ManagingSecurity•Chapter4 157 1. Open up the SQL Server Configuration Manager. 2. Click on SQL Server Services as in Figure 4.14. 3. Right-click on SQL Server Agent and click Properties. 4. In the properties window on the Log-on tab click on the drop-down menu for Built-in account: and take a look at the available accounts. 5. Now take a look on the Service tab and locate the Start Mode. Remember that at the time of install this service is disabled. This is where you would change the Start Mode in order to enable SQL Server Agent. 6. Select the Cancel button to exit Properties. 7. Exit the SQL Server Configuration Manager. Domain Service Accounts versus Local Service Accounts There are a few restrictions to which account types can be used by SQL Server services. There are a couple things to consider when selecting an account type to use with a SQL Server service. If the service must access file shares or use link server connections to other SQL servers, using a minimally privileged Domain user account is the best option. The Local service account is a built-in account with the same level of access to resources and objects as members of the Users group. The limited access of the local service account can help safeguard the system if individual services or processes are compromised. You cannot use a Local Service account for SQL Server or SQL Server Agent. 158 Chapter4•ManagingSecurity Summary of Exam Objectives The key to securing SQL Server is understanding the security hierarchy and the elements involved. The security of how principals connect to SQL Server and how the numerous features that require access to resources beyond SQL Server should be managed using The Principle of Least Privilege. SQL Server security is managed through Logins, Database users, Server-level Roles, Database-level Roles, and the service accounts needed by the various SQL Server features. It is very important to carefully consider the level of permissions needed for each user and establish the most precise match in order to reduce security risk exposure. If a user has access to SQL Server resources that they will not use or do not need, the policy has been violated. Doing your due diligence to understand what a specific permission or role has access to will help you best fit the user’s permissions to their specific needs and establish the best secured SQL Server possible. Exam Objectives Fast Track Principals Windows-level principals are a Windows Domain Login, Windows ˛ local login, and Windows group. SQL Server-level principals are a SQL Server login, SQL Server login ˛ mapped to a Windows login, SQL Server login mapped to a certificate, and SQL Server login mapped to an asymmetric key. Database-level principals are a Database User, Database user mapped to ˛ a SQL Server login, Database user mapped to a Windows login, Database user mapped to a certificate, Database user mapped to an asymmetric key, Database Role, Application Role, and Public Role. Roles Like a Windows group, SQL server provides two roles, fixed server-level ˛ and database-level roles. Fixed Server-level Roles have a serverwide scope. ˛ Database-level Roles have a database-level scope and custom database-level ˛ roles can be created. ManagingSecurity•Chapter4 159 The “Principle of Least Privilege” Do not grant more permissions than necessary. ˛ Be familiar with what each specific permission enables a user to ˛ accomplish. Inadvertently elevated permissions can pose a significant security risk. ˛ Users Users are database-level principals and are created to access resources ˛ within a database. User and Log-in names should match. ˛ Users can be added to any one or more of the available database roles. ˛ Schemas Schemas are collections of database objects such as tables, views, and ˛ procedures. Permissions can be granted to individual schemas within a database, ˛ providing a powerful way to manage permissions. It is not necessary to grant access to each object within a schema when ˛ granting permission to the schema. Permissions Designing a permissions strategy is important when properly securing ˛ database objects. Permissions can be granted on the database, on each schema within the ˛ database, or by granting permissions on each individual table or view within the database. Grantable permissions include SELECT, VIEW CHANGE TRACKING, ˛ UPDATE, REFERENCES, INSERT, DELETE, EXECUTE, RECEIVE, VIEW DEFINITION, ALTER, TAKE OWNERSHIP, and CONTROL. 160 Chapter4•ManagingSecurity Auditing Automatic auditing is available in SQL Server 2008 Enterprise, and can be ˛ enabled using SQL Server Audit. Auditing can be enabled at the Server level and Database level. ˛ CDC and DDL triggers are methods of tracking data changes and structural ˛ changes to the database schema. The SQL Server Configuration Manager Properties for SQL Server services can be managed in the Surface Area ˛ Configuration Facet. SQL Server features such as Database mail and CLR integration are not ˛ enabled by default. Disabling unnecessary features helps secure SQL Server. ˛ Security and SQL Agent SQL Server Agent Proxies are set up and mapped to the appropriate ˛ credentials to perform the required tasks. Credentials can be associated with one or more SQL Server Agent ˛ subsystems. One or more Proxies can be associated with the available SQL Server ˛ Agent subsystems. ManagingSecurity•Chapter4 161 Exam Objectives Frequently Asked Questions Q: What is considered to be a Principal in SQL Server 2008? A: Any entity that requests SQL Server Resources. Q: What is the definition of “The Principle of Least Privilege”? A: Only give permissions that are needed. Giving more access violates this principle. Q: Can you modify Server-level Roles? A: No, Server-level Roles are fixed and cannot be modified. Q: Can you create your own Database-level Roles? A: Yes, Database-level Roles can be created to better fit a user’s security requirements. Q: What is the most secure Authentication Mode and why? A: The Windows Authentication Mode is more secure because it is managed by the Windows operating system and subject to additional Windows password policies. Q: What SQL Server tool is used to enable the DatabaseMail feature in SQL Server 2008? A: The Surface Configuration Tool. Q: When working with SQL Server services such as SQL Server Agent, which tool do you use? A: SQL Server Configuration Manager. Q: When setting up SQL Server services that need to perform tasks outside of the local server, which account type should you use? A: Domain Service Accounts. . policies. Q: What SQL Server tool is used to enable the DatabaseMail feature in SQL Server 2008? A: The Surface Configuration Tool. Q: When working with SQL Server services such as SQL Server Agent,. account for SQL Server or SQL Server Agent. 158 Chapter4•ManagingSecurity Summary of Exam Objectives The key to securing SQL Server is understanding the security hierarchy and the elements. structural ˛ changes to the database schema. The SQL Server Configuration Manager Properties for SQL Server services can be managed in the Surface Area ˛ Configuration Facet. SQL Server features such