This two-day, instructor-led course will teach you how to design security for database systems using Microsoft SQL Server 2005. The course emphasizes thinking about the whole environment, which includes business needs, regulatory requirements, network systems, and database considerations during design. You will also learn how to monitor security and respond to threats.

This course incorporates materials from the Official Microsoft Learning Products (OMLP):

• 2787 - Designing Security for Microsoft SQL Server 2005

What You'll Learn

• Enables database administrators who work with enterprise environments to design security for database systems using Microsoft SQL Server 2005
• The whole environment, which includes business needs, regulatory requirements, network systems, and database considerations during design
• Monitor security and respond to threats

Who Needs to Attend

Database administrators who have three or more years of on-the-job experience administering SQL Server database solutions in an enterprise environment who want to learn how to design security for Microsoft SQL Server 2005

Prerequisites

• A minimum of three years of working experience developing SQL Server database solutions in an enterprise environment
• Have basic knowledge of security protocols and how they work
• Have basic knowledge of public key infrastructure (PKI) systems
• Have working knowledge of network architectures and technologies
• Have working knowledge of Active Directory directory service
• Be able to design a database to third normal form (3NF) and know the tradeoffs when backing out of the fully normalized design (denormalization) and designing for performance and business requirements in addition to being familiar with design models, such as Star and Snowflake schemas
• Have strong monitoring and troubleshooting skills
• Have experience creating Microsoft Office Visio drawings or have equivalent knowledge
• Have strong knowledge of the operating system and platform
• Have basic knowledge of application architecture
• Have knowledge about network security tools (e.g., sniffer and port scanning)
• Be able to use patch management systems
• Have knowledge of common attack methods
• Be familiar with SQL Server 2005 features, tools, and technologies
• Microsoft Certified Technology Specialist: Microsoft SQL Server 2005 credential, or equivalent experience

Follow-On Courses

There are no follow-ons for this course.

Course Outline

1. Overview and Introduction to SQL Systems Security

• Principles of Database Security
• Methodology for Designing a SQL Server Security Policy
• Monitoring SQL Server Security

2. Designing a SQL Server Systems Infrastructure Security Policy

• Integrating with Enterprise Authentication Systems
• Developing Windows Server-Level Security Policies
• Developing a Secure Communication Policy
• Defining SQL Server Security Monitoring Standards

3. Designing Security Policies for Instances and Databases

• Designing an Instance-Level Security Policy
• Designing a Database-Level Security Policy
• Designing an Object-Level Security Policy
• Defining Security Monitoring Standards for Instances and Databases

4. Integrating Data Encryption into a Database Security Design

• Securing Data by Using Encryption and Certificates
• Designing Data Encryption Policies
• Determining a Key Storage Method

5. Designing a Security Exceptions Policy

• Analyzing Business and Regulatory Requirements
• Determining the Exceptions and their Impact

6. Designing a Response Strategy for Threats and Attacks

• Designing a Response Policy for Virus and Worm Attacks
• Designing a Response Policy for Denial-of-Service Attacks
• Designing a Response Policy for Internal and SQL Injection Attacks

Labs

Lab 1A. Designing a SQL Server Systems Infrastructure Security Policy

• Developing Microsoft Windows Server-Level Security Policies
• Developing a Secure Communication Policy
• Integrating SQL Server Security Within the Active Directory Environment
• Integrating SQL Server Security With Firewall Configurations
• Discussing Systems Infrastructure Security Integration

Lab 1B. Creating an Infrastructure Security Inventory

• Auditing the SQL Server Logins
• Auditing the Windows Local Password Policy
• Auditing SQL Server Service Accounts
• Monitoring Security at the Enterprise and Server Levels

Lab 2A. Designing Security Policies for Instances and Databases

• Designing an Instance-Level Security Policy
• Designing a Database-Level Security Policy
• Designing an Object-Level Security Policy
• Discussing Database Security Exceptions

Lab 2B. Validating Security Policies for Instances and Databases

• Auditing Existing Server Logins
• Auditing SQL Server Roles Membership
• Analyzing Existing Object Permissions
• Monitoring Security at the Instance and Database Level

Lab 3. Integrating Data Encryption into a Database Security Design

• Selecting a Data Security Method
• Designing a Data Encryption Security Policy
• Selecting a Key Storage Method

Lab 4. Designing a Security Exceptions Policy

• Identifying Variations from the Security Policy
• Obtaining Approval of the Security Policy
• Discussing the Results of Policy Approval Presentations

Lab 5. Designing a Response Strategy for Threats and Attacks

• Designing a Response Policy for Virus and Worm Attacks
• Designing a Response Policy for Denial-of-Service Attacks
• Designing a Response Policy for Internal Attacks
• Validating a Security Policy