29th - 31st March 2012

Novotel London West, London

Platinum Sponsor
RSS
Login or Join
Skip Navigation Links
Skip Navigation Links
Home
Content
Speakers
SQLBits X
Register
Agenda
Booking & Pricing
Training Day
Friday
Submit a Session
Sessions
Speakers
FAQ
Travel & Accommodation
Platinum Sponsor
Sponsorship
Gold Sponsors
Exhibitors
News
Previous Events
SQLBits Query across the mersey
SQLBits Beside the seaside
SQLBits 7 Wonders of SQL
SQLBits The 6th Sets (VI)
SQLBits goes West (V)
SQLBits goes Forth (IV)
SQLBits Cubed (III)
SQLBits II The SQL
SQLBits I
About
About SQLBits
Who's Who
Privacy
Ts&Cs
Contact
Community

Copyright © 2012 SQLBits. All Rights Reserved.

Telerik

Orcsweb

Setting Up and Managing a Secure and Compliant SQL Server

This day-long session covers all aspects of SQL Server security and compliance, using my security best practices whitepaper series as a substrate. The purpose is not only to allow you to appreciate planning a security strategy, but also to enumerate and show example of proper implementation. Topics include service accounts, authentication and authorization, special principals, encryption, and auditing. I'll cover relevant changes in SQL Server 2012 as well as 2008 and 2005 when applicable.

A hot topic of study in today’s IT shops is compliance with regulations such as PCI-DSS, the Data Protection Act, HIPAA, and SOX. To comply with these regulations and ensure secure data, a secure server, and secure backups, SQL Server 2005-2012 includes new facilities the assist in crafting a set
of data center-wide policies and ensuring that all instances of SQL Server are in compliance.

This seminar consolidates information about setting up and using SQL Server securely for database administrators and application programmers. I'll start by looking at SQL Server Service Account choices and how to reduce the attackable surface area.  I'll look at the built-in server
roles and database roles and how to assign logins, users, roles to best effect.

Security improvements and new features are pervasive in SQL Server. These features
implement the details and infrastructure of the trusted computing initiative and principle of least privilege. We'll move on from there to discuss the new security features of SQL Server 2005-2012 and how to manage them; from key infrastructure, storage, and management to encryption to multiple SQL Agent proxies to code signing and alternate execution context for procedural code.

I’ll look into SQL Server security facilities including built-in granular auditing, transparent data encryption
(including encrypted backups), extensible key management, and show how they assist in compliance. These features can be used in conjunction with Policy-Based Management to ensure a consistent security policy throughout the organization.

Submitted by Bob Beauchemin for SQLBits X - The UK SQL Server 2012 Technical Launch - Find Out More
Tags (no tags)
  • Downloads
  • SpeakerBIO
    BobB_Thumb.jpg

    Bob Beauchemin

    Bob Beauchemin is a database-centric application practitioner and architect, instructor, course author, writer, and Developer Skills Partner for SQLskills. Over the past few years he's been writing and teaching his SQL Server 2005-2012 courses to students worldwide through the Ascend program, the Metro (SQL Server 2008 Jumpstart) program, and other database developer-centric classes. He is lead author of the books "A Developer's Guide to SQL Server 2005" and "A First Look at SQL Server 2005 For Developers", author of "Essential ADO.NET" and has written articles on SQL Server and other databases, database security, ADO.NET, and OLE DB for MSDN, SQL Server Magazine, and others.
    http://www.sqlskills.com/blogs/bobb http://www.sqlskills.com/BLOGS/BOBB/syndication.axd
  • Video
  • Session Files Explorer
    •  Setting_Up_and_Managing_a_Secure_and_Compliant_SQL_Server
    2