United States   Change   |   All Microsoft Sites

Home

Security

SQL Server 2008 Common Criteria Certified

SQL Server 2008 Enterprise edition has completed an IT security evaluation at the Basic Assurance Level (EAL1+) and was certified by BSI (Bundesamt fur Sicherheit in der Informationtechnik).

Overview

Microsoft SQL Server 2008 offers security feature enhancements that help provide effective management of security feature configuration, strong authentication and access control, powerful encryption and key management capabilities, and enhanced auditing.

Top New Features

  • Use Policy-Based Management to help manage and detect non-compliance with security polices for data across the enterprise

  • Encrypt data without modifying applications by using Transparent Data Encryption

  • Employ enterprise wide encryption solutions with Extensible Key Management and Hardware Security Modules

  • Implement high-performance, granular auditing with SQL Server Audit

Securing the surface area with policies

Securing the Surface Area with Policies

Help secure data across the enterprise

Help protect your data with a database solution that is designed to be secure by default and secure in deployment.

Configure the surface area with automated Policy-Based Management - New!

  • Use Policy-Based Management to help ensure compliance with configuration policies for servers, databases, and database objects across the enterprise. Help reduce your exposure to security threats by using the new Surface Area facet to control active services and features.

Automatically apply software updates

  • Use Windows Update to automatically apply SQL Server 2008 patches. Reduce threats caused by known software vulnerabilities.

Schema Creation

Schema Creation

Control access to data resources

Take control of your data by managing authentication and authorization effectively and by providing access to only users who need it.

Enforce password policies

  • Automatically apply the password policies of Microsoft Windows Server 2003 (or later) to enforce minimum password length, proper character combinations, and regularly-changing passwords even when using SQL Server logins

Use roles and proxy accounts

  • Use msdb database fixed database roles to increase control over Agent services

  • Use multiple proxy accounts to make execution of a SQL Server Integration Services (SSIS) package as a job step more secure

Provide security enhanced metadata access

  • Provide security-enhanced access to metadata by using catalog views, enabling users to view metadata only for those objects to which they have access

Enhance security features with execution context

  • Mark modules with an execution context so that statements within the module execute as a particular user instead of the calling user

  • Grant the calling user permission to execute the module, but use the permissions of the execution context for statements within the module

Simplify permission management

  • Use schemas to simplify and improve flexibility of large databases. Grant permissions to a schema to grant permissions to every object contained in the schema and every object created in that schema in the future.

Transparent Data Encryption

Transparent Data Encryption

Encrypt sensitive data

Protect sensitive data through built-in cryptographic capabilities and support for enterprise key management solutions.

Take advantage of a built-in cryptography hierarchy

  • Use the built-in cryptography hierarchy in SQL Server 2008 to create asymmetric keys, symmetric keys, and certificates

Encrypt data transparently - New!

  • Reduce the complexity of developing applications that require encrypted data by performing all encryption transparently at the database level through a security enhanced database encryption key (DEK). Enable application developers to access encrypted data without changing existing applications.

Employ Extensible Key Management - New!

  • Consolidate your enterprise encryption by using an Enterprise Key Management system. Separate your data from the keys using Hardware Security Modules to store the keys in separate hardware. Simplify key management by using specialist systems.

  • Currently the following HSM vendors support SQL Server 2008 EKM: SafeNet, Thales/nCipher, Arx Inc.

Sign code modules

  • Use a key or certificate to add a digital signature to code modules such as stored procedures and functions, and then associate additional permissions to the signature for the duration of the code module execution

All Action Audit

All Action Audit

Audit database activity

Audit activity in your database systems for accountability and compliance.

Enhanced Auditing with the SQL Server Audit - New!

  • Define audits to automatically record activity in log files, the Windows Application log, or the Windows Security log. Take full control of auditing by creating audit specifications to determine the server and database actions to include in the audit.

Create custom auditing solutions with DDL triggers

  • Capture and audit data definition language (DDL) activities by using triggers. Extend triggers to respond to DDL events as well as data manipulation language (DML) events and log DDL events, improving auditing and enhancing security.

Additional Resources

 

Take the next step

Download the Essential Backpack
TechNet IT Pros Start Here
MSDN Developers Start Here