Index
A
Always Encrypted
application’s code
architecture
column encryption key
column master key
implementation
Application.CreditCards table
column master key
column selection page
deterministic encryption
key store values
Master Key Configuration page
New Column Encryption Key dialog box
New Column Master Key dialog box
randomized encryption
Run Settings page
Windows Certificate Store
key store
limitations
privileged users
Amazon Key Management Services
Application programming interface (API)
Asymmetric keys
Audit Action Groups
audit level
database level
server level
Audit metadata
advantages, SQL Server Audit
storage
sys.fn_get_audit_file()
columns
parameters
AvailabilityRole
B
Backups
media (
see
Media, backup)
recovery modes (
see
Recovery modes, backups)
types
differential
full backup
transaction log
Benchmarking performance
Black hat hacker
Buffer Cache Extensions
BUILTINADMINISTRATORS group
BULK LOGGED Recovery Model
C
CarterSecureSafe application
CarterSecureSafeStorageAcc
Cell-level encryption
Central management server (CMS)
Certificate authority (CA)
CLR integration
Code injection attack
EXECUTE AS
privileged user account
stored procedure
stored procedure, add Obfuscation
stored procedure, user creation
protection
DevOps
policy based management (
see
Policy based management)
trojan horse virus
Code signing, self-signed certificate
Code signing, securable metadata
check objects’ signatures
protection
security policy
sys.Certificates
sys.fn_check_object_signatures
columns
parameters
Column encryption key
Column master key
CREATE DATABASE ENCRYPTION KEY Arguments
Credentials metadata
columns returned
sys.Credentials
sys.database_scoped_credentials
security entities
UNION, outcomes
Cross-functional teams
Custom audit events, creation
server audit and database audit specification
sp_audit_write parameters
Cyber-terrorism
D
Database administrators (DBAs)
Database audit specification options
Database encryption key
Database engine
Database-level
fixed database roles
users
sys.database_principals
windows security principal, creation
with login
without login
Database management platform
Database Master Key
Data Definition Language (DDL)
Data Manipulation Language (DML)
Data-tier application
DECRYPTBYKEY() function
DECRYPTBYPASSPHRASE() functions
DECRYPTBYPASSPHRASE() parameters
Defense in depth
Demilitarized zone (DMZ)
DemoLogin’s Login name
Denial of service (DoS)
Deterministic encryption
Differential backup
Domain User account type
DREAD methodology
DREAD ratings
Dynamic data masking
adding
Application.CreditCards Table
functions
Sales.CreditCard Table
E
Edge-case solutions
EKM module
ENCRYPTBYKEY() parameters
ENCRYPTBYPASSPHRASE() function
Encrypted column encryption key
Encrypting backups
attempts to restore
arguments
backup set options
error management options
error message
media set options
miscillaneous options
Object Explorer
RESTORE command
Restore Database dialog box
Restore dialog box without certificate
tape options
T-SQL
WideWorldImporters Database
WITH options
backup options
key management
miscellaneous options
security
algorithms, SQL Server 2016
Backup Database dialog box-general tab
Backup dialog box-Media Options tab
backup options tab
backup set optioins
Copy-only check box
disc target/URL
error management options
FULL recovery mode
log-Specific options
log via T-SQL
Master database
Media Option tab
media set options
miscellaneous options
self-signed certificate
tape options
WideWorldImporters database
WITH options
size
Windows Azure Blob
Encrypting data
ENCRYPTBYPASSPHRASE() function
keys and certificates
CREATE CERTIFICATE arguments
CREATE SYMMETRIC KEY arguments
cryptographic functions
DECRYPTBYKEY() function
ENCRYPTBYKEY() parameters
symmetric key
password/passphrase
CardNumberEncrypted column
DECRYPTBYPASSPHRASE() parameters
drop dynamic data mask
encrypt and decrypt data
ENCRYPTBYPASSPHRASE() function
ENCRYPTBYPASSPHRASE() parameters
encrypted Column
return credit card information
Encryption metadata
objects
relationship
sys.column_encryption_keys Columns
sys.column_encryption_key_values columns
sys.column_master_keys
TDE
F
FILESTREAM filegroup
Firewall
client, communication process
ports requirements
rules
topology
Fixed server roles
FORCE keyword
Full backup
FULL recovery mode
G
GDPR compliance
Generic encryption concepts
asymmetric key
certificate
defense in depth
DPAPI
self-signed certificate
symmetric key
Grey-hat hacker
Group policy object (GPO)
H
Hardware security module (HSM)
Hijacking
back-door method
database engine
logon triggers
properties–log-on tab
run SSMS
server agent
startup parameters tab
stop SQL server agent
HTTP headers
I, J
Identity spoofing
Impersonation
change security context
context specifications
T-SQL statements
Instance level security, implementation
AvailabilityRole
credentials
CRYPT_GEN_RANDOM() function
fixed server roles
GRANT statement
HASHBYTES() function
login properties
logins
dialog box
2
nd
-tier logins
SQL login, creation
windows security principal, creation
migrating between instances
Internet Assigned Numbers Authority (IANA)
K
Key stores
L
Local user account type
Log backup
Logon triggers
administrators creation
creation
IS_SRVROLEMEMBER() function
ORIGINAL_NAME() function
SQL server agent
syntax components
SysadminMembers table
sys.server_principals
M
Managed service accounts (MSAs)
Media, backup
device
dialog box
disc
header
logical
mirror
sp_addumpdevice parameters
striping
WideWorldImporters database
media sets
new backup sets
security
encrypt backups (
see
Encrypting backups)
physical
structure
Metasploit
Microsoft Cryptographic API (MSCAPI)
Mixed mode authentication
N
Named pipes
Network configuration
protocols
IP addresses tab
named pipes
TCP/IP properties
static
vs.
dynamic ports
O
Operating System, creation
ORDER BY NEWID() clause
Ownership chaining
P, Q
Penetration testing tools
Performance considerations
Physical security, backup media
Policy based management
condition, creation
dialog box
parameters
policy, creation
AvoidCodeInjection Policy
dialog box
sp_syspolicy_add_object_set Parameters
sp_syspolicy_add_policy Parameters
sp_syspolicy_add_target_set Parameters
Policy-based management (PBM)
Pragmatic approach
PWDCOMPARE() function
R
Recovery modes, backups
BULK LOGGED recovery model
FULL recovery mode
SIMPLE recovery mode
Relation Database Management Systems (RDBMS)
Repudiation
Resource Governor
Row-level security (RLS)
implementation
policy
predicate
S
The Sarbanes–Oxley Act (SOX)
Schemas
Security identifier
Security log
Security management tool
Security metadata
audit (
see
Audit metadata)
code signing
credentials
Database Properties dialog box
DBA
DemoLogin’s Login name
encryption configuration (
see
Encryption metadata)
EXECUTE AS statement
parameters, sys.fn_my_permissions
policy
principals
public role
retrieve database owners
risks, visibility
SID
sp_MShasdbaccess procedure
sp_table_privileges
columns
parameters
return results
SQL Server administration
SQL Server Management Studio
SUSER_SNAME()function
sys.fn_my_permissions
user’s effective permissions
VIEW DEFINITION permission
visible
Security model
database-level
definitions
hierarchy principal
instance level security, implementation
Self-signed certificates
Server agent
alerts
database roles
job creation
jobs
operators
proxy accounts
schedules
security
Server audit options
Server audit specification options
Server Message Block (SMB)
Service account
model
permission and assignment requirements
SMB
types
domain user account
local user account
MSAs
virtual accounts
Service account protection
Audit dialog box, creation
Audit dialog box, filter page
audits properties dialog box
constant password changes
new job step dialog box
new schedule dialog box
disabling
mixed mode authentication
password polices
renaming
security policy console
server audit specification dialog box
Service Master Key
SIMPLE recovery mode
SOX compliance
Spoofing identity
SQL injection attack
destructive attacks
environment preparation
CarterSecureSafe, creation
Default.aspx Code
insecure features
web.config
welcome.aspx Code
information leakage
database name
domain name
instance name
non-informative error
server name
table name
network attack
prevention
abstraction layer, usage
data-tier
db_owner database role
stored procedure
sysadmin role
T-SQL statements
user identity spoofed
SQL logins
SQL server audit
Action Groups (
see
Audit Action Groups)
creation
definition
implementation
security log
windows application log
SQL server audit, implementation
creation
dialog box
dialog box-filter page
database audit specification
specification options
SQL Server Configuration Manager
SQL Server database engine service account
SQL Server encrytion hierarchy
SQL Server Management Studio (SSMS)
SUSER_SNAME() function
Symmetric key
sys.fn_get_audit_file()
sys.fn_my_permissions()
System-level encryption tooling
T
TCP/IP
TempDB
Threat modeling
architecture
infrastructure, creation
technology implementations
assets
countermeasures
description
identifying threats
STRIDE classification
STRIDE methodology
rating
DREAD methodologies
methodologies
RDBMS
security management policies
security profile, creation
Threat rating methodologies
Transaction log backups
Transact-SQL Script (T-SQL)
Transmission Control Protocol (TCP)
Transparent Data Encryption (TDE)
administrative
backing up the certificate
database migration
advantages
data and log pages
implementation
Metadata-Driven Encryption Script
return list
certificates
databases
sp_msforeachdb system
sys.database_encryption_keys columns
technologies
WideWorldImporters database
Transport layer protocols
Trojan Horse virus
T-SQL script
U
Unsafe features
evaluating policies
policy based management
condition
facet
policy
target
surface area configuration, policy creation
User account
protection
auditing passwords
PWDCOMPARE parameters
User Datagram Protocol (UDP)
V
Virtual accounts
W
White-hat hacker
Whole value substitution attack
application.salary table, creation
credit card
performance considerations
protection
DECRYPTBYPASSPHRASE() function
ENCRYPTBYPASSPHRASE() function
salary manipulation
WideWorldImporters database
Windows accounts protection
Windows application log
Windows Authentication mode
Windows Data Protection API (DPAPI)
Windows Security log
X, Y, Z
xp_cmdshell system
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.