Scribd
Upload
72 views6 pages

Taller de Seguridad SQL Server

The document summarizes a SQL Server security audit workshop where students: 1. Restored the AdventureWorld2019 database to their SQL Server and performed an audit to scan for vulnerabilities. 2. After correcting an error, they ran the audit again and exported the results to Excel. 3. They also audited the master database and a database called "BIBLIOTECA" they created in a previous class, resolving any errors found.

Uploaded by

Javii
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
72 views6 pages

Taller de Seguridad SQL Server

The document summarizes a SQL Server security audit workshop where students: 1. Restored the AdventureWorld2019 database to their SQL Server and performed an audit to scan for vulnerabilities. 2. After correcting an error, they ran the audit again and exported the results to Excel. 3. They also audited the master database and a database called "BIBLIOTECA" they created in a previous class, resolving any errors found.

Uploaded by

Javii
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Escuela Tecnológica Instituto Técnico Central

Tecnólogo en Desarrollo de Software


Asignatura: Bases de Datos II
Estudiantes: Javier Sánchez / José Reinoso

TALLER DE SEGURIDAD SQL SERVER

Restauramos la base de datos AdventureWorld2019 en nuestro SQL Server.

Hacemos auditoría a la base de datos, escaneamos las vulnerabilidades.


Luego de corregir un error, pasamos nuevamente la auditoría.

Exportación de la auditoría realizada a Excel.


Hacemos auditoría a la base de datos master

Ahora, realizamos la auditoría con una base de datos creada en clases pasadas,
en este caso será “BIBLIOTECA”

Una vez solucionados los errores presentados en la auditoría, la realizamos


nuevamente. Observando que, no se encontraron “failing check”
Anexos
Scripts sugeridos y usados para la corrección de los errores presentados en la
primera auditoría.
Scripts completos:

IF((SELECT count(*) from sys.database_principals WHERE principal_id >= 5 AND


principal_id < 16384 ) > 0) SELECT 0 AS [Violation] 1
ELSE SELECT 1 AS [Violation]

SELECT CASE WHEN EXISTS


( SELECT *
FROM sys.databases
WHERE name = db_name() 2
AND is_encrypted = 0)
THEN 1
ELSE 0
END AS [Violation]

SELECT permission_name AS [Permission]


,schema_name AS [Schema]
,object_name AS [Object]
FROM (
3
SELECT objs.TYPE COLLATE database_default AS object_type
,schema_name(schema_id) COLLATE database_default AS schema_name
,objs.name COLLATE database_default AS object_name
,user_name(grantor_principal_id) COLLATE database_default AS
grantor_principal_name
,permission_name COLLATE database_default AS permission_name
,perms.TYPE COLLATE database_default AS TYPE
,STATE COLLATE database_default AS STATE
FROM sys.database_permissions AS perms
INNER JOIN sys.objects AS objs
ON objs.object_id = perms.major_id
WHERE perms.class = 1 -- objects or columns. Other cases are handled by VA1095
which has different remediation syntax
AND grantee_principal_id = DATABASE_PRINCIPAL_ID('public')
AND [state] IN (
'G'
,'W'
)
AND NOT (
-- These permissions are granted by default to public
permission_name = 'EXECUTE'
AND schema_name(schema_id) = 'dbo'
AND STATE = 'G'
AND objs.name IN (
'fn_sysdac_is_dac_creator'
,'fn_sysdac_is_currentuser_sa'
,'fn_sysdac_is_login_creator'
,'fn_sysdac_get_username'
,'sp_sysdac_ensure_dac_creator'
,'sp_sysdac_add_instance'
,'sp_sysdac_add_history_entry'
,'sp_sysdac_delete_instance'
,'sp_sysdac_upgrade_instance'
,'sp_sysdac_drop_database'
,'sp_sysdac_rename_database'
,'sp_sysdac_setreadonly_database'
,'sp_sysdac_rollback_committed_step'
,'sp_sysdac_update_history_entry'
,'sp_sysdac_resolve_pending_entry'
,'sp_sysdac_rollback_pending_object'
,'sp_sysdac_rollback_all_pending_objects'
,'fn_sysdac_get_currentusername'
)
OR permission_name = 'SELECT'
AND schema_name(schema_id) = 'sys'
AND STATE = 'G'
AND objs.name IN (
'firewall_rules'
,'database_firewall_rules'
,'ipv6_database_firewall_rules'
,'bandwidth_usage'
,'database_usage'
,'external_library_setup_errors'
,'sql_feature_restrictions'
,'resource_stats'
,'elastic_pool_resource_stats'
,'dm_database_copies'
,'geo_replication_links'
,'database_error_stats'
,'event_log'
,'database_connection_stats'
)
OR permission_name = 'SELECT'
AND schema_name(schema_id) = 'dbo'
AND STATE = 'G'
AND objs.name IN (
'sysdac_instances_internal'
,'sysdac_history_internal'
,'sysdac_instances'
)
)

) t

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy