PTR - People, Training ResultsPeople, Training, Results

Independent Technical IT Computer Training Courses

   

SQL Course Index & Training Schedule


More SQL Courses

Microsoft SQL Server Audit & Security CourseIntroduction to SQL Server Transact SQL CourseAdvanced Queries & Transact SQL Programming CourseAdvanced SQL for SQL Server CourseAdvanced SQL, Stored Procedures & Triggers for Microsoft SQL Server CourseSQL Server Performance & Tuning CourseIntroduction to SQL Server Business Intelligence CourseSQL for Microsoft SQL Server CourseSQL Server 2000: Administration CourseSQL Server 2000: Database Design CourseImplementing Business Logic with MDX in Microsoft SQL Server 2000 CoursePopulating a Data Warehouse with Microsoft SQL Server 2000 Data Transformation Services CourseMySQL Introduction - Intermediate CourseMySQL Database Administration & Design CourseMySQL Programming CourseMySQL Administration Course


Late Availability Courses:

SQL for Microsoft SQL Server
9th - 10th February 2012


Training Course Subjects:

Applications Training Courses C Programming Courses C# Programming Courses Cisco Courses Citrix Courses CIW Courses CompTia Courses Database Courses Exchange Server Courses Fortran Courses Internet Courses ITIL Service Management Courses Java Courses Linux Courses Microsoft Courses Microsoft .NET Courses Microsoft Access Courses Microsoft Excel Courses Microsoft Outlook Courses Microsoft Powerpoint & Visio Courses Microsoft Project Courses Microsoft Server Products Courses Microsoft Word Courses Networking Courses Oracle Courses Perl Courses Programming Courses Security Courses SQL Courses SQL Server 2005 Courses SQL Server 2008 Courses Unix Courses VBA Courses Visual Basic Courses Visual Basic 2008 Courses Visual Studio Courses Visual Studio 2008 Courses Visual Studio 2010 Courses VMWare Courses Web Design Courses Windows Server 2003 Courses Windows Server 2008 Courses Windows 7 Courses Windows Vista Courses Windows XP Courses XML Courses

Online e-Learning Courses

Scheduled Classroom based Training Courses

Microsoft SQL Server Audit & Security Course

Download PDF course outline

Course Description

Walking around any end user or technical department, auditors always find developments under way using the Microsoft SQL Server environment. But while we continue to audit central IT systems, this platform infrequently appears as a target of evaluation in audit plans. Even though continuity of service to the organisation within departments could well depend on this product. Here is an opportunity to find out how SQL Server works, what are its security weaknesses and how they should be mitigated. This is a highly functional environment where communication across a Microsoft network is very easy to achieve. Too easy perhaps? As with all highly functional products the downside is insecurity. Learn hands-on what this means.

You will learn what the components of Microsoft SQL Server are and understand what the system administrators should be doing. Find out how to get information out of SQL Server and how to interpret it. Experiment with a live SQL Server network in a lab environment. Learn how to write auditors job packs in T-SQL, for regularly extracting information.

Covers all version up to and including SQL Server 2008.
£895

3 day course

Scheduled Dates:
05 January 2012
23 February 2012
22 March 2012
19 April 2012
17 May 2012
14 June 2012

Location:
PTR's Training Centre
Wokingham, Berkshire.

Course pre-requisites:

Delegates should possess a basic understanding of database technology. Some prior knowledge of SQL will be useful.



Topics covered on the 3 day Microsoft SQL Server Audit & Security course

INTRODUCTION TO AUDIT & SECURITY

AUDIT & SECURITY

  • Checklist-Based Auditing
  • Risk-Based Auditing
  • Audit Plan
  • CHECK LISTS
  • DISA Database STIG
  • NIST

THE BIG PICTURE

  • Access Control
  • Intrusion Prevention
  • Intrusion Detection
  • Secure Data Storage
  • Secure Data Access

INTRODUCTION TO SQL SERVER

  • SECURITY CONSIDERATIONS
  • AUDIT CONSIDERATIONS

SQL SERVER BASIC ARCHITECTURE

  • The Physical Database
  • The master Database
  • The msdb Database
  • The model database
  • The tempdb database
  • The Instance
  • Licensing
  • SQL Server Services
  • The File System Locations
  • The Registry Keys
  • Restricting Access to a SQL Server Instance
  • Restricting Access to Databases
  • Client Connectivity
  • Network Protocols
  • Encrypting Connections to SQL Server
  • Instance & Database Metadata
  • The Logical Database Architecture
  • Database Objects
  • Ownership
  • Schemas
  • Character Sets & Sort Orders

THE MANAGEMENT TOOLS

  • Management Studio
  • Configuration Manager
  • Surface Area Configuration Manager
  • osql Utility
  • bcp Utility
  • sqlcmd Utility
  • Powershell

SQL SERVER LOGS

SQL SERVER SECURITY COMPLIANCE

SQL SERVER CONFIGURATION

  • Ad Hoc Distributed Queries
  • Agent XPs
  • clr enabled
  • Database Mail XPs
  • Replication XPs
  • SMO and DMO XPs
  • SQL Mail XPs
  • xp_cmdshell

DATABASE STORAGE

  • Data Files
  • Primary Data File
  • Secondary Data File
  • Transaction Log File
  • Filegroups
  • Storage Fault Tolerance

BACKUP DEVICES

BACKUP IMAGES

IMPORTING AND EXPORTING DATA

  • SQL Server Data Transformation Services (DTS)
  • Import/Export Wizard
  • DTS Packages
  • SQL Server Integration Service (SSIS)
  • Back Ups and Restores
  • Backing Up A Database or Transaction Log
  • To Back Up A Database Or A Transaction Log
  • SQL Server 2000 Backup
  • SQL Server 2005 Backup
  • The BACKUP Statement
  • Restoring a database or Applying a Transaction log
  • Security Consideration for Backup & Restore

USER SECURITY

LOGIN ACCOUNTS

  • SQL Server authentication
  • Windows authentication
  • Change The Authentication Mode
  • Default Login Accounts
  • Creating Login Accounts

DATABASE USER ACCOUNTS

  • Default Database User Accounts
  • Creating Database Users
  • The guest Account

ADMINISTRATIVE PRIVILEGES

  • Server Roles
  • User Defined Database Roles
  • Application Roles

SQL SERVER PERMISSIONS

  • Principals
  • Securables
  • Permissions
  • Server Scope Permissions
  • Database, Schema & Object Scope Permissions
  • Statement Level Permissions
  • Object Level Permissions

ASSIGNING PRIVILEGES & PERMISSIONS

  • Statement Level Permissions
  • Object Level Permissions
  • GRANT, REVOKE & DENY Statements

IMPERSONATION

  • User and Login Security Tokens
  • Understanding Impersonation
  • The AUTHENTICATE Permission
  • The TRUSTWORTHY Property
  • EXECUTE AS vs SETUSER

SQL SERVER ENCRYPTION

ENCRYPTION HIERARCHY

  • The Service Master Key
  • The Database Master Key
  • Asymmetric Keys
  • Certificates
  • Symmetric Keys
  • Transparent Database Encryption

ENCRYPTION & DECRYPTION FUNCTIONS

HIGH AVAILABILITY

  • Replication
  • Log Shipping
  • Database Mirroring
  • Clusters

APPLICATION DEVELOPMENT

  • Sql Injection
  • Validate User Input
  • Module Signing
  • Module Signatures

SELECTING THE TRUST MECHANISM

  • Database Owner Approach
  • Signature Approach

SQL SERVER AUDITING

  • Login Audit
  • SQL Profiler Traces
  • SQL Server Profiler Audit Example
  • SQL Trace
  • Triggers
  • DML Triggers
  • DDL Event Triggers
  • The EVENTDATA() Function
  • Event Groups & Events
  • Logon Triggers
  • Notification Service

SQL SERVER SYSTEM VIEWS & STORED PROCEDURES

  • System Views
  • Built-In Stored Procedure Examples

SQL SERVER 2008 AUDIT

  • The Server Audit object
  • The Server Audit Specification
  • The Database Audit Specification

POLICY BASED MANAGEMENT

  • Policy Components
  • Facet Properties
  • Create & Managing Policies

THREATS & VULNERABILITIES

  • Process Threats And Vulnerabilities
  • Platform Threats And Vulnerabilities
  • Authentication Threats And Vulnerabilities
  • Programming Threats And Vulnerabilities
  • Data Access Threats And Vulnerabilities

Course Classification:  Technical Training Course

This is an instructor led training course taught in a classroom based environment.


Course Fee = £895   (excl.VAT)



Scheduled course dates

05 January 2012 to 07 January 2012

23 February 2012 to 25 February 2012

22 March 2012 to 24 March 2012

19 April 2012 to 21 April 2012

17 May 2012 to 19 May 2012

14 June 2012 to 16 June 2012



View full schedule of Generic courses

View full schedule of SQL Server 2000 courses

Print / Download PDF Version of full course schedule

If you would prefer to run this course at your premises as you have several employees to place on the course perhaps, then we are also able to offer onsite SQL Server 2008 Training and bespoke SQL Server 2008 courses