2015-12-08

All about Security in SQL Azure DB

Hi All
 
Since this is become more and more important for SQL Azure DB I am writing about 'Security Features in SQL Azure DB'.
 
I will put everything in a list and links for all features.
1)    Azure SQL Database security guidelines and limitations:
  a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.
  b) This link explain about: Firewall, Connection encryption and certificate validation, and some best Practices.
2)    Connecting to SQL Database: Best Practices and Design Guidelines:
  a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-connect-central-recommendations/
  b) This link bring few other links of the FW issue and connection Ports.
3)    Connecting to SQL Database By Using Azure Active Directory Authentication
  a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
  b) You have in this link few other links of the options to connect to SQL Azure DB :
    i)  With Password Authentication.
    ii) With Integrated Authentication.
    iii)SQL Authentication (https://azure.microsoft.com/en-us/documentation/articles/sql-database-manage-logins/).
4)    Security Features Within The SQL:
  a) Protect DATA
    i)TDE - Transparent Data Encryption: https://msdn.microsoft.com/en-us/library/dn948096.aspx. This is encryption in files level.
    ii)Always Encrypted: https://azure.microsoft.com/en-us/blog/microsoft-azure-sql-database-provides-unparalleled-data-security-in-the-cloud-with-always-encrypted/ & https://msdn.microsoft.com/en-us/library/mt163865.aspx .  This is encryption in filed level.
  b) Control Access:
    i)  Azure Active Directory: 3.a
    ii) Row Level Security: https://azure.microsoft.com/en-us/blog/row-level-security-for-sql-database-is-generally-available/ & https://msdn.microsoft.com/en-us/library/dn765131.aspx
    iii)Dynamic Data Masking: https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking-get-started-portal/ .
  c) Monitor Activity:
    i) Auditing: https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/ I love this feature….
    ii)Threat Detection: https://azure.microsoft.com/en-us/blog/threat-detection-public-preview/.
5) Security Features Within The Portal – RBAC - Role-based Access Control:
    i)We can delete DB's via portal – so we need to understand the concept of RBAC: https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/ & look for SQL in https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-roles/.
Security Center

Last and not least is the new Security Center. Insert into the Portal and go to the Security Center:
 
now we can see the wrong configurations for each type : VM's, network and DB
 
 
what the suggest now is the auditing and TDE features - if we enabled or disabled them.
 
 

 

Very nice feature
 
 
thanks.