SQL Server Security and Auditing

Course:  SS8SEC
Duration:  2 Days
Level:  II
Course Summary

This course is intended for computer auditors and security specialists who need to understand the mechanisms employed to secure a SQL Server installation, and how to successfully audit user access and activity following best practices and guidelines. The coverage of SQL Server security is quite in-depth, and the remaining topics focus on the major tools and techniques utilised for auditing. Albeit that the content and delivery is based on SQL Server 2012, the material covered is widely applicable to securing and auditing SQL Server 2005, 2008 and 2008R2, naturally with the exception of some of the newer features such as Transparent Data Encryption, Contained Databases, User-defined Events etc. Besides excellent coverage of the theory and concepts, time is also devoted to hands-on activities to put into practice the topics introduced in each module.

« Hide The Details
Topics Covered In This Course

An Introduction to SQL Server

  • Introduction to SQL Server Management Studio (SSMS)
  • System Databases
  • User Databases
  • Database Objects
  • Database and Log File Architecture
  • Filegroups
  • Configuring a Database
  • Configuring a SQL Server System
  • Feature Support Comparison in SQL Server

SQL Server Security

  • Overview of SQL Server Security
  • Service Account Security
  • Configuring Network Protocols and Endpoints
  • Configuring the SQL Server Surface Area
  • Server Level Principals and Securables
  • Database Level Principals and Securables
  • Authorisation through Permissions
  • Impersonation
  • Enhancing Security with Keys and Certificates
  • Signing Code Modules with Signatures
  • Encrypting Data
  • Transparent Data Encryption (TDE)

SQL Server Agent Security

  • SQL Server Agent Service Account Security
  • Managing SQL Server Agent Security

Auditing Techniques

  • Using DML Triggers for Auditing
  • Using DDL Triggers for Auditing
  • Using SQL Server Profiler for Auditing

Dedicated SQL Server Auditing Tools

  • SQL Server Audit Specifications
  • C2 Auditing

Policy Based Management

  • Evaluating and Enforcing Compliance with Policies
  • The Central Management Server

Security and Auditing Best Practices and Guidelines

  • Useful Scripts to Retrieve Security and Related Metadata
  • Useful Guidelines to Implementing Best Practices and Compliance
  • Other Considerations
What You Can Expect

Upon successful completion of this course, students will be able to.

  • Understand the fundamental structure and architecture of SQL Server
  • Work confidently in SQL Server Management Studio (SSMS)
  • Understand the purpose of the system databases
  • Understand SQL Server database architecture and objects
  • Configure SQL Server security and audit related features
  • Manage access to a SQL Server
  • Understand and work with server principals and securables
  • Understand and work with database principals and securables
  • Implement permissions on securables
  • Understand encryption options in SQL Server
  • Secure code modules with signatures
  • Implement Transparent Data Encryption (TDE)
  • Understand SQL Server Agent Security
  • Utilise DML Triggers for Auditing
  • Utilise DDL Triggers for Auditing
  • Utilise SQL Server Profiler for Auditing
  • Use dedicated SQL Server auditing tools
  • Implement Policy Based Management
  • Retrieve security and audit related metadata
  • Implement best practices for auditing and compliance
Recommended Prerequisites

It is recommended that before attending this course students possess the following.

  • An understanding of working in a Microsoft Windows operating system environment
  • An understanding of Relational Database Management Systems
  • Some programming experience in the SQL language would be helpful but not essential
  • Previous experience of auditing database systems would be helpful but not essential
« Hide The Details
Related Courses
Code Course Title Duration Level
SEC4T
Security Awareness For Technologists
2 Days
I
Details
SECVE
Securing the Virtual Environment
3 Days
I
Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at info@verhoef.com