Cloud Enabling Access Experts
SQL Server Security
• Securing your data
• Moving your data to SQL Server is an
improvement over Access (Avoids
SneakerNet)
Cloud Enabling Access Experts
SQL Server Security
Models
• Active Directory Users and Groups
• SQL Server Logins
• Which is more secure?
Cloud Enabling Access Experts
Active Directory
• Windows User Accounts
• Windows Groups: Admin, Power User, Read
Only
• Windows Groups SQL Server Roles
Cloud Enabling Access Experts
Active Directory
Benefits
• Allows Network Admins to add
employees to different groups and not
have to go into SQL Server
Management Studio
• When user account is deactivated, i.e.
fired, they lose rights to the database
• Use the windows credentials in your
Access app to validate the user on
startup
• If you’re not in a group you have no
security clearance to database
Problems
• Data can be exposed outside Access
(Users can launch Excel and extract
data)
• Requires IT to manage users, not
owners
Cloud Enabling Access Experts
SQL Server Security
Benifits
• Users and roles are managed in SQL
Server
• IT may not be needed, since you can
use DDL commands to add users and
assign them to roles with code
• You can use a single SQL account
and only use it in your app, not provide
it to users
Issues
• Users must login via your app
Cloud Enabling Access Experts
Attack Vectors
• Social Hacking
• Brute Force
• Zero Day Flaws
Cloud Enabling Access Experts
Fake Login Pages
Prompts for your
user name and
password, phony
phone leads to
computer hijacking
Cloud Enabling Access Experts
Target
40 Million People Affected
Cloud Enabling Access Experts
Hardening SQL Server• Use a non-standard port
• Use a fixed IP address and disable browser
service
• Force encryption between the server and the
client http://bit.ly/1jt5VIk
• Encrypt your SQL Server files (TDE)
(not available on Express) http://bit.ly/1ngUDaG
Cloud Enabling Access Experts
Hardening Continued
• Allow max three login tries, enforce 15 minute
lockouts using windows policy
• More tips at http://bit.ly/1ngWvjB
• Azure Security http://bit.ly/1fJdDPn
Cloud Enabling Access Experts
SQL Setup Suggestion
• Use one SQL Login and password in your
app, hide them using Base64 technique
http://bit.ly/1mvSSFg
• Create a user table and validate user
credentials using a stored procedure
• Don’t provide credentials to anyone
Cloud Enabling Access Experts
What’s Next?• Consider AccessHosting.com for hosting SQL
Server
• Add me to your network on LinkedIn
https://www.linkedin.com/in/juansoto
• Like my Facebook page
https://www.facebook.com/AccessExpert
• Subscribe to my blog
http://accessexperts.com/blog/
Cloud Enabling Access Experts
Learn and get paid
• Take on a SQL Server project and collaborate
with us, split revenue 50%
• Usually takes one project to get up to speed.