Security control Policy for Microsoft SQL Server

Introduction

The security of a database is defined as the protection of the database against data disclosure, alteration, or destruction caused by unlawful use. It is one of the main indexes of the database system whether the system safety protection measures are effective. The security of the database and the security of the computer system, including the operating system, the security of network systems are closely related and mutually supportive.

For database management, protecting data from internal and external violations is an important task. Microsoft SQL Server is increasingly being used both inside and outside of departments, and as SQL Server (SQL Server refers to Microsoft SQL Server, the same as the following) database system administrator needs an in-depth understanding of SQL The security control policy of the server to achieve the goal of managing security.

Figure 1 shows a schematic diagram of the SQL Server security control strategy. As the diagram shows, SQL Server's security Control policy is a collection of hierarchical systems. The next level can only be reached after the security requirements of the previous system are met.

Figure 1 SQL Server security Control Strategy sketch

Each layer of SQL Server Security Control strategy is implemented through the authentication of each layer security control system. Authentication is the process of confirming the user's account number and password when the user accesses the system. The content of authentication includes verifying that the user's account is valid, can access the system, what data is available to the system, and so on.

Authentication means the way the system confirms the user. The SQL Server system is based on the Windows nt/2000 operating system, and now the SQL Server system can be installed on Windows 95 (you need to install Winsock upgrade software), Windows 98, and Windows Me (at this point, There will be no first-and second-tier security controls, but the old SQL Servers system can only run on the Windows nt/2000 operating system. Windows nt/2000 has its own way of authenticating users, and users must provide their own user name and corresponding password to access the Windows nt/2000 system.

This allows SQL Server's security system to be implemented on any server in two ways: SQL Server and Windows, together with Windows only. Accessing Windows nt/2000 system users can access the SQL Server system depends on the settings of the SQL Server system authentication method.

1. User identification and verification

User identification and authentication are the outermost security measures provided by the system. The method is provided by the system to allow the user to mark their name or identity in a certain way. Each time the user requests to enter the system, by the system to check, through authentication before providing the right to use the machine.

The database management system also carries out user identification and authentication for users who have access to the computer to use the database.

There are many ways to identify and authenticate users, and in a system there are often multiple methods to achieve greater security. The common methods are:

Use a user name or user identification number to identify the user. The system records the identity of all legitimate users, the system verifies whether the user is legitimate, if, you can enter the next step of verification; if not, you cannot use the system.

To further verify the user, the system often requires the user to enter a password (Password). For the sake of confidentiality, the password entered by the user on the terminal does not appear on the screen. The system checks the password to authenticate the user.

User identification and authentication corresponds to the Windows nt/2000 login account and password and SQL Server user logon account and password in SQL Server.