Cloud Enabling Access Experts

SQL Server Security

Cloud Enabling Access Experts

SQL Server Security

• Securing your data

• Moving your data to SQL Server is an

improvement over Access (Avoids

SneakerNet)

Cloud Enabling Access Experts

SQL Server Security

Models

• Active Directory Users and Groups

• SQL Server Logins

• Which is more secure?

Cloud Enabling Access Experts

Active Directory

• Windows User Accounts

• Windows Groups: Admin, Power User, Read

Only

• Windows Groups SQL Server Roles

Cloud Enabling Access Experts

Active Directory

Benefits

• Allows Network Admins to add

employees to different groups and not

have to go into SQL Server

Management Studio

• When user account is deactivated, i.e.

fired, they lose rights to the database

• Use the windows credentials in your

Access app to validate the user on

startup

• If you’re not in a group you have no

security clearance to database

Problems

• Data can be exposed outside Access

(Users can launch Excel and extract

data)

• Requires IT to manage users, not

owners

Cloud Enabling Access Experts

SQL Server Security

Benifits

• Users and roles are managed in SQL

Server

• IT may not be needed, since you can

use DDL commands to add users and

assign them to roles with code

• You can use a single SQL account

and only use it in your app, not provide

it to users

Issues

• Users must login via your app

Cloud Enabling Access Experts

Attack Vectors

• Social Hacking

• Brute Force

• Zero Day Flaws

Cloud Enabling Access Experts

Fake Login Pages

Prompts for your

user name and

password, phony

phone leads to

computer hijacking

Cloud Enabling Access Experts

•

Cloud Enabling Access Experts

Target

40 Million People Affected

Cloud Enabling Access Experts

Cloud Enabling Access Experts

Hardening SQL Server• Use a non-standard port

• Use a fixed IP address and disable browser

service

• Force encryption between the server and the

client http://bit.ly/1jt5VIk

• Encrypt your SQL Server files (TDE)

(not available on Express) http://bit.ly/1ngUDaG

Cloud Enabling Access Experts

Hardening Continued

• Allow max three login tries, enforce 15 minute

lockouts using windows policy

• More tips at http://bit.ly/1ngWvjB

• Azure Security http://bit.ly/1fJdDPn

Cloud Enabling Access Experts

SQL Setup Suggestion

• Use one SQL Login and password in your

app, hide them using Base64 technique

http://bit.ly/1mvSSFg

• Create a user table and validate user

credentials using a stored procedure

• Don’t provide credentials to anyone

Cloud Enabling Access Experts

What’s Next?• Consider AccessHosting.com for hosting SQL

Server

• Add me to your network on LinkedIn

https://www.linkedin.com/in/juansoto

• Like my Facebook page

https://www.facebook.com/AccessExpert

• Subscribe to my blog

http://accessexperts.com/blog/

Cloud Enabling Access Experts

Learn and get paid

• Take on a SQL Server project and collaborate

with us, split revenue 50%

• Usually takes one project to get up to speed.