sql server 2005 overview rafal lukawiecki strategic consultant project botticelli ltd...

Download SQL Server 2005 Overview Rafal Lukawiecki Strategic Consultant Project Botticelli Ltd rafal@projectbotticelli.co.uk This session is based on the results

Post on 19-Dec-2015

213 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • SQL Server 2005 Overview Rafal Lukawiecki Strategic Consultant Project Botticelli Ltd rafal@projectbotticelli.co.uk This session is based on the results of my close co-operation with my great friend Kimberly Tripp, as well as an article of Michelle Dumler on SQL Server new features. See summary for references.
  • Slide 2
  • 2 Objectives Introduce a selection of new features in Microsoft SQL Server 2005 Concentrate on how SQL Server 2005 Security
  • Slide 3
  • 3 Overview of New Features
  • Slide 4
  • 4 Introducing New Features Over 5 years of work means many new and interesting features. Lets group them: Manageability Availability Scalability Developer Productivity Security
  • Slide 5
  • 5 Manageability Management Studio One place for all SQL Server tasks Performance Monitoring and Tuning Less black magic needed, good self-tuning, but >70 new internal measures exposed for your use SQL Management Objects (SMOs) Programmatic administration of SQL through a new set of.NET objects
  • Slide 6
  • 6 Availability Failover clustering and mirroring Complementary solutions; mirroring likely to ship a little after SQL 2005 does Database snapshots Instant, read-only views that self-update Fast recovery While roll-backs are still completing Dedicated admin connection Even if regular access no longer possible
  • Slide 7
  • 7 Scalability Snapshot Isolation Transactionally consistent view up to last committed record for analysis (e.g. OLTP) purposes Replication Monitor Toolkit for automating complex replication Table and Index Partitioning Horizontal partitioning, especially for terabyte databases 64-bit Optimisation
  • Slide 8
  • 8 Developer Productivity:.NET CLR/.NET Framework support New languages available, with C# and VB the main likely development environments Can do things that were either extremely complex in T-SQL (e.g. RegEx), or quite unsafe (e.g. requiring extended stored procedures) Strong-typing with user-defined data structures Common development and debug environment Performance! Yes,.NET precompilation is pretty good
  • Slide 9
  • 9 Other Developer Goodies T-SQL Updates: Recursive queries, error handling, new feature support Business Intelligence Development Studio Based on Visual Studio, encompasses tasks for managing the database engine, reporting and analysis services
  • Slide 10
  • 10 Data Access and Web Services ADO.NET 2.0 Revamped, with support for notifications, multiple active result-sets (MARS) Query Notifications Notifications are sent from SQL if data that underlies results from a query changes Supported in ADO.NET, OLEDB, ODBC, ADO and SOAP Useful for remote cache updates for web apps Service Broker SQLs nod to Service Oriented Architectures (SOA), through asynchronous message routing as an application framework
  • Slide 11
  • 11 Security of SQL Server 2005
  • Slide 12
  • 12 Whose Fault was SQL Injection? OK. I have your attention. It was not you anyway, of course. Security for a database developer was a very rude wake-up call. I feel your pain. I can help you in this session.
  • Slide 13
  • 13 Defense in Depth Using a layered approach: Increases an attackers risk of detection Reduces an attackers probability of success Policies, Procedures, & Awareness OS hardening, SQL Server patching Firewalls, packet filters Guards, locks, tracking devices, HSM, tamper-evident labels SSL, IPSec, No problems Application hardening, authorization Permissions, encryption DBA education against social engineering Physical Security Perimeter Internal Network Host Application Data
  • Slide 14
  • 14 Authorization Model How things used to work? User-schema separation Granular permissions EXECUTE AS SQL Injection (Classic) SQL Injection (Future)
  • Slide 15
  • 15 Security through Encapsulation Granting access to a process or a method without direct access to base objects How? Grant access to the stored procedures, views and/or functions without granting access to the base object Requires The objects in the dependency chain cannot be broken (object ownership chaining) The user has to have direct base object access (which is what youre trying to avoid)
  • Slide 16
  • 16 Do NOT Give Base Object Access The SQL Server 2000 Way Only works when the object dependency chain is NOT broken Only works when the commands inside of the stored procedure are not built/executed dynamically dbo.Salesdbo.Sales UserUser dbo.DeleteASalesdbo.DeleteASales Granted execute access to procedure has NO direct permissions may even be DENIED permissions to Sales
  • Slide 17
  • 17 User-Schema Separation Database can contain multiple schemas Each schema has an owning principal user or role Each user has a default schema for name resolution Database objects live in schemas Object creation inside schema requires CREATE permission and ALTER or CONTROL permission on the schema Ownership chaining still based on owners not schemas Role1 Owns Has default schema Owns Owns Schema1Schema2 Schema3SP1 Fn1 Tab1Database User1 Approle1
  • Slide 18
  • 18 Do NOT Give Base Object Access The SQL Server 2005 Way Create a schema for example one which contains procedures (and possibly even base tables) and then GRANT EXECUTE at the schema level Add objects to appropriate schema Grant access to the schema or the individual objects if chaining is required, it is still based on the owner the owner of the schema
  • Slide 19
  • 19 What if Dynamic String Execution By default and for better security if the stored procedure has a statement which is built dynamically (using EXEC('string') or EXEC(@variable)) then the context under which the dynamically constructed string executes is ALWAYS the caller Which is what helps to prevent some forms of SQL Injection This is really a good thing BUT Can be limiting Enter: EXECUTE AS
  • Slide 20
  • 20 Module Execution Context Execute AS CALLER Default behavior, same as SQL Server 2000 Use when callers permission needs to be checked or when ownership chaining will suffice Execute AS 'UserName' Statements execute as the username specified Impersonate permission required on user specified Execute AS OWNER Statements execute as the current owner of the module Impersonate privileges on owner required, at setting time On ownership change, context is new owner Execute AS SELF Statements execute as the person specifying the execute as clause for the module even if the ownership changes May be useful in application scenarios where calling context may change
  • Slide 21
  • 21 EXECUTE AS Solves problems Allows permissions to be granted where never possible (e.g. granting truncate table) Wrap ANYTHING inside a stored procedure and set the context to run as someone who has permissions even dynamic string execution then give execute permission Creates potential for further SQL Injection What if youre code is not well tested and uses dynamically executed strings
  • Slide 22
  • 22 SQL Injection SQL statement(s) or clause(s) injected into an existing SQL command Injected string appended to application input Text boxes Query strings Manipulated values in HTML Why SQL injection works? Application accepts arbitrary user input Connection made in context of higher privileged account
  • Slide 23
  • 23 SQL Injection Mitigation Do not trust the users input! Look for valid input and reject everything else Regular expressions (regex) are your friend! Do not use string concatenation Use parameterized queries to build queries Restrict information in error messages Use a low-privileged account DO NOT use sa or sysadmin role member
  • Slide 24
  • 24 Code Signing A module can be signed with a certificate Separately, e.g. in another database, you can map signatures made by a specific certificate to a user Authorizing that mapped user allows you to provide cross-database permissions without the use of EXECUTE AS Trust is established between databases by exporting and importing the certificate This application is likely to be of more use in the future, as today it is not possible to export signed code outside of a database Esoteric applications exist, though: sophisticated trust control within a deep structure of ownership of database objects
  • Slide 25
  • 25 Data Protection Use of cryptography to protect the data layer from theft or manipulation Particularly important if offline data is in transit Important for regulatory reasons Prevent admin from access SarbOx Manipulation (integrity) protection uses digital signatures Not implemented for data in SQL Server 2005 Can overcome this with judicious use of encryption alone Implemented for code signing
  • Slide 26
  • 26 Check Your OS Verify what algorithms and key lengths are supported by your OS, as this depends on your CSP (Cryptographic Services Provider) Generate keys for all algorithms then look in the sys.symmetric_keys At present, there is no way to change the CSP XP SP2WS2003 DES56 (64) 3DES128 AES128-128 AES192-192 AES256-256 RC2128 RC440 RSA2048
  • Slide 27
  • 27 Before You Begin Your DBA must ensure that the server has a Service Master Key (SMK) that agrees with your disaster recovery strategy and a Database Master Key (DMK) has been created for each database that will use encryption See later for more detail ALTER SERVICE

Recommended

View more >