Flashcards in Security Deck (20)
What is Public Key Cryptography?
Form of Message Secrecy in which a user creates a public key and private key, the private key is kept secret and the public key is distributed. The public key can encrypt data and the private key decrypts.
How do you set up SQL Server to use certificates?
Under SQL Server Configuration Manager
SQL Server Network Configuration
Protocols for MSSQLSERVER - Force Encryption - YES
What is a loginless user used for?
It allows for setting up security and using it through EXECUTE AS
What is the syntax for creating a loginless user?
CREATE USER [USERNAME] WITHOUT LOGIN WITH DEFAULT_SCHEMA=[SCHEMA]
What are contained users?
Users that can authenticate specifically to the database. They do not have logins.
How do you set up a database to allow contained users?
sp_configure 'contained database authentication', 1
Then set the containment type to partial.
What is the syntax to create a contained user?
CREATE USER [USERNAME] WITH PASSWORD=N'STRONG_PASSWORD'
What is cross db ownership chaining?
When all object owners are mapped to the same login account then you can grant access to objects in multiple databases.
How do you enable cross db ownership chaining?
ALTER DATABASE Database1 SET DB_CHAINING ON;
Does cross db ownership chaining work with dynamic SQL?
Only if the user exists in both databases.
What is Symmetric Encryption?
Where the sender and receiver have the same key to encrypt and decrypt
What is the drawback to using Symmetric Encryption?
It's very difficult to get the keys to both parties without losing integrity of the keys
What is Asymmetric Encryption?
The sender uses a public key that is generated from a private key that they can encrypt the data with and then send to the receiver who unencrypts it with the private key.
What is the downside to Asymmetric Encryption?
It's more resource-intensive
What is a Certificate?
* Asymmetric key pair
* Public key contains identity information
* Can be signed by certificate authority to prove authentication
What is the first step needed before being able to use encryption?
You have to create a MASTER KEY in the database (actual database, not master)
CREATE MASTER KEY
ENCRYPTION BY PASSWORD = '@ v3ry str@ng p@ssw0rd!'
What is transparent database encryption?
Full encryption of the database files and log
How is Transparent Database Encryption set up?
* Create DMK in Master
* Create a certificate in Master
* Create a database encryption key in your database
* Set encryption on your database
What is a DMK?
Database Master Key