由于工作需要,最近研究这本书:《Microsoft SQL Server 2012 Security Cookbook》,为了总结及分享给有需要的人,所以把译文公布。预计每周最少3篇。如有兴趣可自行下载英文原版。本系列不保证完全一致。
免责声明:
请尊重原创,本系列文章为翻译,但是并不直译,会根据自己理解适当增删,而且截图也并不直接拿来用。任何人不得把译文用于商业用途。不得在转载过程中作为原创形式发布,否则本人将委托CSDN追究法律责任。
本文只列出目录,对应文章请点击标题链接,已写完的文章会有超链接,没超链接的代表未完成:
Chapter 1: Securing Your Server and Network
- Choosing an account for running SQL Server (选择SQL Server运行账号)
- Managing service SIDs (管理服务的SIDs)
- Using a managed service account (使用托管服务帐号)
- Using a virtual service account (使用虚拟服务帐号)
- Encrypting the session with SSL (使用SSL加密会话)
- Configuring a firewall for SQL Server access (为SQL Server访问配置防火墙)
- Disabling SQL Server Browser (禁用SQL Server Browser)
- Stopping unused services (停止未使用的服务)
- Using Kerberos for authentication (使用Kerberos用于身份验证)
- Using extended protection to prevent authentication relay attacks (使用扩展保护避免授权中继攻击)
- Using transparent database encryption (使用透明数据库加密)
- Securing linked server access (保护链接服务器)
- Configuring endpoint security (配置端点安全性)
- Limiting functionalities – xp_cmdshell and OPENROWSET (限制功能——xp_cmdshell 和OPENROWSET)
Chapter 2: User Authentication, Authorization, and Security
- Choosing between Windows and SQL authentication (选择Windows和SQL 身份验证)
- Creating logins (创建登录帐号)
- Protecting your server against brute-force attacks (保护服务器避免暴力攻击)
- Limiting administrative permissions of the SA account (限制sa帐号的管理权限)
- Using fixed server roles (使用固定服务器角色)
- Giving granular server privileges (服务器权限授予粒度)
- Creating and using user-defined server roles (创建和使用用户自定义服务器角色)
- Creating database users and mapping them to logins (创建映射到登录名的数据库用户)
- Preventing logins and users to see metadata (防止登录名和用户查看元数据)
- Creating a contained database (创建包含数据库)
- Correcting user to login mapping errors on restored databases (在已还原的数据库中修正登录映射错误)
Chapter 3: Protecting the Data
- Understanding permissions (理解权限)
- Assigning column-level permissions (分配列级权限)
- Creating and using database roles (创建和使用数据库角色)
- Creating and using application roles (创建和使用应用程序角色)
- Using schemas for security
- Managing object ownership
- Protecting data through views and stored procedures
- Configuring cross-database security
- Managing execution-plan visibility
- Using EXECUTE AS to change the user context
Chapter 4: Code and Data Encryption
- Using service and database master keys
- Creating and using symmetric encryption keys
- Creating and using asymmetric keys
- Creating and using certificates
- Encrypting data with symmetric keys
- Encrypting data with asymmetric keys and certificates
- Creating and storing hash values
- Signing your data
- Authenticating stored procedure by signature
- Using module signatures to replace cross-database ownership chaining
- Encrypting SQL code objects
Chapter 5: Fighting Attacks and Injection
- Defining Code Access Security for .NET modules
- Protecting SQL Server against Denial of Service
- Protecting SQL Server against SQL injection
- Securing dynamic SQL from injections
- Using a SQL firewall or Web Application Firewall
Chapter 6: Securing Tools and High Availability
- Choosing the right account for SQL Agent
- Allowing users to create and run their own SQL Agent jobs
- Creating SQL Agent proxies
- Setting up transport security for Service Broker
- Setting up dialog security for Service Broker
- Securing replication
- Securing SQL Server Database Mirroring and AlwaysOn
Chapter 7: Auditing
- Using the profiler to audit SQL Server access
- Using DML trigger for auditing data modification
- Using DDL triggers for auditing structure modification
- Configuring SQL Server auditing
- Auditing and tracing user-configurable events
- Configuring and using Common Criteria Compliance
- Using System Center Advisor to analyze your instances
- Using the SQL Server Best Practice Analyzer
- Using Policy Based Management
Chapter 8: Securing Business Intelligence
- Configuring Analysis Services access
- Managing Analysis Services HTTP client authentication
- Securing Analysis Services access to SQL Server
- Using Role-Based Security in Analysis Services
- Securing Reporting Services Server
- Managing permissions in Reporting Services with roles
- Defining access to data sources in reporting services
- Managing Integration Services password encryption
本系列文章属于《SQL Server扫盲系列》,转载请引用 http://blog.csdn.net/dba_huangzj/article/details/19118121