xxxxxxxx

.docx

School

American Military University *

*We aren’t endorsed by this school

Course

290

Subject

Information Systems

Date

Jun 18, 2024

Type

docx

Pages

1

Uploaded by DrProtonFlamingo39

Good morning, class, In SQL Server, Windows Authentication used Active Directory (AD) to manage users and password from a centralized management. This form of authentication makes it easier to control authentication, authorization, and access to the SQL server from a single point. SQL Server does not need to store any username or passwords as it enforces the use of Windows Authentication, which is maintained in a remote server servicing the authentication and authorization. This is done through the Kerberos authentication protocol, which can allow access to multiple databases after successful logon once as the user will carry with them a service ticket with them that provides access without needing to continue to input username and password, this is a form of Single Sign On (SSO) federation. Alternatively, one can implement the use of SQL Server Authentication, which is a more traditional form of authentication that occurs locally within the master database. The server authentication method is manageable under small deployments but can become too complex under larger ones with multiple users and databases. If no Windows Authentication is set up, managing the proportionate amount of databases and users becomes incrementally more difficult as the company scales. Therefore, a federated and centralized solution from the start allows easier expansion for the future. Furthermore, the server authentication connection is categorized as untrusted, which carries its own disadvantages. An untrusted connection should be automatically denied from the SQL Server for best practice. Using untrusted connection should be a last resort, as the use of Windows Authentication is superior from a security and management point of view. To set up a proper Windows Authentication solution that works both locally and remotely within the organization, one, the clients must have a modern operating system, and two, a domain controller (DC) for Windows must be created to maintain the usernames and passwords for the SQL Server, in addition to all other programs that benefits from being domain joined. Finally, the sa account should not be enabled because it is targeted by malicious users, often. If an application requires the use of a sa account, one must reconsider alternate solutions, or mitigate the risks from using a solution that would require a sa account to be enabled. One could mitigate these risks by setting very strong passwords for sa account. Regardless, a sa account should never have system-wide access, as this introduces an opportunity for SQL injection attacks. Resources Basta, Alfred, and Melissa Zgola. Database Security. Available from: VitalSource Bookshelf, Cengage Limited, 2011.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help