Database Reference
In-Depth Information
Implementing Security feature
enhancements
Any data platform or database that stores sensitive information needs a robust infrastructure
to control the data access in a secure manner. SQL Server 2008 R2 has inherited the
'secure-by-default' features (with several configurable features) in the areas such as platform
(Operating System), architecture (32-bit and 64-bit), database objects (data layer), and
application (connectivity).
In case the data is related to the financial services sector, then certain levels of criteria
certification are essential for the verification of extensive security to access the layers of
SQL Server, which is called Common Criteria Certification. The objective within Common
Criteria Certification covers the evaluation of Information Technology (IT) products to improve
security, availability, and efficiency. The various levels of security can be implemented on
authentication, access privileges, database permissions, and data encryption.
The security architecture internals are classified into authentication, validation, and rights
management. All of these internals are managed by three other internal objects that are
called as logical entities—Principals, Permissions, and Securable:
F
Principals: They are the key objects that grant permissions on a database user,
database role, or application role.
F
Permissions: They define the access rights for the Principal (or grantor) for DCL
operations.
F
Securable: A database user is a database-level securable contained within the
database that is its parent in the permission hierarchy. Principals that have
CONTROL
permission on a securable can grant permission on that Securable.
Further, the authentication levels on instance level database security can be managed by
using logical namespace which are schemas. SQL Server 2008 R2 has a new security feature
called Extended Protection (EP), which enhances the protection and handling of credentials
when authenticating the network connections using Integrate Windows Authentication
(IWA). This feature is introduced on Windows Server 2008 R2 and Windows 7 Operating
Systems. This feature is only supported by SQL Server 2008 R2 version onwards by the SQL
Server Native Client (SQLNCLI), but is not supported by the other SQL Server client providers.
The required action to implement this feature is to perform changes to the specific server
and client applications, which use IWA to ensure that they opt in to this new technology. Upon
installation, Extended Protection for Authentication (EPA) is controlled on the client through
the use of registry keys and on the server configuration it is specific to the application. In this
recipe, we will cover the elements of SQL Server security internals that will play an important
role in designing the security model for your SQL Server 2008 R2 installation and multiple
instance management.
Search WWH ::
Custom Search