SQL Server Security By Mattias Lind So Qoo
SQL Server Security By Mattias Lind (@So. Qoo. L) 2015 -08 -20 For PASS Security VC
Mattias Lind Senior Microsoft Data Platform & Business Intelligence Architect @Sogeti mattias. lind@sogeti. se MVP on SQL Server Microsoft Certified Trainer blog. mssqlserver. se sqlguru. se @So. Qoo. L
Today’s Content • Authentication • SQL Server Logins & Windows Authentication • Server Roles • Database Users & Roles • Partial Contained Databases • NTLM vs. Kerberos
Authentication • Validate connection • Make sure right users consume • Server level • Database level
SQL Server Logins & Windows Authentication • SQL Server Login Name • Password • Exists in the local instance • Authenticated by SQL Server • Windows User or Group • Reference by SID • Exists in AD or SAM • Approved by SQL Server Connect To Server
Server Roles • Delegates specific administrative control of the server • Set of server fixed • Custom server roles
Database Users & Roles • Database Users approves access to a database • A SQL Server Login are tied to a User • Can be based on a Windows User or Group • Database Roles groups permissions and are associated to Users • A Role is not a group, it’s a Permission Set • Application Roles have a password and can elevate permissions for the session
Partial Contained Databases • Uses a Partial Contained Database User with a password • Inherits permission to connect to server, no need for a Login • Configurables are Server, Database, and Database User
NTLM vs. Kerberos • NTLM is “old school” vs. Kerberos as “new school” • Windows Server 2000 Active Directory Service Server Client SAM
NTLM vs. Kerberos Domain Service Server Client SAM
Thank You! @So. Qoo. L
- Slides: 11
