programming4us
           
 
 
SQL Server

SQL Azure : Security - Overview

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/22/2010 5:31:15 PM
Before diving in to the specifics of SQL Azure, let's look at a general security framework to assess how Database as a Service can impact you. The following discussion is based on the basic security principles encapsulated by confidentiality, integrity, and availability (CIA). This is referred to as the CIA triad and is one of the most accepted forms of security categorization. SQL Azure shifts the balance of the CIA triad from traditional SQL Server installations.

1. Confidentiality

Confidentiality is the ability to ensure that data can be accessed only by authorized users. It's about protecting your data from prying eyes or from inadvertent leakage by using multiple technologies, including the following:

  • Encryption. Creates a ciphertext (encrypted information) that can be decrypted through the use of a shared key or a certificate

  • Hashing. Generates a ciphertext that can't be decrypted (typically used for password storage)

  • Access control. Controls access to data based on contextual information

  • Authentication. Controls who can access the database and which objects in the database a user can access

  • Firewall. Uses technology to limit network connectivity to a list of known machines

SQL Azure offers new features, such as a firewall (as previously discussed); however, it doesn't yet support data encryption natively (such as Transparent Data Encryption [TDE] and field-level encryption), which places more emphasis on the other confidentiality techniques.

SQL Server, on the other hand, doesn't provide a native firewall (although it's possible to purchase after-market database firewalls), but it offers strong encryption capabilities. Finally, both SQL Server and SQL Azure offer hashing capabilities.

Because SQL Azure doesn't provide native encryption, your code needs to do all the hard work. Not to worry! In this article, you see how to implement hashing and encryption using C# and how to store the ciphertext in SQL Azure (or SQL Server, for that matter).

2. Integrity

Data integrity refers to the objective of ensuring that information is modified only by authorized users. Integrity of data can be compromised in multiple ways, such as a malicious SQL Injection attack or the unintentional execution of a TRUNCATE statement on a table, wiping out all the records. You can implement integrity measures in a database as follows:

  • Authorization. Controls who can change what data

  • Backup. Creates a transactionally consistent database snapshot from which data can be recovered

  • Roles-based access. Provides the minimum access rights to different roles in a company, such as developers and support

  • Auditing. Tracks database access and data changes to provide an audit trail for forensic analysis

From an integrity standpoint, SQL Azure doesn't yet provide the same capabilities as SQL Server. SQL Azure does deliver strong authorization capabilities, similar to SQL Server 2008. However, regular database backups and activity auditing aren't available as of this writing. Microsoft is building new backup mechanisms for SQL Azure, above and beyond the BCP (Bulk Copy Program) operations available now.

3. Availability

Availability ensures service uptime so your data can be accessed when it's needed. Designing highly available systems can be very complex and requires advanced knowledge in multiple areas including disk configuration, system administration, disaster-recovery locations, and more. The following are some of the technologies involved in high availability:

  • Redundant disks. Can recover from the loss of a disk spindle. Usually involves a RAID configuration.

  • Redundant networks. Can survive the loss of multiple network components, such as a network card or a router.

  • Redundant services. Can survive the interruption of services such as security and databases. An example is the use of Microsoft Cluster Service.

  • Redundant hardware. Can survive the loss of machine hardware, such as a CPU or a memory chip.

  • Scalability. Delivers information at near constant speed under load.

  • DOS prevention. Prevents successful denial of service (DoS) attacks that would otherwise prevent data availability.

In addition to ensuring redundancy of infrastructure components, you need to understand the recovery objectives of your business to determine how to best implement your availability requirements.

SQL Azure offers a unique platform because all the areas just listed are automatically provided for. SQL Azure offers a 99.9% availability guarantee through its service-level agreement (SLA). In order to deliver this high availability, SQL Azure transparently keeps two additional standby databases for each user database you create. If anything happens to one of your user databases, one of the two backups takes over within a few seconds; you may not even notice the failover process. SQL Azure also provides automatic handling of DoS attacks.

SQL Azure accomplishes failover using the architecture shown in Figure 1. You interact with a proxy that directs your request to whichever of your databases is current. The standby databases aren't accessible to you.

Figure 1. SQL Azure's standby database architecture

NOTE

In terms of availability, SQL Azure far surpasses SQL Server; SQL Azure is built on a scalable and highly available platform that doesn't require configuration or tuning. None of the typical SQL Server configuration settings are available in SQL Azure (such as CPU Affinity, Replication, Log Shipping, and so on).

Let's take an example of a project that needs to deploy a new application with high availability requirements. The following items would need to be planned for in a traditional SQL Server installation but are provided to you automatically with SQL Azure:

  • Clustered SQL Server instance. Install and configure Microsoft Cluster Service and SQL Server instances in an active/active or active/passive configuration.

  • RAID configuration. Purchase new disks and hardware to install and configure a RAID 10 (or RAID 0+1) disk array (for disk redundancy and performance).

  • Disaster-recovery server. Purchase similar hardware and configure it at a disaster-recovery site.

  • Replication topology. Create a mechanism to transfer the data from the primary site to the secondary site using log shipping, replication, disk-level replication, or another technique, depending on your needs.

  • Database tuning. In larger systems, tuning SQL Server for high performance can be very difficult and involves CPU and I/O affinitization, degree of parallelism, and many other considerations.

  • Testing. Plan and execute a disaster-recovery plan once a year, to make sure it's working as intended.

And of course, you must consider the costs associated with all these activities, the time it takes to plan and execute such a project, and the specialized resources needed to implement a highly available database environment.

By now, you can see that although SQL Azure falls short in certain areas of security, it excels in others, especially its availability model. Deploying a highly available SQL Azure database is quick and extremely simple.
Other -----------------
- Setting Up a Full-Text Index (part 4) - Using the Full-Text Indexing Wizard to Build Full-Text Indexes and Catalogs
- Setting Up a Full-Text Index (part 3) - Diagnostics
- Setting Up a Full-Text Index (part 2) - Full-Text Indexing of BLOBs and XML
- Setting Up a Full-Text Index (part 1) - Using T-SQL Commands to Build Full-Text Indexes and Catalogs
- Implementing SQL Server 2008 Full-Text Catalogs
- How SQL Server FTS Works
- SQL Azure : Connecting to a SQL Azure Database (part 2) - Connecting from the Entity Framework
- SQL Azure : Connecting to a SQL Azure Database (part 1) - Connecting Using ADO.NET
- SQL Azure : Creating Databases, Logins, and Users (part 2)
- SQL Azure : Creating Databases, Logins, and Users (part 1)
- SQL Azure : Azure Server Administration (part 3) - Databases
- SQL Azure : Azure Server Administration (part 2) - Firewall Settings
- SQL Azure : Azure Server Administration (part 1) - Server Information
- SQL Azure : Managing Your Azure Projects
- SQL Azure : Creating Your Azure Account
- An OLAP Requirements Example: CompSales International (part 16) - Security and Roles
- An OLAP Requirements Example: CompSales International (part 15) - SSIS
- An OLAP Requirements Example: CompSales International (part 14) - Data Mining
- An OLAP Requirements Example: CompSales International (part 13) - Cube Perspectives
- An OLAP Requirements Example: CompSales International (part 12) - Generating a Relational Database
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us