Suite 3808, Liwa Heights, Cluster W, Jumeirah Lake Towers, Dubai, UAE info@keygains-training.com +971 4 577 6810 +971 52 767 8506 08.00 – 18.00

Sunday – Saturday

E-MAIL : info@keygains-training.com

Follow Us

SQL Database

Objectives


Most modern business applications have a relational database behind them and many of those are on a SQL Server Platform. Vast collections of sensitive and confidential data are now held on database servers and if they are not secured adequately that data can be vulnerable to theft, corruption, or loss. Most organizations now put a very high value on their data and a very high priority in implementing a security policy. This course is aimed at both Database Auditors and Database Administrators who are responsible for implementing Security Policies. Delegates attending this course will learn about the underlying architecture of a SQL Server database deployment and will be alerted to the many vulnerabilities that can be exploited if a system is not adequately secured and audited. It is important for both auditors and administrators to be aware of security vulnerabilities and weaknesses so that they can work together to ensure their SQL Server systems are safe, secure, and running to their optimum performance. Delegates will learn about the audit process from the initial risk assessment phase to the construction of an audit plan and audit checklist.

  • Information Security Management Audit Program — For the review of processes associated with governance, policy, monitoring, incident management, and management of the information security function; the implementation of security configurations; and the selection and maintenance of security technologies
  • Network Perimeter Security Audit Program — For the review of network perimeter security, including associated policies, standards, and procedures and the effectiveness of the security implementation
  • Change Management Audit Program — For the review of the change management process and incident management

Target Audience

Course Modules

Introduction To Audit & Security

Audit & Security

  • Checklist-Based Auditing
  • Risk-Based Auditing
  • Audit Plan
  • CHECK LISTS
  • DISA Database STIG
  • NIST

The Big Picture

  • Access Control
  • Intrusion Prevention
  • Intrusion Detection
  • Secure Data Storage
  • Secure Data Access

Introduction To SQL Server

  • Security Considerations
  • Audit Considerations

SQL Server Basic Architecture

  • The Physical Database
  • The master Database
  • The msdb Database
  • The model database
  • The tempdb database
  • The Instance
  • Licensing
  • SQL Server Services
  • The File System Locations
  • The Registry Keys
  • Restricting Access to a SQL Server Instance
  • Restricting Access to Databases
  • Client Connectivity
  • Network Protocols
  • Encrypting Connections to SQL Server
  • Instance & Database Metadata
  • The Logical Database Architecture
  • Database Objects
  • Ownership
  • Schemas
  • Character Sets & Sort Orders

The Management Tools

  • Management Studio
  • Configuration Manager
  • Surface Area Configuration Manager
  • osql Utility
  • bcp Utility
  • sqlcmd Utility
  • Powershell
  • SQL SERVER LOGS
  • SQL SERVER SECURITY COMPLIANCE

SQL Server Configuration

  • Ad Hoc Distributed Queries
  • Agent XPs
  • clr enabled
  • Database Mail XPs
  • Replication XPs
  • SMO and DMO XPs
  • SQL Mail XPs
  • xp_cmdshell

Database Storage

  • Data Files
  • Primary Data File
  • Secondary Data File
  • Transaction Log File
  • Filegroups
  • Storage Fault Tolerance

Backup Devices, Backup Images, Importing, And Exporting Data

  • SQL Server Data Transformation Services (DTS)
  • Import/Export Wizard
  • DTS Packages
  • SQL Server Integration Service (SSIS)
  • Back-Ups and Restores
  • Backing Up A Database or Transaction Log
  • To Back Up A Database Or A Transaction Log
  • SQL Server 2000 Backup
  • SQL Server 2005 Backup
  • The BACKUP Statement
  • Restoring a database or Applying a Transaction log
  • Security Consideration for Backup & Restore

User Security, Login Accounts

  • SQL Server authentication
  • Windows authentication
  • Change The Authentication Mode
  • Default Login Accounts
  • Creating Login Accounts

Database User Accounts

  • Default Database User Accounts
  • Creating Database Users
  • The guest Account

Administrative Privileges

  • Server Roles
  • User-Defined Database Roles
  • Application Roles

SQL Server Permissions

  • Principals
  • Securable
  • Permissions
  • Server Scope Permissions
  • Database, Schema & Object Scope Permissions
  • Statement Level Permissions
  • Object Level Permissions

Assigning Privileges & Permissions

  • Statement Level Permissions
  • Object Level Permissions
  • GRANT, REVOKE & DENY Statements

Impersonation

  • User and Login Security Tokens
  • Understanding Impersonation
  • The AUTHENTICATE Permission
  • The TRUSTWORTHY Property
  • EXECUTE AS vs SET USER

SQL Server Encryption, Encryption Hierarchy

  • The Service Master Key
  • The Database Master Key
  • Asymmetric Keys
  • Certificates
  • Symmetric Keys
  • Transparent Database Encryption

Encryption & Decryption Functions, High Availability

  • Replication
  • Log Shipping
  • Database Mirroring, Clusters

Application Development

  • SQL Injection
  • Validate User Input
  • Module Signing
  • Module Signatures

Selecting The Trust Mechanism

  • Database Owner Approach
  • Signature Approach

SQL Server Auditing

  • Login Audit
  • SQL Profiler Traces
  • SQL Server Profiler Audit Example
  • SQL Trace
  • Triggers
  • DML Triggers
  • DDL Event Triggers
  • The EVENTDATA() Function
  • Event Groups & Events
  • Logon Triggers
  • Notification Service

SQL Server System Views & Stored Procedures

  • System Views
  • Built-In Stored Procedure Examples

SQL Server 2008 Audit

  • The Server Audit object
  • The Server Audit Specification
  • The Database Audit Specification

Policy-based Management

  • Policy Components
  • Facet Properties
  • Create & Managing Policies

Threats & Vulnerabilities

  • Process Threats And Vulnerabilities
  • Platform Threats And Vulnerabilities
  • Authentication Threats And Vulnerabilities

Get Download Brochure





    Program Schedules : Session Starts From

    9th July 2021

    Online Live

    23rd July 2021

    Classroom

    Certification (SQL Database)

    Most modern business applications have a relational database behind them and many of those are on a SQL Server Platform. Vast collections of sensitive and confidential data are now held on database servers and if they are not secured adequately that data can be vulnerable to theft, corruption, or loss. Most organizations now put a very high value on their data and a very high priority in implementing a security policy. This course is aimed at both Database Auditors and Database Administrators who are responsible for implementing Security Policies. Delegates attending this course will learn about the underlying architecture of a SQL Server database deployment and will be alerted to the many vulnerabilities that can be exploited if a system is not adequately secured and audited. It is important for both auditors and administrators to be aware of security vulnerabilities and weaknesses so that they can work together to ensure their SQL Server systems are safe, secure, and running to their optimum performance. Delegates will learn about the audit process from the initial risk assessment phase to the construction of an audit plan and audit checklist.

    Open chat
    Open chat