© 2018

Securing SQL Server

DBAs Defending the Database


Table of contents

  1. Front Matter
    Pages i-xvii
  2. Database Security

    1. Front Matter
      Pages 1-1
    2. Peter A. Carter
      Pages 3-21
    3. Peter A. Carter
      Pages 23-49
    4. Peter A. Carter
      Pages 51-76
    5. Peter A. Carter
      Pages 77-96
    6. Peter A. Carter
      Pages 97-131
    7. Peter A. Carter
      Pages 133-157
    8. Peter A. Carter
      Pages 159-174
    9. Peter A. Carter
      Pages 175-192
    10. Peter A. Carter
      Pages 193-217
  3. Threats and Countermeasures

    1. Front Matter
      Pages 219-219
    2. Peter A. Carter
      Pages 221-245
    3. Peter A. Carter
      Pages 247-274
    4. Peter A. Carter
      Pages 275-306
    5. Peter A. Carter
      Pages 307-324
    6. Peter A. Carter
      Pages 325-339
  4. Back Matter
    Pages 341-349

About this book


Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy for your database enterprise. This new edition covers threat analysis, common attacks and countermeasures, and provides an introduction to compliance that is useful for meeting regulatory requirements such as the GDPR. The multi-layered approach in this book helps ensure that a single breach does not lead to loss or compromise of confidential, or business sensitive data.

Database professionals in today’s world deal increasingly with repeated data attacks against high-profile organizations and sensitive data. It is more important than ever to keep your company’s data secure. Securing SQL Server demonstrates how developers, administrators and architects can all play their part in the protection of their company’s SQL Server enterprise.

This book not only provides a comprehensive guide to implementing the security model in SQL Server, including coverage of technologies such as Always Encrypted, Dynamic Data Masking, and Row Level Security, but also looks at common forms of attack against databases, such as SQL Injection and backup theft, with clear, concise examples of how to implement countermeasures against these specific scenarios. Most importantly, this book gives practical advice and engaging examples of how to defend your data, and ultimately your job, against attack and compromise.

What You'll Learn:
  • Perform threat analysis
  • Implement access level control and data encryption
  • Avoid non-reputability by implementing comprehensive auditing
  • Use security metadata to ensure your security policies are enforced
  • Mitigate the risk of credentials being stolen
  • Put countermeasures in place against common forms of attack


Encryption Auditing Security auditing Hardening the Database Threat analysis Countermeasures Server Roles Credentials Database Audit Row-Level Security Dynamic Data Masking Impersonation Ownership Chaining Securing SQL Server Transparent Data Encryption Public Key Certificates GDPR Always Encrypted SQL Injection Backup Theft

Authors and affiliations

  1. 1.LondonUK

About the authors

Peter Carter is a SQL Server expert with over 15 years of experience in database development, administration, and platform engineering. He is currently a consultant, based in London, England, UK. Peter has written several books across a variety of SQL Server topics, including security, high availability, automation, administration, and working with complex data types.

Bibliographic information

Industry Sectors
Chemical Manufacturing
IT & Software
Consumer Packaged Goods
Materials & Steel
Finance, Business & Banking
Energy, Utilities & Environment