Robert Davis Database Engineer BlueMountain Capital Management Moderated By Ivan Sanders Redgate Software makes ingeniously simple software used by 650000 IT professionals who work with SQL Server NET and Oracle More than 100000 companies use Redgate products including 91 of the F ID: 578115
Download Presentation The PPT/PDF document "Securing SQL Server Processes with Certi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Securing SQL Server Processes with Certificates
Robert, Davis, Database Engineer, BlueMountain Capital ManagementModerated By: Ivan SandersSlide2Slide3
Redgate Software makes ingeniously simple software used by 650,000 IT professionals who work with SQL Server, .NET, and Oracle. More than 100,000 companies use Redgate products, including 91% of the Fortune 100. Redgate’s philosophy is to design highly usable, reliable tools which elegantly solve the problems that developers and DBAs face every day.
Empower users with new insights through familiar tools while balancing the need for IT to monitor and manage user created content. Deliver access to all data types across structured and unstructured sources.Slide4Slide5
PASS Security Virtual Chapter
Co-founder and co-leader of the PASS Security Virtual Chapter. If interested in speaking or volunteering for the Security VC, contact us at securityvc@sqlpass.org
Robert L DavisMCM/MCSM, MVP, DBA
SQL Server Certified Master, Data Platform MVP, and experienced DBA, evangelist, speaker, writer, and trainer. Currently works as a Database Engineer at
BlueMountain
Capital Management.
Blogger, writer
Check out my blog at
www.sqlsoldier.com
where I also have links to the many whitepapers I have written as well as articles for SQL Server Pro magazine.
facebook.com/robert.l.davis.75
twitter.com/
SQLSoldier
linkedin.com/in/
robertldavis
/Slide6
Securing SQL Server Processes with Certificates
Robert, Davis, Database Engineer, BlueMountain Capital ManagementSlide7
PASS Security Virtual Chapter
Co-founder and co-leader of the PASS Security Virtual Chapter. If interested in speaking or volunteering for the Security VC, contact us at securityvc@sqlpass.org
Robert L DavisMCM/MCSM, MVP, DBA
SQL Server Certified Master, Data Platform MVP, and experienced DBA, evangelist, speaker, writer, and trainer. Currently works as a Database Engineer at
BlueMountain
Capital Management.
Blogger, writer
Check out my blog at
www.sqlsoldier.com
where I also have links to the many whitepapers I have written as well as articles for SQL Server Pro magazine.
facebook.com/robert.l.davis.75
twitter.com/
SQLSoldier
linkedin.com/in/
robertldavis
/Slide8
Securing SQL Server Processes with CertificatesSlide9
Securing SQL Server Processes with CertificatesSlide10
Securing SQL Server Processes with CertificatesSlide11
Securing SQL Server Processes with CertificatesSlide12
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesSlide13
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATESlide14
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificatesSlide15
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificates
BACKUP CERTIFICATESlide16
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificates
BACKUP CERTIFICATE
Restoring
certificatesSlide17
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificates
BACKUP CERTIFICATE
Restoring certificates
CREATE CERTIFICATESlide18
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificates
BACKUP CERTIFICATE
Restoring certificates
CREATE CERTIFICATE … FROM FILESlide19
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificates
BACKUP CERTIFICATE
Restoring certificates
CREATE CERTIFICATE … FROM FILE
Store securelySlide20
Securing SQL Server Processes with Certificates
Managing Certificates
Creating certificatesCREATE CERTIFICATE
Backing up certificates
BACKUP CERTIFICATE
Restoring certificates
CREATE CERTIFICATE … FROM FILE
Store securely
DemoSlide21
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates
Creating loginsSlide22
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates
Creating loginsCREATE LOGIN … FROM CERTIFICATESlide23
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates
Creating loginsCREATE LOGIN … FROM CERTIFICATE
Creating usersSlide24
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates
Creating loginsCREATE LOGIN … FROM CERTIFICATE
Creating users
CREATE USER … FOR/FROM CERTIFICATESlide25
Securing SQL Server Processes with Certificates
Creating Logins and Users Mapped to Certificates
Creating loginsCREATE LOGIN … FROM CERTIFICATE
Creating users
CREATE USER … FOR/FROM CERTIFICATE
DemoSlide26
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to userSlide27
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database optionsSlide28
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
Cross-database ownership chainingSlide29
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
Cross-database ownership chaining
TrustworthySlide30
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
Cross-database ownership chaining
Trustworthy
Signing the proceduresSlide31
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
Cross-database ownership chaining
Trustworthy
Signing the procedures
ADD SIGNATURE TO … BY CERTIFICATE … WITH PASSWORDSlide32
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
Cross-database ownership chaining
Trustworthy
Signing the procedures
ADD SIGNATURE TO … BY CERTIFICATE … WITH PASSWORD
Executes as certificate which is mapped to a user and/or loginSlide33
Securing SQL Server Processes with Certificates
Signing Stored Procedures
Grant permissions for a stored procedure without granting to user
Allows you to avoid common issues where you may otherwise be pressured to enable risky database options
Cross-database ownership chaining
Trustworthy
Signing the procedures
ADD SIGNATURE TO … BY CERTIFICATE … WITH PASSWORD
Executes as certificate which is mapped to a user and/or login
DemoSlide34
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes
Relies on everything we’ve learned so
farSlide35
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes
Relies on everything we’ve learned so
far
Can be used to execute signed procedure via Service BrokerSlide36
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes
Relies on everything we’ve learned so
far
Can be used to execute signed procedure via Service Broker
Can be used to grant rights to CLR assembliesSlide37
Securing SQL Server Processes with Certificates
Signing Stored Procedures for SQL Server Processes
Relies on everything we’ve learned so
far
Can be used to execute signed procedure via Service Broker
Can be used to grant rights to CLR assemblies
More work but more secureSlide38Slide39
Protecting Data Across the Environment
Brian KelleySlide40Slide41