http://www.sqlservercentral.com/Content tagged Security, Administering posted on SQLServerCentral.comen-us360sjones@sqlservercentral.com (Steve Jones)Part 3 of Steve Jones' series on beginning SQL Server from the perspective of a system administrator or someone not used to working with SQL Server. If you've been designated the new administrator, take a look at this series for some help in coming up to speed on this product. This article looks at logins and basic security. http://www.sqlservercentral.com/articles/Administering/beginningsqlserverloginsandusers/1460/2007/08/03http://www.sqlservercentral.com/articles/Administering/beginningsqlserverloginsandusers/1460/As yo probably know, Brian covers security topics for us and does a great job. This week he looks at the fixed roles and points out a few things you may not have thought about. http://www.sqlservercentral.com/articles/Administering/sqlserversecurityfixedroles/1163/2007/05/04http://www.sqlservercentral.com/articles/Administering/sqlserversecurityfixedroles/1163/SQL Server includes a great auditing tool: Profiler. It's not the easiest tool to use, however, and it's one that takes some getting used to. Our resident security export, Brian Kelley looks at a simple example of using this tool to audit logins. http://www.sqlservercentral.com/articles/Administering/auditingwithsqlprofiler/1461/2007/04/20http://www.sqlservercentral.com/articles/Administering/auditingwithsqlprofiler/1461/EFS provides a mechanism for encrypting files completely transparent to higher level applications such as SQL Server. In this article by Brian Kelley, he shows you how to implement this type of security in your environment. http://www.sqlservercentral.com/articles/Administering/implementing_efs/870/2006/12/01http://www.sqlservercentral.com/articles/Administering/implementing_efs/870/Service Pack 3 for SQL Server 2000 is huge. There are significant changes in it and they apply to all three products: the core SQL Server, MSDE, and Analysis Services. Because there are so many changes, this first article in the series will only focus on the security changes. http://www.sqlservercentral.com/articles/Service+Packs/sp3coresecurity/907/2005/12/09http://www.sqlservercentral.com/articles/Service+Packs/sp3coresecurity/907/In part one Chris Kempster covered a variety of security recommendations primarily for production systems. In Part two of this series he continues to explore security at a variety of levels where you may not realize you are vulnerable. http://www.sqlservercentral.com/articles/Administering/securitypart2/593/2005/11/04http://www.sqlservercentral.com/articles/Administering/securitypart2/593/Auditing, analyzing and documenting your SQL Server installation is becoming more important all the time, especially as more and more attention is being paid to the security of your environment. Chad Miller brings us a look at a framework and a sample document you can use in your environment to conduct an audit. http://www.sqlservercentral.com/articles/Administering/conductingasqlserveroperationalaudit/2079/2005/10/24http://www.sqlservercentral.com/articles/Administering/conductingasqlserveroperationalaudit/2079/Do you know the difference between a login and a user? What's the best way to add them; Enterprise Manager, T-SQL, or SQL-DMO? In this beginner level article Andy demonstrates how to use all three methods to add logins and users and offers his view of which is the best technique. http://www.sqlservercentral.com/articles/Administering/loginsusersandrolesgettingstarted/514/2005/09/30http://www.sqlservercentral.com/articles/Administering/loginsusersandrolesgettingstarted/514/As a DBA you do not need to know how to setup an Active Directory domain or a DNS server, but you still need to know how Kerberos, Service Principle Names, and hostnames are used to perform integrated authentication to a SQL Server. This article by new columnist Chad Miller shows you some of the more integral parts of troubleshooting running Windows Authentication security in a SQL Server environmnet. http://www.sqlservercentral.com/articles/Installation/cannotgeneratesspicontext/929/2005/08/19http://www.sqlservercentral.com/articles/Installation/cannotgeneratesspicontext/929/In this series of articles, Chris Kempster will discuss some of the finer aspects of SQL Server security and also touch on OS, physical and application security to open up this science for general discussion. http://www.sqlservercentral.com/articles/Administering/sql_server_security/578/2005/02/11http://www.sqlservercentral.com/articles/Administering/sql_server_security/578/Part 3 of Steve Jones' series on beginning SQL Server from the perspective of a system administrator or someone not used to working with SQL Server. If you've been designated the new administrator, take a look at this series for some help in coming up to speed on this product. This article looks at logins and basic security. http://www.sqlservercentral.com/articles/Administering/beginningsqlserverloginsandusers/1460/2007/08/03http://www.sqlservercentral.com/articles/Administering/beginningsqlserverloginsandusers/1460/SQL Server includes a great auditing tool: Profiler. It's not the easiest tool to use, however, and it's one that takes some getting used to. Our resident security export, Brian Kelley looks at a simple example of using this tool to audit logins. http://www.sqlservercentral.com/articles/Administering/auditingwithsqlprofiler/1461/2007/04/20http://www.sqlservercentral.com/articles/Administering/auditingwithsqlprofiler/1461/SQL Server Alerts provide a great way for the server to notify a DBA that some event has occurred, usually something bad that they need to fix. However alerts can also be used to drive business logic processes and enable some types of actions to be safely performed without requiring extraordinary rights by a user. Author Leo Peysakhovich brings us some ideas on how we can use alerts to implement business logic processing. http://www.sqlservercentral.com/articles/Administering/sqlserveralerts/1435/2004/08/10http://www.sqlservercentral.com/articles/Administering/sqlserveralerts/1435/When transferring a database to a new server, you are bound to experience a user problem. In this article by Neil Boyle, he shows you how to transfer passwords and accounts seamlessly to a new server. http://www.sqlservercentral.com/articles/Administering/fixingbrokenlogins/193/2004/07/05http://www.sqlservercentral.com/articles/Administering/fixingbrokenlogins/193/How many of you register a server in Enterprise Manager? Now how many of you click the "save password" box? Probably most of you. Are you aware of the security risks associated with this? James Travis looks at one of potential problems here and other security issues relating to SQL-DMO. http://www.sqlservercentral.com/articles/Administering/hiddendangers/1347/2004/05/04http://www.sqlservercentral.com/articles/Administering/hiddendangers/1347/As Jeff says, "There are lots of articles about how to do auditing, but there are few discussions about how to use the auditing results in a real time environment". Well, now we have one that shows you how to do it! http://www.sqlservercentral.com/articles/Administering/sqlserverauditingandnotification/1319/2004/03/29http://www.sqlservercentral.com/articles/Administering/sqlserverauditingandnotification/1319/We saw a note from Chad about a tool he wrote in the forums and asked him to write up some notes. Not only did we get notes, we got the source code! See what a DBA can do with some DMO. http://www.sqlservercentral.com/articles/Administering/dumpsqlpermissions/1314/2004/03/17http://www.sqlservercentral.com/articles/Administering/dumpsqlpermissions/1314/We've been trying to catch up on reviews lately, Hai was kind enough to give Entegra a try and report back on it. The basic concept is that it lets you do extensive auditing without having to add triggers. If you're trying to find an auditing solution, this is worth considering. http://www.sqlservercentral.com/articles/Administering/reviewoflumigententegra/1298/2004/02/27http://www.sqlservercentral.com/articles/Administering/reviewoflumigententegra/1298/In part one Chris Kempster covered a variety of security recommendations primarily for production systems. In Part two of this series he continues to explore security at a variety of levels where you may not realize you are vulnerable. http://www.sqlservercentral.com/articles/Administering/securitypart2/593/2005/11/04http://www.sqlservercentral.com/articles/Administering/securitypart2/593/As yo probably know, Brian covers security topics for us and does a great job. This week he looks at the fixed roles and points out a few things you may not have thought about. http://www.sqlservercentral.com/articles/Administering/sqlserversecurityfixedroles/1163/2007/05/04http://www.sqlservercentral.com/articles/Administering/sqlserversecurityfixedroles/1163/SP_addalias isn't a well known stored procedure to most DBA's - do you know what it does? In what situations you might use it? This short article gives very quick and clean answers to both of those questions. http://www.sqlservercentral.com/articles/Administering/usingsp_addalias/1131/2003/09/23http://www.sqlservercentral.com/articles/Administering/usingsp_addalias/1131/Andy returns to the Worst Practice series this week with a short article looking at how connection strings in applications affect what you see in sysprocesses. Perhaps less controversial (in our opinion) that some of the other worst practices, this is something easy to fix and definitely worth fixing! Read the article and post a comment - explore other points of view! Readers posting a comment will be entered in a drawing for a copy of the SQL Server 2000 Resource Kit. http://www.sqlservercentral.com/articles/Administering/worstpracticebadconnectionstringsandbadinfoinsyspr/802/2003/08/01http://www.sqlservercentral.com/articles/Administering/worstpracticebadconnectionstringsandbadinfoinsyspr/802/Service Pack 3 for SQL Server 2000 is huge. There are significant changes in it and they apply to all three products: the core SQL Server, MSDE, and Analysis Services. Because there are so many changes, this first article in the series will only focus on the security changes. http://www.sqlservercentral.com/articles/Service+Packs/sp3coresecurity/907/2005/12/09http://www.sqlservercentral.com/articles/Service+Packs/sp3coresecurity/907/A monster book at 980 pages, it's written in 'how-to' format and has a ton of good material. Andy gave it the once over for us and reports back - see what he thinks! http://www.sqlservercentral.com/articles/Installation/reviewofsql2000fastanswers/959/2003/04/18http://www.sqlservercentral.com/articles/Installation/reviewofsql2000fastanswers/959/As a DBA you do not need to know how to setup an Active Directory domain or a DNS server, but you still need to know how Kerberos, Service Principle Names, and hostnames are used to perform integrated authentication to a SQL Server. This article by new columnist Chad Miller shows you some of the more integral parts of troubleshooting running Windows Authentication security in a SQL Server environmnet. http://www.sqlservercentral.com/articles/Installation/cannotgeneratesspicontext/929/2005/08/19http://www.sqlservercentral.com/articles/Installation/cannotgeneratesspicontext/929/Do you know the difference between a login and a user? What's the best way to add them; Enterprise Manager, T-SQL, or SQL-DMO? In this beginner level article Andy demonstrates how to use all three methods to add logins and users and offers his view of which is the best technique. http://www.sqlservercentral.com/articles/Administering/loginsusersandrolesgettingstarted/514/2005/09/30http://www.sqlservercentral.com/articles/Administering/loginsusersandrolesgettingstarted/514/These sets of scripts will add minimum password enforcement when a login is created or its password changes.http://www.sqlservercentral.com/articles/Administering/916/2003/02/14http://www.sqlservercentral.com/articles/Administering/916/Last week the SQL Sapphire (or SQL Slammer) virus hit corporate networks throughout the Internet. Although damage has not been estimated yet, it is sure to be in the tens of millions of dollars. So who is to blame when a virus like this manhandles a corporate environment? http://www.sqlservercentral.com/articles/Administering/sapphireblame/909/2003/02/03http://www.sqlservercentral.com/articles/Administering/sapphireblame/909/As a new DBA, you will probably walk into an environment that is poorly documented and nobody has any idea of how many SQL Servers are on the network. In the first series of articles, Haidong Ji talks about how to audit logins in your SQL Server. http://www.sqlservercentral.com/articles/Administering/trace/872/2002/12/20http://www.sqlservercentral.com/articles/Administering/trace/872/Andy discusses reasons why he thinks setting the default database to anything other than master is a mistake. We think he does a good job of covering the pros and cons, read the article and join the discussion! http://www.sqlservercentral.com/articles/Administering/settingadefaultdatabaseforyourlogins/861/2002/12/11http://www.sqlservercentral.com/articles/Administering/settingadefaultdatabaseforyourlogins/861/