CIS 483 Final

Ace your homework & exams now with Quizwiz!

guidelines for determining the classification system for alerts

*classification system for error severity levels 1. information messages 2. errors that can be corrected by a user 3. software errors 4. fatal errors *classification system for alerts 1. create immediate alerts for software and fatal errors 2. create alerts for errors that can be corrected by a user 3. do not create alerts for informational errors

column level encryption

*Can encrypt specific data columns *Use built in functions and rely on a key management hierarchy *Need to reconstruct the application to handle encryption/decryption explicitly when storing or retrieving data *The tables modified to store the encrypted data as varbinary. when used, converted back to the original data type *can be encrypted using a certificate or passphrase

sysadmin (fixed server role)

*can conduct any task in SQL server *DBAs

dbcreator (fixed server role)

*can create and make changes to databases *assistant DBAs as well as developers *DONT use it

bulkadmin (fixed server role)

*can execute the BULK INSERT statement *assistant DBAs

setupadmin (fixed server role)

*can install replication and manage extended stored procedures *Assistant DBAs

diskadmin (fixed server role)

*can manage files on disk *assistant DBAs

securityadmin (fixed server role)

*can manage security issues (login creation/deletion, audit logs reading, grant permission to create database) *Assistant DBAs

serveradmin (fixed server role)

*change server wide configuration options *assistant DBAs

steps to sign stored procedures using certificates

*create a certificate *sign stored procedures with the certificate *create a user from the certificate (certificate user) *grant the access to the tables and stored procedures to the certificate user

*database user *fixed database role *user-defined database role *application role

database level principles

users, database roles

database principals

INFORMATION_SCHEMA & sys

database users that it used internally

db_ddladmin

Allowed to run any Data Definition Language (DDL) command against the database. This includes commands to Create, Alter, and Drop database objects. Cannot Grant, Revoke, or Deny.

inference

sensitive information derived from non sensitive information

implicit context switching

set the execution context within a module such as a stored procedure, trigger, or user-defined function

roles

similar to groups in Windows

aggregation

the sum of different instances of entity result in sensitive information being exploited

ALTER AUTHORIZATION

used to change the ownership of a securable

*SQL server login *fixed server role *user-defined server role

SQL server level principles

logins, server roles

SQL server principals

user-defined server, database roles

*create a custom set of permissions *server-level permissions can be allocated *group users with the same security privileges within the database * can assign windows user or group accounts to user database roles * can assign a SQL account or a windows account to database user

signing procedures with certificates

*create a sever and database user account with no rights to the base objects *create a certificate user account rights to a table and a stored procedure

transparent data encryption (TDE)

*database engine performs encryption and decryption automatically *transparent to the end user and applications *no changes to the database or applications *simpler for bulb encryption of data

dbo

*database owner *sysadmin fixed server is mapped to this user in each database. any object created by any member of the sysadmin fixed server role belongs to this user automatically

audit charter

*define the IS audit and assurance function 1. mission and goals 2. independence and accountability 3. roles and responsibilities of the auditee

guidelines for determining the notification policy

*determine whom to notify based on the alert classification *design a notification escalation policy *design a review process for events that are not notified *do not create too many notifications for the same person or group

execution context

*determines the permissions to execute statements *can be changes to a different principal other than the user or login connected to the session

service master key

*each SQL server instance has this *created automatically during installation and protected by the Data Protection API *symmetric key *if compromised, all keys can be decrypted

principal

*entities that can request SQL Server resources *includes logins of all types and roles *each has SID *each scoped at the windows, server or database level

public role (in server roles)

*every SQL Server login belongs to this role *the login inherits the permissions granted to the public on that object if nothing has been granted

public role (in database roles)

*every database has this role *all database users and roles inherit permissions granted to the public

fixed database roles

*fixed permissions at the database level *assigned to database users

vulnerability scanning

*focuses on know weaknesses *can be automated *does not necessarily require expertise

penetration testing

*focuses on known and unknown weaknesses *requires highly skilled testers *carrier tremendous legal burden in certain countries/orgs

IT security auditing

*focuses on security policies and procedures *used to provide evidence for industry regulations

threat hunting

*focuses on unknown and advanced threats *analyst-driven investigation, not relying on rule-based detection or signature mechanisms *methods: 1. hypothesis-driven 2. IOC-driven 3. Analytics-driven

permissions

*granted to a principal on securables *GRANT, DENY, REVOKE

fixed-server roles

*installed by default and have fixed permissions *logins assigned to these roles *cascaded to the database level

processadmin (fixed server role)

*kill a process *assistant DBAs and developers

application roles

*manage database access for an application *database principal *do not contain members; inactive by default *can use EXECUTE as to connect to other databases *user assumes the application role permissions, losing its own permissions *activated by stored procedure: sp_setapprole

guidelines for identifying what to monitor

*monitoring events at the instance level *monitoring events at the database level

schema ownership

*ownership of schemas and schema-scoped securables is transferable *schema owner has full control on all objects in the schema *schemas can be owned by any database principal *single pricipal can own multiple schemas *multiple database users can share a single default schema *each user has a default schema from 2005

classes of controls

*preventive *detective *deterrent *corrective *compensating *recovery

guidelines for designing database roles

*provides a granular permissions framework *uses grant, deny, and revoke permission states

major steps of a pen test

*reconnaissance and footprinting *scanning *exploiting *data collection *cleaning-up *deliver report

securables

*resources on which permissions can be granted *principals acquire permissions to these *can be nested to form hierarchies called "scope"

explicit context switching

*use EXECUTE AS statement to change the user or login *grant IMPERSONATE to a login or user to enable execution as a different login or user

ownership chaining

*use most of the time *circumvent DENYs *multiple database objects access each other sequentially

database master key

*used in creating certificates or asymmetric keys *protected by service master key *encrypted using a 3DES key derived from the password and service master key

guidelines for securing the SQL server agent service

1. execute the SQL server agent service under a windows security context 2. create a local or domain windows low-privilege account 3. use subsystems to restrict access 4. define a proxy account

VIEW DEFINITION

allowed for viewing (source code, login info, table metadata) if given at the table level

db_accessadmin

allowed to add or remove database access for logins

db_backupoperator

allowed to back up the database

db_datawriter

allowed to change the data in all user tables

db_securityadmin

allowed to manage permissions for database users, including membership in roles

db_owner

allowed to perform any action on the database. members of the sysadmin fixed-server role are mapped to this database role

db_datareader

allowed to read all user table data

db_denydatawriter

denied the right to change the data in any of the user tables

db_denydatareader

denied the right to read all user table data

guest

disabled by default. if enabled, any login can use the database without a user account

ALTER

gives ability to modify

CONTROL

gives ownership-like rights

*windows group *windows domain login *windows local login

windows level principles


Related study sets

venn diagrams and set operations

View Set

ATI Safety and Infection Control Ch 10-15

View Set

Cystic Fibrosis - evolve Case study (peds exam 1)

View Set

Case study clinic term 2, Clinical guide to sonography ch 1-12 final set, Clinical guide to sonography ch.27, Clinical guide to sonography ch.28

View Set

Grade 6 TEKS 6.5A, 6.5C Vocabulary

View Set

Attachments and Functions of the Muscles of Mastication

View Set