Для улучшения сервиса и адаптации нашего сайта к индивидуальным потребностям пользователей мы используем информацию, зарегистрированную в файлах «cookies». Продолжая работу с сайтом, Вы соглашаетесь на сбор, изменение и сохранение в памяти Вашего устройства файлов «cookies». Вы можете изменить настройки касающиеся «cookies» в настройках браузера. OK
Продажа билетов закончилась 19 мая 2017 09:00 | ||||
Продолжить » |
From Zero to Security Hero
Abstract:
You've just installed SQL Server. Do you trust the default installation? Is it "secure" enough for you? How easy is it to hack a SQL Server?
In this workshop we'll see a few examples on how to exploit SQL Server, modify data and take control, while at the same time not leaving a trace.
Most importantly, we'll also cover recommendations on how to avoid these attacks, discuss the recommended security best practices, and also take a look at the pros and cons of new security features in SQL Server 2016. Workshop suited for all audiences (DBA, Developer, SysAdmin). More exploits/recommendations may be covered (SQL Server 2016 seems to be full of surprises).
Objectives:
● Understanding how to bypass security on a typical installation of SQL Server, OS, network and storage;
● Securing the SQL Server and OS installation, including security best practices;
● Recommendations on SQL Server features that have security implications.
Contents:
During this training workshop, we will cover:
● How to hack a SQL Server, take control, access and change information, using multiple techniques;
● Protect against attacks, implementing network connection encryption using certificates, Always Encrypted, Transparent Data Encryption (TDE), Backup Encryption, etc.;
● Other features in SQL Server (Row Level Security, Dynamic Data Masking, Instant File Initialisation, etc.): How to hack them, and recommendations on if and when you should use them;
● Login and object security model best practices;
● Instance configuration best practices (covering the different editions and versions of SQL Server);
● Operating system hacking and security best practices (Windows, Linux, AD, virtualisation) that affect SQL Server;
● Knowing your client apps (business apps, websites, etc.): risks, exploits (SQL Injection, Social Engineering, etc.) and solutions;
● Security best practices in database cloud environments (Azure SQL Database, Azure VM with SQL Server, etc.);
● Other security recommendations.
Attendee's recommended pre-requisites:
● Audience: DBA, Developer, SysAdmin;
● Recommended: At least 6 months of regular experience with SQL Server (Database Engine);
● Attendees are encouraged to bring their laptops to follow along;
● SQL Server 2016 will be used, although earlier versions (2012 or 2014) will be sufficient in many cases.
About the trainer:
André Melancia