Securable Metadata; Code Signing; Permissions Against a Specific Table; Audit Metadata.
Encryption MetadataAlways Encrypted Metadata; TDE Metadata; Credentials Metadata; Securing Metadata; Risks of Metadata Visibility; Summary; Chapter 7: Implementing Service Accounts for Security; Service Account Types; Virtual Accounts; Managed Service Accounts; SQL Server Services; How Service Accounts Can Become Compromised; Designing a Pragmatic Service Account Strategy; Summary; Chapter 8: Protecting Credentials; Protecting the sa Account; DBA Steps to Mitigate the Risks; Disabling the sa Account; Renaming the sa Account; Ensuring Reputability; Enforcing Constant Password Changes.