United States Change | All Microsoft Sites
Microsoft Home | Servers and Tools
SQL Server 2008 Common Criteria Certified
SQL Server 2008 Enterprise edition has completed an IT security evaluation at the Basic Assurance Level (EAL1+) and was certified by BSI (Bundesamt fur Sicherheit in der Informationtechnik).
Microsoft SQL Server 2008 offers security feature enhancements that help provide effective management of security feature configuration, strong authentication and access control, powerful encryption and key management capabilities, and enhanced auditing.
Use Policy-Based Management to help manage and detect non-compliance with security polices for data across the enterprise
Encrypt data without modifying applications by using Transparent Data Encryption
Employ enterprise wide encryption solutions with Extensible Key Management and Hardware Security Modules
Implement high-performance, granular auditing with SQL Server Audit
Securing the Surface Area with Policies
Help protect your data with a database solution that is designed to be secure by default and secure in deployment.
Use Policy-Based Management to help ensure compliance with configuration policies for servers, databases, and database objects across the enterprise. Help reduce your exposure to security threats by using the new Surface Area facet to control active services and features.
Use Windows Update to automatically apply SQL Server 2008 patches. Reduce threats caused by known software vulnerabilities.
Schema Creation
Take control of your data by managing authentication and authorization effectively and by providing access to only users who need it.
Automatically apply the password policies of Microsoft Windows Server 2003 (or later) to enforce minimum password length, proper character combinations, and regularly-changing passwords even when using SQL Server logins
Use msdb database fixed database roles to increase control over Agent services
Use multiple proxy accounts to make execution of a SQL Server Integration Services (SSIS) package as a job step more secure
Provide security-enhanced access to metadata by using catalog views, enabling users to view metadata only for those objects to which they have access
Mark modules with an execution context so that statements within the module execute as a particular user instead of the calling user
Grant the calling user permission to execute the module, but use the permissions of the execution context for statements within the module
Use schemas to simplify and improve flexibility of large databases. Grant permissions to a schema to grant permissions to every object contained in the schema and every object created in that schema in the future.
Transparent Data Encryption
Protect sensitive data through built-in cryptographic capabilities and support for enterprise key management solutions.
Use the built-in cryptography hierarchy in SQL Server 2008 to create asymmetric keys, symmetric keys, and certificates
Reduce the complexity of developing applications that require encrypted data by performing all encryption transparently at the database level through a security enhanced database encryption key (DEK). Enable application developers to access encrypted data without changing existing applications.
Consolidate your enterprise encryption by using an Enterprise Key Management system. Separate your data from the keys using Hardware Security Modules to store the keys in separate hardware. Simplify key management by using specialist systems.
Currently the following HSM vendors support SQL Server 2008 EKM: SafeNet, Thales/nCipher, Arx Inc.
Use a key or certificate to add a digital signature to code modules such as stored procedures and functions, and then associate additional permissions to the signature for the duration of the code module execution
All Action Audit
Audit activity in your database systems for accountability and compliance.
Define audits to automatically record activity in log files, the Windows Application log, or the Windows Security log. Take full control of auditing by creating audit specifications to determine the server and database actions to include in the audit.
Capture and audit data definition language (DDL) activities by using triggers. Extend triggers to respond to DDL events as well as data manipulation language (DML) events and log DDL events, improving auditing and enhancing security.
Security
