Wednesday, October 10, 2012

Microsoft SQL Server 2012 Security Cookbook

This post is a review Microsoft SQL Server 2012 Security Cookbook from Packt Publishing.

Please note the publisher has not paid me for this review, I purchased the book myself.

Name: Microsoft SQL Server 2012 Security Cookbook
Authors: Rudi Bruchez
Released: September 2012
ISBN: 1849685886
Pages: 322

As somebody who has experience in both Unix systems and enterprise firewalls, I was impressed that the first chapter talks about how to secure the service, the server, the protocol and the network. However, it only does so in the context of the machine with which the server is operating on. For most DBA's this is sufficient information to possibly communicate the information to the perimeter administrators, if communication beyond site boundaries is required (which a corporate VPN would probably better suite).

The number one question I have seen on sites with beginning DBA's is the dynamic ports. This book addresses this question on page 40.  The information on how to hide it's presence was particularly useful those in even more high secure environments that don't want to expose that feature specifically (ie: Defence, Police).

You can tell the author is authoritative and passionate and also understands security from both internal and external influences. I was also impressed that the discussion of login SID's and how to replicate these between instances or remap from a restore process. Very handy recipes for DBA's in the field.

The section on SQL Injection Attacks should empower DBA's as to how these things occur so they can work with Developers to ensure that applications do not exhibit these flaws.  The information about SQL firewalls was particularly eye opening for myself as I did not know specialist products were now available for this particular method of attack.

The section on the other parts of the entire suite of tools that makes up Microsoft Business Intelligence Stack are not neglected either. While the provided information is small compared to the Database Services security, at least the author has not neglected these other crucial aspects of the suite.

The only part of the suite that gets no mention is securing SSIS but this is minimal in the grand scheme of things.

Overall, I think this book deserves it place on your bookshelf if you are an SQL Server DBA of any sort.