Security in SQL Server is often overlooked. Companies tend to concentrate on availability and performance, but a database system often stores virtually all of a company's valuable and confidential data. So what happens if this data is stolen? In this course, we will cover all areas you need to protect to effectively secure SQL Server. It means system and network protection, user authentication, permissions on the objects and data, and data encryption. We will also use some penetration testing frameworks to show you how attacks are performed against SQL Server through various types of exploits, including SQL injection. The course is focused on SQL Server 2012 and 2014, but most of the information applies to all versions from SQL Server 2005 onward.
Rudi Bruchez is a freelance consultant and trainer based in Paris, France. He has more than 15 years of experience with SQL Server and started to venture into NoSQL territories. As SGBD evolve into more complex solutions, he tries to make sure that people understand the fundamentals and implement their databases wisely.
Introduction to Security With SQL Server Welcome to this course about security and encryption in SQL Server 2012 and 2014. I am Rudi Bruchez, and I am recording this course for Pluralsight. This is module 1, Introduction to Security with SQL Server. In this module, we will answer the basic questions. First, why do we need security? This one sounds obvious, doesn't it, but nonetheless, it deserves a little bit of digging. After all, this is your data, it should be important for you, right? After that, we will discuss the aspects of security with SQL Server. Is it only a matter of ensuring authentication and setting permissions? Maybe not only that. So we will need to know what are the potential floors and bridges that could allow someone to see, modify or steal your data. Because, of course, with security you need to know where are all the doors that could let someone in. Then, as we will know what to do, we will look briefly at how we will do it during the rest of the course, what features of SQL Server we will use, and how we will do it at the Windows OS level. And, to better understand the next modules, we will have a quick look at how client connections are made to SQL Server, then we will have a pretty clear picture of how we will optimally secure SQL Server.
Roles and Permissions Welcome back to Security and Encryption in SQL Server 2012 and 2014. I am Rudi Bruchez and I am recording this course for Pluralsight. This is module 5, Roles and Permissions. We will talk here about the security principals named roles at the server and at the database level. Then we will cover extensively permissions, server-level permissions and database-level permissions. So let's talk first a bit about permissions. Permissions means what you will be able to do when you will be authenticated and connected. We have seen in the previous module what a security principal is. Security principals will receive permissions on objects. The permissions a principal has at the server level defines his administrative permissions, and the permissions at the database level gives him database administrative permissions and permissions on data. As we have seen, inside a database, a login is mapped to a user. When someone opens a session, the server-level permissions will be given to the login and when she or he enters the database the permissions will be given to the user.
Encryption Welcome back. I am Rudi Bruchez and I am recording this course for Pluralsight. This is module 7, Encryption. In this module, we will see what are the functionalities integrated into SQL Server since version 2005 to generate encryption keys and use them to encrypt data. We will use asymmetric and symmetric encryption for our needs, and finally we will look at hashing, in other words, non-reversible encryption, in order to safely store passwords for instance. So let's get started.