PASS Community Summit 2008: Program Sessions (Application Development)

In Designing a Secure SQL Server 2008 Solution we will go into many practical concerns a DBA or developer has when securing SQL Server and designing a secure solution. We will cover how SQL Server Authentication is susceptible to hacking attempts, and how you can avoid SQL Server Authentication with the use of Windows Authentication and Kerberos. We will also cover how to improve security when SQL Server Authentication is desired by encrypting the connection using SSL. Further this presentation will go into some practical suggestions on how to improve application authentication design. This presentation will describe Kerberos at a high level, and then go into detail on how to setup Delegation and Kerberos authentication using SQL Server, IIS and a client. Additionally, we will delve into delegation across two SQL instances and a client. The presentation will include a review of the tools necessary to setup delegation and Kerberos and the debugging techniques used to resolve Kerberos authentication problems. If you are looking for a way to improve your security, eliminate the need for SQL authentication and understand the tools needed to do this, then this presentation is for you. If you know what a double-hop is and could never quite find a way around the problem before, then this presentation is for you. And, if you ever wondered how to get a client app authenticated through IIS to SQL server and maintain auditing, then this presentation is for you. On the side of improving application authentication, we will discuss how to best utilize application roles, database roles and Active Directory integration. We will demonstrate the use of a database role to authenticate Active Directory groups and how this method results in low security maintenance for DBAs, and instead keeps this activity in the network administration realm where possible. Furthermore, we will discuss how Application Roles can be used in conjunction with Database Roles to prevent other clients from accessing your database, while facilitating minimal maintenance on SQL Server logins and permissions. Generally, this presentation is intended to give you a detailed tour of authentication issues in SQL Server 2008.

Register Now for PASS Community Summit 2008!