SQL Server Security and Auditing
Course: SS8SEC
Duration: 2 Days
Level: II
On our website at:
http://www.verhoef-training.com/courses/SS8SEC.html
Course Summary
This course is intended for computer auditors and security specialists who need to understand the mechanisms employed to secure a SQL Server installation, and how to successfully audit user access and activity following best practices and guidelines. The coverage of SQL Server security is quite in-depth, and the remaining topics focus on the major tools and techniques utilised for auditing. Albeit that the content and delivery is based on SQL Server 2012, the material covered is widely applicable to securing and auditing SQL Server 2005, 2008 and 2008R2, naturally with the exception of some of the newer features such as Transparent Data Encryption, Contained Databases, User-defined Events etc. Besides excellent coverage of the theory and concepts, time is also devoted to hands-on activities to put into practice the topics introduced in each module.
Topics Covered In This Course
An Introduction to SQL Server
- Introduction to SQL Server Management Studio (SSMS)
- System Databases
- User Databases
- Database Objects
- Database and Log File Architecture
- Filegroups
- Configuring a Database
- Configuring a SQL Server System
- Feature Support Comparison in SQL Server
SQL Server Security
- Overview of SQL Server Security
- Service Account Security
- Configuring Network Protocols and Endpoints
- Configuring the SQL Server Surface Area
- Server Level Principals and Securables
- Database Level Principals and Securables
- Authorisation through Permissions
- Impersonation
- Enhancing Security with Keys and Certificates
- Signing Code Modules with Signatures
- Encrypting Data
- Transparent Data Encryption (TDE)
SQL Server Agent Security
- SQL Server Agent Service Account Security
- Managing SQL Server Agent Security
Auditing Techniques
- Using DML Triggers for Auditing
- Using DDL Triggers for Auditing
- Using SQL Server Profiler for Auditing
Dedicated SQL Server Auditing Tools
- SQL Server Audit Specifications
- C2 Auditing
Policy Based Management
- Evaluating and Enforcing Compliance with Policies
- The Central Management Server
Security and Auditing Best Practices and Guidelines
- Useful Scripts to Retrieve Security and Related Metadata
- Useful Guidelines to Implementing Best Practices and Compliance
- Other Considerations
What You Can Expect
Upon successful completion of this course, students will be able to.
- Understand the fundamental structure and architecture of SQL Server
- Work confidently in SQL Server Management Studio (SSMS)
- Understand the purpose of the system databases
- Understand SQL Server database architecture and objects
- Configure SQL Server security and audit related features
- Manage access to a SQL Server
- Understand and work with server principals and securables
- Understand and work with database principals and securables
- Implement permissions on securables
- Understand encryption options in SQL Server
- Secure code modules with signatures
- Implement Transparent Data Encryption (TDE)
- Understand SQL Server Agent Security
- Utilise DML Triggers for Auditing
- Utilise DDL Triggers for Auditing
- Utilise SQL Server Profiler for Auditing
- Use dedicated SQL Server auditing tools
- Implement Policy Based Management
- Retrieve security and audit related metadata
- Implement best practices for auditing and compliance
Recommended Prerequisites
It is recommended that before attending this course students possess the following.
- An understanding of working in a Microsoft Windows operating system environment
- An understanding of Relational Database Management Systems
- Some programming experience in the SQL language would be helpful but not essential
- Previous experience of auditing database systems would be helpful but not essential
Related Courses
| Code |
Course Title |
Duration |
Level |
|
SEC4T |
Security Awareness For Technologists |
2 Days |
I |
Details |
SECVE |
Securing the Virtual Environment |
3 Days |
I |
Details |
Every student attending a Verhoef Training class will receive
a certificate good for $100 toward their next public class taken
within a year.
You can also buy "Verhoef Vouchers" to get a discounted rate for a
single student in any of our public or web-based classes.
Contact your account manager or our sales office for details.
