Results 1 to 3 of 3
  1. #1
    3 Star Lounger
    Join Date
    Jul 2008
    Suffolk, United Kingdom
    Thanked 0 Times in 0 Posts

    Active Directory + SQL + VB / (SQL/VB/

    Hi everyone,

    I am not sure where I should post this question so please forgive me if it is in the wrong place.

    I am currently creating a database using SQL and will either be using VB or to design the UGI. I need to restrict access to the application and am not sure of the best method to do this. I would prefer to link up with Active directory but don't know where to start.

    Some of the information inside the database will be very sensitive and therfore security must be quite high. I have of course limited the access to the database through SQL using a user group. but would still like the user to have to enter there username and password.

    Many thank in advance for your help.
    Gerbil (AKA Kevin)

  2. #2
    Plutonium Lounger
    Join Date
    Nov 2001
    Thanked 7 Times in 7 Posts

    Re: Active Directory + SQL + VB / (SQL/VB/


    Designing a secure database application for operation in an Active Directory environment is an enormous area with many options - and many many risks.

    You could start by taking the Microsoft training course Designing Security for Microsoft SQL Server 2005.
    I found it interesting that the course description starts by saying
    <hr>The course emphasizes that students should think about the whole environment, which includes business needs, regulatory requirements, network systems, and database considerations during design. Students will also learn how to monitor security and respond to threats.<hr>
    You should note that the pre-requisites for this course is an enormous list, including.
    <UL><LI>Have basic knowledge of security protocols and how they work. For example, Windows NT LAN Manager (NTLM) or Kerberos.
    <LI>Have basic knowledge of public key infrastructure (PKI) systems. For example, how public and private keys work, strengths and weaknesses, and what they are used for.
    <LI>Have working knowledge of network architectures and technologies. For example, how a firewall works, how IPSec works in a networking context, and common vulnerability points.
    <LI>Have working knowledge of Active Directory directory service. For example, security models, policies, group policy objects (GPOs), and organizational units (OUs).
    <LI>Be able to design a database to third normal form (3NF) and know the tradeoffs when backing out of the fully normalized design (denormalization) and designing for performance and business requirements in addition to being familiar with design models, such as Star and Snowflake schemas.
    <LI>Have strong monitoring and troubleshooting skills.
    <LI>Have experience creating Microsoft Office Visio drawings or have equivalent knowledge.
    <LI>Have strong knowledge of the operating system and platform. That is, how the operating system integrates with the database, what the platform or operating system can do, interaction between the operating system and the database.
    <LI>Have basic knowledge of application architecture. That is, different methods of implementing security in an application, how applications can be designed in three layers, what applications can do, the interaction between applications and the database, and interactions between the database and the platform or operating system.
    <LI>Have knowledge about network security tools. For example, sniffer and port scanning. Must understand how they should be used.
    <LI>Be able to use patch management systems.
    <LI>Have knowledge of common attack methods. For example, buffer overflow, and replay attacks.
    <LI>Be familiar with SQL Server 2005 features, tools, and technologies.
    <LI>Have a Microsoft Certified Technology Specialist: Microsoft SQL Server 2005 credential or equivalent experience.[/list]StuartR

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Silicon Valley, USA
    Thanked 93 Times in 89 Posts

    Re: Active Directory + SQL + VB / (SQL/VB/

    When you say --
    <hr>I have of course limited the access to the database through SQL using a user group.<hr>
    -- do you mean at the file system level? Does that block ad hoc connections from a querying tool such as Excel? I suspect not, but it's worth testing to be sure.

    Some other thoughts on this:

    (1) Limit connections to the critical ports on the SQL Server so they can be made only from the web (application) server rather than the desktop. If you need access from other hosts, they should proxy through one server (or a handful of servers).

    (2) Apply row-level security to the extent possible, so that applications accessing the database can view only the permitted data. I have no idea how to integrate that with AD.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts