Designing Security for Microsoft SQL Server 2005 (Course Code: 2787)

Overview:

This two-day instructor-led course enables database administrators who work with enterprise environments to design security for database systems using Microsoft SQL Server 2005. The course emphasises that you should think about the whole environment, which includes business needs, regulatory requirements, network systems, and database considerations during design. You will also learn how to monitor security and respond to threats.

Learning Method:

This course uses a combination of instructor presentation, and student hands-on practical exercises. You will have the opportunity to apply what they have learned in the classroom throughout the course.

Who will benefit from this course?

This course is intended for current professional database administrators who have three or more years of on-the-job experience administering SQL Server database solutions in an enterprise environment.

Pre-requisites

Before attending this course, you must:

• have basic knowledge of public key infrastructure (PKI) systems. For example, how public and private keys work, strengths and weaknesses, and what they are used for
• have working knowledge of network architectures and technologies. For example, how a firewall works, how IPSec works in a networking context, and common vulnerability points
• have working knowledge of Active Directory directory service. For example, security models, policies, group policy objects (GPOs), and organisational units (OUs)
• be able to design a database to third normal form (3NF) and know the tradeoffs when backing out of the fully normalised design (denormalisation) and designing for performance and business requirements in addition to being familiar with design models, such as Star and Snowflake schemas
• have strong monitoring and troubleshooting skills
• have strong knowledge of the operating system and platform. That is, how the operating system integrates with the database, what the platform or operating system can do, interaction between the operating system and the database
• have basic knowledge of application architecture. That is, different methods of implementing security in an application, how applications can be designed in three layers, what applications can do, the interaction between applications and the database, and interactions between the database and the platform or operating system
• have knowledge about network security tools. For example, sniffer and port scanning. Must understand how they should be used
• be able to use patch management systems
• have knowledge of common attack methods. For example, buffer overflow, and replay attacks
• be familiar with SQL Server 2005 features, tools, and technologies
• have a Microsoft Certified Technology Specialist: Microsoft SQL Server 2005 credential or equivalent experience

In addition, it is recommended, but not required, that students have completed:

• Course 2071: Writing Queries Using Microsoft Transact-SQL
• Course 2779: Implementing a Microsoft SQL Server 2005 Database
• Course 2780: Maintaining a Microsoft SQL Server 2005 Database

What can you expect to gain from this course?

After attending this course you will have a thorough understanding of the many considerations that determine susceptibility to security threats and how to minimise or prevent breaches in MS SQL Server, to ensure continuity of service and optimum performance.

Course Content: