Bài giảng Cơ sở dữ liệu nâng cao Chapter 3 Managing security

Bài giảng Cơ sở dữ liệu nâng cao Chapter 3 Managing security. Những chủ đề được thảo luận trong chương này gồm có Users, users vs. login, SQL server security, SQL server authentication, securable objects in SQL Server, The fixed serverlevel role,...

CHAPTER 2

Managing Security

• Users are database-level principals and are

created to access resources within a database.

• User and Log-in names should match

• Users can be added to any one or more of the available database roles.

Users vs Login

• Logins:

• Be created at the instance level

• Can be mapped to a Windows user account, a domain account, a Windows group, a domain group,

• Provide a user access to the SQL Server instance.

• access to one or more databases

• Do not provide access to the objects contained within the database

• Permissions to access database objects are at the database user level.

SQL Server security

• A user passes through 2 stages of security in SQL Server

• Authentication – validates that a user can connect to a SQL Server instance (Login)

• Authorization – permissions validation; controls the activities the user is allowed to perform in the SQL Server database (User)

SQL Server authentication

• Windows Authentication

• Windows performs the authentication

• SQL Server trusts that authentication and provides access to the Windows accounts as configured

• Windows user and group accounts can be mapped to SQL Server

SQL Server authentication

• SQL Server specific logins:

• Windows user account is not required

• Password is passed across the network for authentication

• Password is encrypted automatically

• The primary advantage of this authentication scheme:

• SQL Server can authenticate any login no matter how they may have authenticated to the Windows network

• This option is typically less secure because it gives access to one who has the SQL Server password, without regard to his or her Windows identity

any-SQL Server authentication

• Adding a new login

• Create new user in Windows

• Once the users exist in the Windows user list or the Windows domain, SQL Server can recognize them.

• Add a new login to SQL Server

• Use SSMS

• Use T-SQL command

SQL Server authentication

• Use SSMS

SQL Server authentication

• Adding a New Login

• Use T-SQL command:

CREATE LOGIN [name] {WITH <options> | FROM <source>}

• Options: contain many options The most important one is the

PASSWORD option (The other possible options are

DEFAULT_DATABASE, DEFAULT_LANGUAGE, and

CHECK_EXPIRATION.)

• Source:

• WINDOWS: the login will be mapped to an existing Windows user account

• CERTIFICATE: the name of the certificate to be associated with this login.

• ASYMMETRIC KEY: the name of the asymmetric key to be associated with this login

CREATE LOGIN Bob from Windows;

• Remove an existing login: use the DROP LOGIN statement

Ex: DROP LOGIN [AughtEight\Bob];

• Schemas are collections of database objects

such as tables, views, and procedures.

• Permissions can be granted to individual

schemas within a database, providing a powerful way to manage permissions.

• It is not necessary to grant access to each object within a schema when granting permission to the schema.

• Principal are logins allow you to connect to SQL Server There are effectively three types of logins or server

principals

• Windows domain login

• Windows local login

• SQL Server login

• Windows-level principals

• Windows Domain Login

• Windows local login

• Windows group

• SQL Server-level principals

• SQL Server login

• SQL Server login mapped to a Windows login

• SQL Server login mapped to a certificate

• SQL Server login mapped to an asymmetric key

• Database-level principals

• Database user

• Database user mapped to SQL Server login

• Database user mapped to a Windows login

• Database user mapped to a certificate

• Database user mapped to an asymmetric key

• Database role

• Application role

• Public role

Securable objects in SQL Server

• Server

• Database

• Schema

• SQL server provides two roles

• Fixed server-level:

• have a serverwide scope

• Used for administration tasks

• Database-level roles:

• have a database-level scope

• custom database-level roles can be created

• Used for admin and security

• Include the public

The fixed server-level role

• sysadmin – Perform any activity in the server

• The BUILTIN\Administrators group and the local administrator’s are sysadmin

• serveradmin – Change server-wide configuration options and shut down the server

• securityadmin – Manage logins and their properties They will be able

to reset passwords for SQL Server logins and GRANT, DENY, and Revoke permissions

• processadmin – End processes running in an instance of SQL Server

• setupadmin – Add and remove linked servers

• bulkadmin – Run the BULK INSERT statement

• diskadmin – Manage disk files

• dbcreator – CREATE, ALTER, DROP, and restore any database

The fixed server-level role

sp_addsrvrolemember

[ @loginame = ] ‘login’,

[ @rolename = ] ‘role’

Ex: EXEC sp_addsrvrolemember ‘XPS\Lauren’, ‘sysadmin’

• sp_dropsrvrolemember to remove a login from a fixed server

role

Ex: EXEC sp_dropsrvrolemember ‘XPS\Lauren’, ‘sysadmin’

• sp_helpsrvrole: Get a list of the fixed server roles

role

The fixed database-level roles

• db_owner – Can drop the database as well as permission to perform all

configuration and maintenance tasks.

• db_security_admin – Can modify role membership and manage

• db_backupoperator – Can back up the database.

• db_ddladmin – Can run any Data Definition Language command.

• db_datawriter – Can add, delete, or change data in all user tables.

• db_datareader – Can read all data from all user tables.

• db_denydatawriter – Will deny permission in the database to add, modify, or delete any data in the user tables.

• db_denydatareader – Will deny permission in the database to read any data

in the user tables.

The fixed database-level roles

• Setting Up Database User Accounts:

CREATE USER [LoginName] FOR LOGIN [LoginName

Ex:

USE master;

CREATE LOGIN [AughtEight\Bob] FROM WINDOWS;

USE AdventureWorks2008;

CREATE USER BillyBob FOR LOGIN [AughtEight\Bob]

WITH DEFAULT_SCHEMA = sales;

The fixed database-level role

sp_addrolemember

[ @rolename = ] ‘role’,

[ @loginame = ] ‘login’,

Ex: sp_addrolemember ‘db_datareader’, ‘Carol’;

• sp_dropsrvrolemember to remove a login from a fixed server

role

Ex: sp_droprolemember ‘db_datareader’, ‘Carol’;

Principal of least privilege

• Do not grant more permissions than necessary

• Be familiar with what each specific permission

enables a user to accomplish.

• Inadvertently elevated permissions can pose a significant security risk ˛

• Grant gives a right right to perform an action

• Deny explicitly denies a right

• Revoke removes an existing grant or deny

• Permissions are applied to the objects (tables, views, stored procs, etc.) in the database

Permission – action on server

SQL Server Encryption

• A well-designed encryption method: encrypts data using symmetric keys, and encrypts the symmetric keys using asymmetric keys

• A certificate is technically an asymmetric key, but there is

a standard, X.509, that defines the format for a certificate

SQL Server Encryption

• Setting Up an Encryption Methodology

1 First, create a fresh database called EncryptionExample

CREATE DATABASE [EncryptionExample]

2 Create a login named LowPrivLogin with a password “pw”

CREATE LOGIN LowPrivLogin WITH PASSWORD = ‘pw’

3 Next, grant the login access to the EncryptionExample database.USE EncryptionExample

CREATE USER LowPrivLogin FOR LOGIN LowPrivLogin

SQL Server Encryption

• Setting Up an Encryption Methodology

4 Create a table in the dbo schema that you’ll use throughout this example The table will hold fake credit card information Note: the credit card number is stored as a variable binary column because this column is used to store encrypted data

CREATE TABLE dbo.CustomerCreditCards

(CustomerID INT PRIMARY KEY,

CardNumber varbinary(256))

SQL Server Encryption

• Setting Up an Encryption Methodology

5 Create a master key for the database:

CREATE MASTER KEY ENCRYPTION BY PASSWORD =

‘EncryptionExampleMasterKey08$’

6 Next, protect other keys with a certificate

CREATE CERTIFICATE [CertSymmetricKey]

WITH SUBJECT = ‘User defined subject This key will protect the secret data.’

SQL Server Encryption

• Setting Up an Encryption Methodology

7 With the certificate now created, create a symmetric key

CREATE SYMMETRIC KEY [SecretSymmetricKey]

WITH ALGORITHM = TRIPLE_DES AES_128 Fine too

ENCRYPTION BY CERTIFICATE [CertSymmetricKey]

SQL Server Encryption

• Setting Up an Encryption Methodology

7 With the certificate now created, create a symmetric key

CREATE SYMMETRIC KEY [SecretSymmetricKey]

WITH ALGORITHM = TRIPLE_DES AES_128 Fine too

ENCRYPTION BY CERTIFICATE [CertSymmetricKey]

SQL Server Encryption

• Encrypting the Data

1 First, use the symmetric key that was created earlier by issuing the OPEN SYMMETRIC KEY syntax This key will remain open until your session expires or you issue the CLOSE statement:OPEN SYMMETRIC KEY [SecretSymmetricKey]

DECRYPTION BY CERTIFICATE [CertSymmetricKey]

SQL Server Encryption

2 Encrypt data

DECLARE @Key_Guid AS UNIQUEIDENTIFIER

SET @Key_Guid = key_guid( ‘SecretSymmetricKey’)

IF( @Key_Guid is not null )

BEGIN

INSERT INTO dbo.CustomerCreditCards

VALUES ( 1, encryptbykey( @Key_Guid, N‘4111-1234-1234-5678’)) INSERT INTO dbo.CustomerCreditCards

VALUES ( 2, encryptbykey( @Key_Guid, N‘4111-9876-7543-2100’)) END

ELSE

BEGIN

PRINT ‘Error retrieving key GUID’

END

SQL Server Encryption

• Encrypting the Data

2 SELECT * FROM dbo.CustomerCreditCards

• To close the key, use the CLOSE syntax, naming the key that

you wish to close:

• CLOSE SYMMETRIC KEY SecretSymmetricKey

SQL Server Audit

• Server Audit can track and log events that occur at the

server level or the database level.

• An Audit object is a collection of one more individual

actions or a group of actions to be tracked For

instance, you can configure an Audit object to track all failed logins

• An Audit object can be created via either Management

Studio or T-SQL.

SQL Server Audit

• After creating Audit, the next step is to create the

appropriate Audit Specifications

• An Audit Specification tells an Audit object what to

track.