SQL Server R2 Security topic (i): Security principles

Original: SQL Server R2 Security Topic (i): Security principles

This series is mainly focused on SQL Server 2005 after the DBMS, because I work with the R2, so now for the R2 to explain:

On the principle of protecting SQL Server security:

• Principle of least privilege

• CIA Triangle

• Deep protection

First, the principle of least privilege:

Grant only the minimum permissions that are required.

The simplest solution is to make the user an intrinsic database role: The db_datareader member, then create a SELECT permission to create a database role, and only authorize the tables that the user needs to access, making the user a member of the new role. Remote connections are not enabled on some machines.

Ii. CIA triangle: confidentiality, completeness, availability

Confidentiality: Unauthorized persons or the use of unauthorized methods do not have access to data.

Integrity: Unauthorized people or unauthorized methods cannot modify the data.

Availability: Authorized people can use the data at any time .

The above three kinds of characteristics are indispensable, and to maintain a reasonable balance state. Which side is too tight, will lead to imbalance.

Third, in-depth protection:

Build multiple layers of protection to avoid receiving attacks.

• External routers outside the perimeter.
• Perimeter of the firewall.
• PC comes with a personal firewall.
• Anti-virus software running on your PC.
• Patch management methods and development software.

Guarantee this 5-layer defense. Can reduce the chance of being attacked. If there is a disaster, then the PC will be the victim of the attack.

SQL Server R2 Security topic (i): Security principles