MCITP Administrator: Microsoft SQL Server 2005 Optimization and Maintenance (Exam 70-444) Study Guide

Microsoft Exam Objectives Covered in this Chapter:

• Optimize a database control strategy to meet business requirements.

  • Verify that database change control procedures are being followed.

  • Identify all database objects related to a particular deployment.

• Perform a security audit of the existing security infrastructure based on the security plan.

  • Analyze the physical server security.

  • Compare the existing security infrastructure to business and regulatory requirements.

  • Identify variations from the security design.

• Prepare for and respond to threats and attacks.

  • Prepare for and respond to SQL Server injection attacks.

  • Prepare for and respond to denial-of-service attacks that are specific to SQL Server.

  • Prepare for and respond to virus and worm attacks that are specific to SQL Server.

  • Prepare for and respond to internal attacks that are specific to SQL Server.

For a DBA, it is useful to be able to set up a database server, configure it for an application, tune queries, and ensure an efficiently operating environment; however, without implementing strong security measures, it can result in loss of data, financial penalties, or even the end of your company. Security is a critical part of any environment these days, with our extremely connected world where computers on one side of the world can easily reach your servers in any other part of the world.

Today’s DBA needs to maintain vigilant security, even with firewalls and other network access controls, because of the wide variety of attacks that seem to circumvent this line of defense. SQL injection, cross-site scripting, and other unknown future attacks require that your security model encompasses every part of your systems. In addition, you must prepare for internal attacks, even inadvertent ones such as deploying unsafe code on your servers.

In this chapter, we will discuss how you can maintain security on your servers. We will cover both server-level and user-level security strategies for ensuring that only authorized users can access your databases and only authorized changes are allowed.