TNT4-05 <SLIDETITLE>Entry Slide</SLIDETITLE>

TNT4-05 <SLIDETITLE>Entry Slide</SLIDETITLE>
<KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Difusión por el Web de SQL Server 2005 Parte 5: Proteger información confidencial
<SLIDETITLE>Protecting Sensitive Data.</SLIDETITLE> <KEYWORDS>Session Title</KEYWORDS> <KEYMESSAGE>Welcome to the SQL Server 2005 Protecting Sensitive Data webcast.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and Welcome to this session on protecting sensitive data with SQL Server My name is {insert name}. Microsoft SQL Server 2005 is comprehensive, integrated, data management, and analysis software that empowers users across your organization by providing a more secure, reliable, and productive data platform for your enterprise line of business and analytical applications. To help database administrators and IT professionals get up to speed on the product quickly, we have created this 10 part Webcast series. This is the fifth part, describing the features that SQL Server 2005 provides to protect sensitive data, and showing how to use them. </SLIDESCRIPT> <SLIDETRANSITION> Here’s what we will cover today. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Lo que vamos a cubrir: Certificados de SQL Server 2005
Claves de encriptación Encriptación simétrica Encriptación asimétrica Firmas digitales <SLIDETITLE>What we will Cover</SLIDETITLE> <KEYWORDS>Certificates; encryption; digital signatures</KEYWORDS> <KEYMESSAGE>This is what will be covered in this session. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> This Webcast covers the mechanisms and methods SQL Server 2005 uses to protect sensitive data. Specifically, we will look at the use of certificates and encryption techniques. This will include asymmetric and symmetric encryption and digital signatures. </SLIDESCRIPT> <SLIDETRANSITION>To get the most out of this session, you should have the following knowledge and experience.</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Nivel 200 Conocimiento previo
Experiencia en dar soporte a Servidores Windows 2003 Experiencia en administrar y dar mantenimiento a SQL Server 2000 Experiencia en administrar bases de datos <SLIDETITLE>Prerequisite Knowledge</SLIDETITLE> <KEYWORDS>Prerequisite Knowledge</KEYWORDS> <KEYMESSAGE>To get the most out of this session, you should be familiar with these topics.</KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> To get the most out of this session, you should have knowledge of the following topics: You should have experience supporting Windows 2003 servers. We also assume that you are familiar with managing and maintaining SQL Server 2000. Finally, you should have experience administering databases. </SLIDESCRIPT> <SLIDETRANSITION>Now let’s look at the session agenda.</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Nivel 200

Agenda Repaso Encriptación de datos
Encriptación de datos en SQL Server 2005 Firmas de módulo <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE> This is the agenda for this session. </KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> We will start by reviewing the previous session that was concerned with SQL Server 2005 Security We will then look at data encryption. This will include an explanation of asymmetric and symmetric encryption and the role of certificates. We will then look at how these are used by SQL Server 2005 to protect user data. We will then look at digital signatures and how SQL Server 2005 signs modules to protect access to data. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at the major points of the previous session. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Repaso Modelo de seguridad SQL Server 2005
<SLIDETITLE>SQL Server 2005 Security Model</SLIDETITLE> <KEYWORDS>Principals; Permissions; Securables</KEYWORDS> <KEYMESSAGE>Show the use of principals, permissions and securables.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> There are three major components that are used to limit access to features and functionality on a SQL Server; principals, securables and permissions. A principal is an identity that has authenticated to the SQL Server. Principals can be Windows user and group accounts, or SQL based user accounts and roles. A securable is a resource. Access to a securable is controlled. Securables in SQL Server include databases, assemblies, tables, and other objects. SQL Server objects are arranged in a hierarchy of three scopes; server, database and schema. The server scope contains objects such as logins, endpoints, certificates and databases. The database scope contains objects such as users, roles, assemblies and schemas. The schema scope contains objects such as tables, views, functions and procedures. Permissions define the access that a principal has on a securable. The range of permissions that can be applied has been extended in SQL Server Each permission can be granted; assigning the permission to a principal that does not have it, revoked; removing the permission from a principal, or denied; disallowing a principal from obtaining a permission. To govern the SQL Server environment, principals should be assigned the most restrictive permission to a securable that still allows them the access they require. </SLIDESCRIPT> <SLIDETRANSITION> We also discussed SQL Server endpoints, specifically HTTP endpoints. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> Principales Windows Grupos Cuenta de dominio Cuenta local SQL Server Cuenta SQL Rol del servidor Base de datos Usuario Rol de la base de datos Rol de la aplicación Grupo Permisos Otorgar/revocar/rechazar Crear Alterar Soltar Controlar Conectar Seleccionar Ejecutar Actualizar Eliminar Insertar Asegurables Enfoque del servidor Inicios de sesión Puntos finales Bases de datos Enfoque de la base de datos Usuarios Ensamblados Esquemas Enfoque del esquema Tablas Procedimientos Vistas

Repaso Puntos finales de HTTP
Beneficios del soporte HTTP nativo Soporte a protocolos en toda la industria Puertos abiertos limitados en los firewalls Puntos finales de HTTP Los puntos finales se deben crear explícitamente Sin permisos por predeterminación Requiere Windows Server 2003 (HTTP.sys) pero no Internet Information Services (IIS) <SLIDETITLE>HTTP Endpoints</SLIDETITLE> <KEYWORDS>HTTP; Endpoint</KEYWORDS> <KEYMESSAGE>Explain the differences with HTTP endpoints.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The use of HTTP endpoints is beneficial in a heterogeneous environment because the web services that can use them work independently of programming language and operating system. Access to a web service is provided over HTTP, making firewall configuration straightforward. HTTP endpoints are not created by default. They must be explicitly created and have access permissions assigned to them. HTTP endpoint support in SQL Server 2005 requires the use of HTTP.sys, available as part of Windows Server However, Internet Information Services is not required. </SLIDESCRIPT> <SLIDETRANSITION> SQL Server 2005 can also integrate with Windows password policies. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Repaso Política de la contraseña
Requiere Windows Server 2003 Autenticación Windows Inicio de sesión del usuario para Windows Política de contraseña para Windows reforzada Autenticación de SQL Server Inicio de sesión de SQL Server Política de contraseña de máquina local aplicada Política de dominio en un ambiente de dominio Vista del catálogo sys.sql_logins <SLIDETITLE>Password Policy</SLIDETITLE> <KEYWORDS>SQL Server; Password; Policy</KEYWORDS> <KEYMESSAGE>Explain how SQL Server uses the Windows password policy.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> When a Windows user is created, a password for that user must be configured. To maintain security Windows enables the configuration of a policy governing password acceptability. The major features of the policy are the required length of a password, password complexity and password expiration. SQL Server 2005 can use the Windows password policy of the local machine, or in a domain the domain policy, and enforce the same requirements for SQL Server logins. The sys.sql_logins catalog view enables an administrator to check that all passwords being used meet the policy requirements. </SLIDESCRIPT> <SLIDETRANSITION> SQL Server 2005 also separates object owners from the object namespace. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Repaso Separación del esquema del usuario
Funcionalidad ampliada de versiones previas Espacio de nombre para objetos de la base de datos Los grupos de objetos no dependen de la propiedad Permisos otorgados en el esquema así como en los objetos individuales de la base de datos Los permisos otorgados en el esquema afectan los objetos de la base de datos del esquema Soltar a un usuario no requiere renombrar los objetos propiedad del usuario <SLIDETITLE>User Schema Separation.</SLIDETITLE> <KEYWORDS>Schema</KEYWORDS> <KEYMESSAGE> Explain the role of schemas with SQL Server 2005. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> In SQL Server 2005 databases, a schema is a container for database objects. The schema in which an object is defined is also part of the object namespace. The object namespace no longer includes object owners as it did in previous releases, providing greater flexibility when organizing database objects. Schemas are securables. A permission granted on a schema is inherited by the database objects within the schema. If necessary, permissions can be explicitly assigned at the schema scope and also at the object itself. For example, you could grant SELECT permission on the schema, and DENY SELECT permission on a specific table within the schema. The result is that the user has SELECT permission on all objects in the schema except the table on which you denied SELECT permission. However, if a user is denied access at the schema scope, they cannot access any objects that are members of the schema. Because the object namespace no longer includes the owner, if the owner changes it does not affect object access. </SLIDESCRIPT> <SLIDETRANSITION> The security context of executing modules can also be configured. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Repaso Contexto de ejecución de módulo
Configure el contexto de ejecución de los módulos El que llama no requiere permisos Efectivo con una cadena de propiedad rota EJECUTAR COMO El que llama (predeterminado) Nombre del usuario (personaliza los permisos que se requieren) Uno mismo Propietario <SLIDETITLE>Modula Execution Context.</SLIDETITLE> <KEYWORDS>Module; execution; context</KEYWORDS> <KEYMESSAGE> Explain the benefits of module execution context. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Module execution context enables an administrator to create specific security contexts for the execution of code on the server. For example the administrator can create a procedure that reads or writes to a table and configure the security context that the procedure executes in. This means the caller of the procedure does not need to have the permissions to carry out the functions of the procedure , though they do need to have execute permissions for the procedure itself. The ability to specify the identity used by a code module such as a stored procedure ensures that callers can use the stored procedure to access data from underlying objects they have no permissions on, even when the ownership chain is broken. You specify the identity to be used by a code module with the EXECUTE AS clause of the appropriate CREATE statement. When specifying an identity with the EXECUTE AS clause, you can specify CALLER – the user calling the procedure, the name of a user whose security context the procedure will use, SELF – the user who created the procedure, or OWNER –the owner of the procedure. </SLIDESCRIPT> <SLIDETRANSITION> SQL Server 2005 also includes more granular permissions. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Repaso Permisos granulares
Asegurables ordenados en una jerarquía Herencia de permisos Todos los objetos tienen permisos asociados Principal de menor privilegio <SLIDETITLE>Granular Permissions.</SLIDETITLE> <KEYWORDS>Permissions.</KEYWORDS> <KEYNESSAGE>Explain the use of permissions in SQL Server 2005.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Securables in SQL Server 2005 are arranged in a hierarchy, from server to database to schema to object. Relevant permissions that are assigned higher up the hierarchy are inherited by any securables lower down. For example, EXECUTE permissions granted at the database level will affect all schemas, assuming the permission is not specifically denied lower down the hierarchy. The permissions hierarchy in SQL Server 2005 is more granular than in previous releases. All objects in the system have associated permissions, making it possible to implement flexible security policies. For example, you could assign CONTROL permission on all login objects that relate to users in a specific department to the login for the department supervisor; effectively delegating the administration of those logins. At the database level, you can assign individual permissions on all objects to users or database roles. This approach allows you to assign custom permission sets when the default permissions for the built-in server or database roles are inappropriate. The granular permissions hierarchy in SQL Server 2005 enables administrators to follow the principal of least privilege; assigning only the permissions necessary for each principal to carry out their role. </SLIDESCRIPT> <SLIDETRANSITION> Let’s try some review questions. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Usted desea asignar permisos SELECT a todas las tablas e...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] Asignar permisos a cada tabla de manera individual Asignar permisos al esquema Asignar permisos a la base de datos Asignar permisos al servidor

Repaso Permisos granulares
Usted desea asignar permisos SELECT a todas las tablas en un esquema para Jane. ¿Cuál es la mejor manera de lograr esto? Asignar permisos a cada tabla de manera individual Asignar permisos al esquema Asignar permisos a la base de datos Asignar permisos al servidor <SLIDETITLE>Review: Granular Permissions.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Question</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The correct answer is 2. Assigning SELECT permissions at the schema scope will GRANT Jane SELECT on all tables in the schema. </SLIDESCRIPT> <SLIDETRANSITION>Let’s try another question.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Usted desea asegurarse de que tanto los INICIOS DE SESIÓN de Windows como de SQL...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] Windows Server 2003 Windows 2000 Windows NT 4 Windows XP

Repaso Políticas de contraseña
Usted desea asegurarse de que tanto los inicios de sesión de Windows como de SQL utilicen contraseñas complejas. ¿Qué sistema operativo se debe usar? Windows Server 2003 Windows 2000 Windows NT 4 Windows XP <SLIDETITLE>Review: Password Policies.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Question</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The correct answer is 1. For SQL logins to use password policies SQL Server 2005 must be installed on Windows Server 2003. </SLIDESCRIPT> <SLIDETRANSITION>Let’s try another question.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Para usar el contexto de la ejecución del módulo usted debe tener una ca...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] Verdadero Falso

Repaso Contexto de ejecución de módulo
Para usar el contexto de la ejecución del módulo debe tener una cadena de propiedad sin romper. Verdadero Falso <SLIDETITLE>Review: Module Execution Context.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Question</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The correct answer is False. Module execution context enables the execution of a module using a specific security context with broken ownership chains. </SLIDESCRIPT> <SLIDETRANSITION>Let’s have a look at the next agenda item.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encriptación de datos en SQL Server 2005 Firmas de módulo <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE> This is the agenda for this session. </KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> The next agenda item is data encryption. </SLIDESCRIPT> <SLIDETRANSITION> Let's start by looking at data encryption algorithms and keys. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Encriptación de datos Algoritmos y claves
Algoritmos de encriptación Públicamente conocidos Permiten almacenamiento seguro de los datos Los datos también se desencriptan Algoritmos Hash Permiten la verificación de la integridad de los datos Los datos NO están “dehashed” Claves de encriptación Porción única del algoritmo <SLIDETITLE>Algorithms and Keys.</SLIDETITLE> <KEYWORDS>Algorithm; keys.</KEYWORDS> <KEYMESSAGE> Explain the role of algorithms. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Encryption and hashing algorithms are mathematical processes run on data. The algorithms are publicly known so they can be tested thoroughly and incorporated into many applications. Because the algorithms are publicly available, to make communications private, a unique value incorporated into the algorithm is dynamically generated each time the algorithm is used. This unique value is known as a key. Since the key is the only unique part of the algorithm, longer keys make the encryption harder to crack. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at encryption. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Encriptación de datos Algoritmos de encriptación
<SLIDETITLE>Algorithms and Keys.</SLIDETITLE> <KEYWORDS>Algorithm; keys.</KEYWORDS> <KEYMESSAGE> Explain the role of encryption algorithms. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Encryption algorithms enable secure communication or storage of data. By running the data through an algorithm, the data is changed before being transmitted or stored. By running the encrypted data through the same algorithm, the data can be returned to its original form. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look hashing. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Algoritmo Datos Desencriptación Datos encriptados

Encriptación de datos Algoritmos Hashing
<SLIDETITLE>Algorithms and Keys.</SLIDETITLE> <KEYWORDS>Algorithm; keys.</KEYWORDS> <KEYMESSAGE> Explain the role of hashing algorithms. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hashing algorithms are used to check data integrity. A hashing algorithm does not encrypt data but creates an out put called a digest. If the data changes then the digest will also change. Digests are sent with data so that the recipient can make sure the data has not been tampered with. The recipient will hash the data and compare the resultant digest with the one that was received with the data. If the digests are different the recipient knows the data has changed. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at asymmetric encryption. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Algoritmo Datos Datos Digest

Encriptación de datos Encriptación asimétrica
Par de claves públicas/privadas Encripte con un clave pública, desencripte con una clave privada Encripte con un clave privada, desencripte con una clave pública Autenticación Firma digital Encriptación de datos Altos costos administrativos de encriptación <SLIDETITLE>Asymmetric Encryption.</SLIDETITLE> <KEYWORDS>Asymmetric; public key; private key.</KEYWORDS> <KEYMESSAGE> Explain the basics of asymmetric encryption. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Asymmetric encryption uses a combination of keys. The keys are known as public and private keys. They are mathematically related but not the same. The relationship between the keys means that any data encrypted by one key must be decrypted by the other. The same key CANNOT be used to encrypt and decrypt data. It is also infeasible to create the private key if you posses the public key and visa-versa. Public\private key pairs can also be used for authentication. If you can successfully decrypt data using a public key, the data must have been encrypted using the related private key, identifying the sender. This is used in the digital signature process which we will discuss later. Asymmetric encryption uses long keys making the encryption harder to crack but also placing a higher overhead on system resources. For this reason it is not usually used for bulk encryption and decryption. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at the asymmetric encryption process. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Pública <SLIDETITLE>Asymmetric Encryption.</SLIDETITLE> <KEYWORDS>Asymmetric; public key; private key.</KEYWORDS> <KEYMESSAGE> Explain the distribution of the public key. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> In asymmetric encryption, the public key is distributed or made available to potential communication partners. Within SQL Server 2005 they are stored within the database they are created in. Since any data encrypted with the public key CANNOT be decrypted with the public key the availability of the key is not a security weakness. The private key must not be made available but always kept secret. Within SQL Server 2005 the keys are stored inside the database they are created in. The private key is protected by a database master key. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at encryption using the public key. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Pública Privada Pública La clave pública se hace disponible o se distribuye a los socios de negocios de comunicación

Privada Pública <SLIDETITLE>Asymmetric Encryption.</SLIDETITLE> <KEYWORDS>Asymmetric; public key; private key.</KEYWORDS> <KEYMESSAGE> Explain encryption using the public key. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> When a public key is used to encrypt data, only the related private key can decrypt the data. This enables secure data access or data transfer in an uncontrolled environment such as the Internet. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at encryption using the private key. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Encriptación de datos Pública Los datos encriptados con la clave pública sólo se pueden desencriptar con la clave privada

Privada Pública <SLIDETITLE>Asymmetric Encryption.</SLIDETITLE> <KEYWORDS>Asymmetric; public key; private key.</KEYWORDS> <KEYMESSAGE> Explain encryption using the private key. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Data encrypted by the private key can only be decrypted by the public key. This means that any recipient of the public key can decrypt the data. This process can be used to identify to the private key holder. If the public key will successfully decrypt the data it was sent and encrypted by the private key owner. This process is used in digital signatures. </SLIDESCRIPT> <SLIDETRANSITION> Let's compare this process to symmetric encryption. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Encriptación de datos Pública Los datos encriptados con la clave privada sólo se pueden desencriptar con la clave pública Se utiliza en firmas digitales

Encriptación de datos Encriptación simétrica
Par de claves idénticas o clave única Encriptar/desencriptar con la misma clave Encriptación de datos Bajos costos administrativos de encriptación <SLIDETITLE>Symmetric Encryption.</SLIDETITLE> <KEYWORDS>Symmetric key; encryption</KEYWORDS> <KEYMESSAGE> Explain the basics of symmetric encryption. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Symmetric encryption uses the same key to encrypt and decrypt data. The key used for symmetric encryption is sometimes known as a session key. If symmetric encryption is used inside a database a single key is created that can both encrypt and decrypt the data, if it is going to be used between communication partners a copy of the same key must be held by both partners. Symmetric encryption uses shorter keys that asymmetric encryption and has a lower resource overhead. For this reason symmetric encryption is often used for bulk encryption and decryption. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at the symmetric encryption process. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Encriptación de datos Encriptación simétrica
<SLIDETITLE>Symmetric Encryption.</SLIDETITLE> <KEYWORDS>Symmetric; encryption</KEYWORDS> <KEYMESSAGE> Explain symmetric encryption. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Because symmetric encryption uses the same key for encryption and decryption, the key must be available for both processes. Within SQL Server 2005 the key is stored within the database it was created in and available for encryption and decryption within that database. For data communication the means of creating the key, or the key itself, must be transferred or known by communication partners. This creates a security issue as the key may be intercepted en route if transferred. A symmetric key is often created from a password that is entered by communication partners. A more complex password creates a more secure key. </SLIDESCRIPT> <SLIDETRANSITION> If the key is intercepted the communication channel is not secure. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Simétrica Simétrica La copia de la clave simétrica se almacena o distribuye a los socios de negocios de comunicación

La clave simétrica encripta y desencripta datos
Encriptación de datos Encriptación simétrica Simétrica Simétrica <SLIDETITLE>Symmetric Encryption.</SLIDETITLE> <KEYWORDS>Symmetric Encryption.</KEYWORDS> <KEYMESSAGE> Explain symmetric encryption. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Assuming secure storage in a database or transfer of the key, symmetric encryption is a secure process. It also has a lower system overhead than asymmetric encryption. </SLIDESCRIPT> <SLIDETRANSITION> Now Let's look at certificates. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> La clave simétrica encripta y desencripta datos Se utiliza la misma clave para encriptar y desencriptar datos

Encriptación de datos Certificados
SQL Server 2005 puede emitir certificados Contiene clave pública Clave privada asociada Identifica al propietario de las claves públicas/privadas Autenticación Emisión de certificados Interna Terceros <SLIDETITLE>Certificates.</SLIDETITLE> <KEYWORDS>Certificates.</KEYWORDS> <KEYMESSAGE> Explain the basics of certificates. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Certificates are used to identify the owner of a public\private key pair and are distributed with the public key for authentication purposes. There is an amount of trust involved in certificate based authentication since the recipient must believe the certificate is accurate. There are a number of well-known certificate issuers who go to a great deal of trouble to make sure the certificates they issue are accurate. If the certificate is to be used internally a local certificate issuing process can be used. SQL Server 2005 includes a certificate issuing service. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at how certificates are used. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Encriptación de datos Certificados
<SLIDETITLE>Certificates.</SLIDETITLE> <KEYWORDS>Certificates; public; private</KEYWORDS> <KEYMESSAGE> Explain the use of certificates. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> When a public key is distributed or made available in the database, it is contained in a certificate. The certificate identifies the owner of the public key. </SLIDESCRIPT> <SLIDETRANSITION> The creator of the certificate must be trusted. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Certificado Privada Certificado El certificado se hace disponible o se distribuye a los socios de negocios de comunicación El certificado contiene la clave pública e identifica el propietario de la clave

Los datos encriptados con la clave pública a partir del certificado
Encriptación de datos Certificados Privada Certificado <SLIDETITLE>Certificates.</SLIDETITLE> <KEYWORDS>Certificates; public; private</KEYWORDS> <KEYMESSAGE> Explain the use of certificates. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Data can be encrypted with the public key from the certificate, confident that only the identity on the certificate can decrypt the data with the associated private key. </SLIDESCRIPT> <SLIDETRANSITION> Data can also be encrypted with private key. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Los datos encriptados con la clave pública a partir del certificado Certificado El certificado identifica al propietario del par de claves pública/privada Sólo el propietario de la clave privada puede desencriptar los datos

Los datos son encriptados por la clave privada
Encriptación de datos Certificados Certificado Privada <SLIDETITLE>Certificates.</SLIDETITLE> <KEYWORDS>Certificates; public; private</KEYWORDS> <KEYMESSAGE> Explain the use of certificates. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> If data is encrypted with a private key, only the related public key will be able to decrypt it. The certificate associated with that public key verifies the identity that encrypted the data. This process can provide data transfer and authentication in insecure environments. </SLIDESCRIPT> <SLIDETRANSITION> Secure data transfer on the Internet uses these processes. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Los datos son encriptados por la clave privada Certificado Se utiliza la clave pública para desencriptar datos El certificado asociado con la clave pública verifica la identidad

Se distribuye el certificado
Encriptación de datos Combina claves y certificados Certificado <SLIDETITLE>Combining Keys and Certificates.</SLIDETITLE> <KEYWORDS>Symmetric; asymmetric; certificates.</KEYWORDS> <KEYMESSAGE> Explain how the described encryption methods can be used together. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> By combining the security processes we have discussed it is possible to overcome many of the security and performance issues the individual process may have. If we want to store or send bulk encrypted data we would prefer to use faster symmetric encryption. To secure access to the symmetric key used to encrypt the data we can use public\private keys. Firstly we make available or distribute the public key with a certificate. The certificate provides verification of the identity that encrypted the data. </SLIDESCRIPT> <SLIDETRANSITION> Next we need the symmetric keys. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Se distribuye el certificado Certificado Privada Certificado El servidor envía el certificado y la clave pública al cliente El certificado identifica el servidor para el cliente

Se distribuye la clave simétrica
Encriptación de datos Combina claves y certificados Simétrica <SLIDETITLE>Combining Keys and Certificates.</SLIDETITLE> <KEYWORDS>Symmetric; asymmetric; certificates.</KEYWORDS> <KEYMESSAGE> Explain how the described encryption methods can be used together. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The recipient of the certificate creates a symmetric key or a symmetric key pair for end-to-end communication, and encrypts it using the public key. Within a database the symmetric key is stored encrypted by the public key so only the associated private key can decrypt it. With end-to-end communication one of the symmetric key pair is encrypted with the public key from the certificate by the client and returned to the server. </SLIDESCRIPT> <SLIDETRANSITION> The symmetric key can now be used. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Se distribuye la clave simétrica Simétrica Privada Certificado Certificado El cliente crea claves simétricas El cliente encripta una clave simétrica con una clave pública y la envía al servidor

Los datos se encriptan y desencriptan utilizando las claves simétricas
Encriptación de datos Combina claves y certificados Simétrica Simétrica <SLIDETITLE>Combining Keys and Certificates.</SLIDETITLE> <KEYWORDS>Symmetric; asymmetric; certificates.</KEYWORDS> <KEYMESSAGE> Explain how the described encryption methods can be used together. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The symmetric key can only be decrypted by the owner of the private key. Within a database the principal who has access to the private key can decrypt the symmetric key. With end-to-end communication the encrypted symmetric key is received by the server and decrypted using the private key. The symmetric keys are then used to securely encrypt and decrypt transferred data. </SLIDESCRIPT> <SLIDETRANSITION> Let's see the next agenda item. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Los datos se encriptan y desencriptan utilizando las claves simétricas Privada Certificado Certificado Sólo la clave privada del servidor puede desencriptar la clave simétrica El servidor y el cliente encriptan/desencriptan datos utilizando las claves simétricas

Encriptación de datos en SQL Server 2005 Firmas de módulo <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE> This next agenda item. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Next we will have a look at how SQL Server 2005 uses these encryption processes. </SLIDESCRIPT> <SLIDETRANSITION> Firstly we will investigate the key hierarchy. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Encriptación de datos en SQL Server 2005 Jerarquía de claves de SQL Server 2005
API para protección de datos de Windows Clave maestra del servicio de SQL Server Clave maestra de la base de datos Contraseña Certificado público/clave privada Clave simétrica <SLIDETITLE>SQL Server 2005 Key Hierarchy.</SLIDETITLE> <KEYWORDS>Key management.</KEYWORDS> <KEYMESSAGE>Explain how SQL Server 2005 manages keys.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> It is important to protect encryption keys because, as we have seen, possession of the keys means you can decrypt the data. SQL Server implements a key hierarchy to maintain secrecy. symmetric keys are used to encrypt data stored in the database. The symmetric key is protected by public\private key pairs that are assigned to principals. The public\private keys are protected by a database key. User keys can be encrypted by a password instead of other keys but this would be less secure and require the password to be input every time the key was used. By default two copies of the database key are created. One copy is protected by a service master key that is specific to the instance of SQL Server, and the other by a password. It is possible to DROP the copy encrypted by the service master key but this would require the password to be input every time the key is used. The service master key is protected by the Windows Data Protection API. To gain access to encrypted data the SQL Server instance must be running on the correct Windows installation, and the principal must be authenticated by the SQL Server and also the database to gain access to the relevant keys. If the database needs to be moved at any point it is important to make sure that the database master key is decrypted and moved also. The database master key should then be encrypted using the new service master key. </SLIDESCRIPT> <SLIDETRANSITION> SQL Server has the ability to issue certificates to principals. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encriptación de datos en SQL Server 2005 Encriptación de datos de SQL Server 2005
Infraestructura de certificados usada por los servicios de SQL Server Intermediario de servicio Sincronización con el Web Almacenamiento de datos del usuario Claves asimétricas Claves simétricas Certificado <SLIDETITLE>SQL Server 2005 Data Encryption.</SLIDETITLE> <KEYWORDS>Certificates; data encryption.</KEYWORDS> <KEYMESSAGE>Explain SQL Server self issuing of certificates.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The certificates that SQL Server issues are used by a number of internal processes. These include authentication between services and synchronization of data over Internet connections. Because SQL Server can create and issue the keys and certificates necessary to maintain data secrecy, the security model is self contained within the SQL server environment. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a closer look at key storage. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Las claves del usuario se almacenan dentro de la base de datos
Encriptación de datos en SQL Server 2005 Encriptar los datos del usuario Simétrica Privada Certificado <SLIDETITLE>Encrypting User Data.</SLIDETITLE> <KEYWORDS>Encryption; keys.</KEYWORDS> <KEYMESSAGE> Explain the key and certificate creation process. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Before data can be encrypted the principal must be assigned the relevant keys and certificate. The principal requires a symmetric key to encrypt the data and a public\private key pair and associated certificate to secure the symmetric key. These are stored in the database and secured by a password or, if one has been created, a database key. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at the encryption process. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Simétrica Las claves del usuario se almacenan dentro de la base de datos Privada Certificado Claves y certificados creados y asignados al principal Se almacenan en la base de datos y están protegidos con la clave maestra de la base de datos

Encriptación de datos en SQL Server 2005 Encriptar los datos del usuario
Simétrica <SLIDETITLE>Encrypting User Data.</SLIDETITLE> <KEYWORDS>Encryption; keys.</KEYWORDS> <KEYMESSAGE> Explain the data encryption process. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The principals symmetric key is used to encrypt the data. The symmetric key is then secured using the certificate and public key. This means the symmetric key is only available to the principal and their private key. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at the decryption process.. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Tabla Base de datos La clave simétrica se utiliza para encriptar los datos La clave pública a partir del certificado del principal se utiliza para encriptar la clave simétrica

Encriptación de datos en SQL Server 2005 Desencriptar datos del usuario
Privada Simétrica <SLIDETITLE>Decrypting User Data.</SLIDETITLE> <KEYWORDS>Decryption; keys.</KEYWORDS> <KEYMESSAGE> Explain the data decryption process. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> To decrypt the data the principal uses their private key to decrypt the symmetric key. The symmetric key is then used to decrypt the data. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at a demonstration of this process. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Simétrica Tabla La clave privada del principal se utiliza para desencriptar la clave simétrica La clave simétrica se utiliza para desencriptar los datos

demo Encriptación de datos Crear certificados y claves
Encriptar datos del usuario Desencriptar datos del usuario <SLIDETITLE>Demonstration: Data Encryption.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>In this demonstration, I will show the encryption and decryption of user data. </SLIDESCRIPT> <SLIDETRANSITION>Let's try some review questions</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Usted desea implementar la encriptación de datos del usuario que no...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] Clave maestra de la base de datos Protección a los datos de Windows Claves simétricas Claves asimétricas

Repaso Encriptación de datos
Usted desea implementar la encriptación de datos del usuario que no requiera el ingreso de contraseñas adicionales. ¿Qué se debe crear antes de que se puedan asignar los certificados? Clave maestra de la base de datos Protección a los datos de Windows Claves simétricas Claves asimétricas <SLIDETITLE>Review: Data Encryption.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Answer</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The correct answer is 1. The private keys associated with the certificate must be protected. If you do not want to use passwords the database master key is used. </SLIDESCRIPT> <SLIDETRANSITION>Let's try another question.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: ¿Dónde almacena SQL Server 2005 las claves de encriptación de los usuarios...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] En el perfil del usuario En una ubicación segura en el cliente En la base de datos En el controlador de dominio

¿Dónde almacena SQL Server 2005 las claves de encriptación de los usuarios? En el perfil del usuario En una ubicación segura en el cliente En la base de datos En el controlador de dominio <SLIDETITLE>Review: Endpoint Based Authentication.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Answer</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The correct answer is 3.User encryption keys are stored in the database. </SLIDESCRIPT> <SLIDETRANSITION>Let's move on to the final item on the agenda.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encriptación de datos en SQL Server 2005 Firmas de módulo <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE> Introduce the next agenda item. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The final agenda item concerns module signatures. </SLIDESCRIPT> <SLIDETRANSITION> What are digital signatures? </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Firmas de módulo Firmas digitales
Firme datos con la clave privada Digest de encriptación Evita cambios a los datos Identifica al que firma Identifique la firma con una clave pública Digest de desencriptación El certificado asociado con la clave pública identifica al que firma <SLIDETITLE>Digital Signatures.</SLIDETITLE> <KEYWORDS>Digital signatures; hash; digest</KEYWORDS> <KEYMESSAGE> Explain the basics of digital signatures. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Digital signatures make use of hashing and encryption to ensure data integrity and authentication. A digital signature is primarily a hash of the data. As we explained before this is known as a digest. Digests are generally a fixed length, for example 160bits, irrespective of the amount of data being hashed. The hashing process and the resultant digest highlight any change in the data. For digital signatures, the digest is encrypted using the private key. The recipient uses a public key to decrypt the digest. The certificate associated with the public key identifies the sender. The recipient then hashes the data and compares the resultant digest with the one received with the data. If they are identical the data has not been tampered with in transit. </SLIDESCRIPT> <SLIDETRANSITION> The SQL Management Studio user interface has been designed to be powerful, yet easy to use. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Firmas de módulo Firmar módulos
Asegura el acceso a los datos Similar a la funcionalidad del contexto de ejecución del módulo El contexto de seguridad del que llama permanece sin modificaciones Funcional con las cadenas de propiedad rotas <SLIDETITLE>Signing Modules.</SLIDETITLE> <KEYWORDS>Digital signatures; hash; digest; modules.</KEYWORDS> <KEYMESSAGE> Explain the benefits of signing modules. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Module signing enables secure access to data in a similar may to module execution context. The module is given an identity of its own, in this case a certificate. The certificate is allowed access to the data. To use the module a principal requires EXECUTE permissions. Unlike module execution context, the security context of the caller remains the same, enabling auditing of data access. This feature makes the data available without direct permissions in the event of broken ownership chains. </SLIDESCRIPT> <SLIDETRANSITION> Let's look at the module signing process. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Firmas de módulo Proceso de firma del módulo
Crear un certificado Asignar un certificado al usuario Firmar el procedimiento Otorgar permisos en la tabla al certificado/usuario El acceso a la tabla sólo ocurre a través del procedimiento <SLIDETITLE>Module Signing Process.</SLIDETITLE> <KEYWORDS>Module signing; certificates.</KEYWORDS> <KEYMESSAGE> Explain the module signing process.. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> First a certificate is created. The private key associated with the certificate will be used to sign the module. Certificates are not principals and therefore cannot have permissions assigned to them. For this reason the certificate is assigned to a principal and the principal is GRANTED the required access. Because the module principal has access to the data the caller of the module does not need permissions to access the data. </SLIDESCRIPT> <SLIDETRANSITION> Let's have a look at this process more closely. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

SELECT * FROM sales.customer <SLIDETITLE>Module Signing Process.</SLIDETITLE> <KEYWORDS>Module signing; certificates.</KEYWORDS> <KEYMESSAGE> Explain the module signing process.. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The certificate and public\private keys are created. The module is signed with the private key. The certificate associated with the private key is assigned to a principal and the principal is given access to the data. </SLIDESCRIPT> <SLIDETRANSITION> Let's see what happens when the module is executed. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> Privada Certificado Cree un certificado y claves públicas/privadas Firme el módulo con la clave privada Asigne el certificado a un principal Asigne el acceso a los datos para el principal

SELECT * FROM sales.customer <SLIDETITLE>Module Signing Process.</SLIDETITLE> <KEYWORDS>Module signing; certificates.</KEYWORDS> <KEYMESSAGE> Explain the module signing process.. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The principal executes the module. The principal does not have direct access to the data but must have EXECUTE permissions on the module. When the module is executed, the certificate that is associated with the signing private key is temporarily added to the calling principals access token. When the principal attempts to access the data the access token is checked and the access permissions assigned to the certificate principal used. Because the permissions are accessed via the calling principals access token the security context is still the calling principal. </SLIDESCRIPT> <SLIDETRANSITION> We will now have a demonstration of this process. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> El principal ejecuta el módulo Se utiliza la clave pública para verificar la firma de la clave privada Se agrega el certificado temporalmente al token de acceso al principal

demo Firmas de módulo <SLIDETITLE>Demonstration: Module Signatures.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>In this demonstration, I will show how to use signed modules to secure access to data.. </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Usted desea configurar módulos firmados pero no puede asignar...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] Registrar la clave privada Proteger el certificado con una clave simétrica Asignar el certificado a un principal Hacer el certificado público

Repaso Firmas de módulo
Usted desea configurar módulos firmados pero no puede asignar los permisos necesarios al certificado. ¿Qué necesita hacer? Registrar la clave privada Proteger el certificado con una clave simétrica Asignar el certificado a un principal Hacer el certificado público <SLIDETITLE>Review: Module Signatures.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Answer</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The correct answer is 3. Permissions can not be assigned to a certificate because it is not a principal. The certificate needs to be assigned to a principal and the principal assigned the permissions. </SLIDESCRIPT> <SLIDETRANSITION>Let's try another question.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Los módulos firmados utilizan el contexto de seguridad del prin...

Repaso Firmas de módulo
Los módulos firmados utilizan el contexto de seguridad del principal que llama. Verdadero Falso <SLIDETITLE>Review: Module Signatures.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Answer</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The correct answer is True. The security context of the calling principal is used. </SLIDESCRIPT> <SLIDETRANSITION>Let's try another question.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: La clave simétrica se utiliza para encriptar los datos del usuario...
[Encuesta de opción múltiple de PlaceWare. Utilice PlaceWare > Editar propiedades de la diapositiva...Para editar.] Encriptada por la clave maestra de la base de datos Encriptada por la clave privada de los usuarios Encriptada por la clave maestra del servicio No se utilizan las claves simétricas para encriptar los datos del usuario

Se utiliza la clave simétrica para encriptar los datos del usuario. ¿Cómo está protegida está clave? Encriptada por la clave maestra de la base de datos Encriptada por la clave privada de los usuarios Encriptada por la clave maestra del servicio No se utilizan las claves simétricas para encriptar los datos del usuario <SLIDETITLE>Review: Data Encryption.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Answer</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The correct answer is 2. The symmetric key is encrypted with a users private key to restrict access to it. </SLIDESCRIPT> <SLIDETRANSITION>Let's try one more question.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Encuesta: Se utiliza la función encryptByKey para encriptar los datos del usuario...

Se utiliza la función encryptByKey para encriptar los datos del usuario con una clave simétrica. Verdadero Falso <SLIDETITLE>Review: Data Encryption.</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Review Answer</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The correct answer is True. The encryptByKey function is used to encrypt user data with a symmetric key. </SLIDESCRIPT> <SLIDETRANSITION>Let's finish by summarizing the session.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

Resumen de la sesión Protección a los datos del usuario
Uso combinado de tecnologías Certificados Clave públicas/privadas Clave simétrica Firma del módulo Acceso seguro a los datos Mantiene el contexto de seguridad del que llama <SLIDETITLE>Summary</SLIDETITLE> <KEYWORDS>Summary</KEYWORDS> <KEYMESSAGE>These are the important items to remember from this session.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> In this session we covered the use of technologies such as certificates and encryption keys to secure access to data in SQL Server 2005. We also looked at the module signing process and the benefits it enables. </SLIDESCRIPT> <SLIDETRANSITION>To get more information on the products and technologies we have covered today, we have some online resources available</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Pasos a seguir Información del producto SQL Server 2005:
Actualice sus habilidades de administración de bases de datos a SQL Server 2005: Difusión por el Web de SQL Server 2005 en MSDN: Learn more about the next-generation data management and analysis software from Microsoft. Take these three-day instructor-led Beta 2 training courses from Microsoft Learning designed to help you upgrade your knowledge and skills to SQL Server 2005. Attend these additional live and on-demand webcasts from MSDN and ensure your skills and knowledge up to date.

Para mayores informes…
Visite TechNet en Para obtener información adicional sobre los libros, cursos y otros recursos de la comunidad que respalden esta sesión visite <SLIDETITLE>More Information</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> For the most comprehensive technical information on Microsoft products visit the main TechNet Web site at Additionally visit for more concise information on books, courses, certifications and other community resources that related directly to this particular session. </SLIDESCRIPT> <SLIDETRANSITION> What other resources are available from Microsoft?</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Serie de las difusiones por el Web: SQL Server 2005 – ¡Prepárese!
¡Lunes, 9:00 A.M. hora del Pacífico durante 10 semanas! del 21 de marzo al 18 de mayo, 2005 Microsoft SQL Server 2005 está en camino, e incluirá mejoras importantes en el rendimiento, disponibilidad, seguridad y el conjunto más poderoso y flexible de herramientas de productividad DBA que hayamos entregado jamás. Al utilizar presentaciones interactivas y demos en vivo del producto, lo guiaremos a través de todas las funciones y mejoras principales integradas en SQL Server 2005 para darle un gran inicio en sus planes de integrar estos beneficios en su organización. Bono: ¡Asista a una difusión por el Web en esta serie y envíe una evaluación, recibirá una copia de la versión más reciente de la versión en desarrollo del software de SQL Server 2005 en CD! Además, ¡asista a cualquier difusión por el Web en vivo de Microsoft durante junio y podrá ganar un Centro de medios portátil!

<SLIDETITLE>Tag line</SLIDETITLE>
<KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Microsoft Press Información interna para profesionales de informática
<SLIDETITLE>MS Press</SLIDETITLE> <KEYWORDS>MS Press</KEYWORDS> <KEYMESSAGE>Here are some relevant MS Press books.</KEYMESSAGE> <SLIDEBUILDS>1</SLIDEBUILDS> <SLIDESCRIPT> You can find some informative books on the MS Press website, such as: Introducing Microsoft SQL Server 2005 For Developers, Peter DeBetta. Get a first look at the programming enhancements in SQL Server This book covers many topics, including how you can work seamlessly with Microsoft Visual Studio tools and the Microsoft .NET common language runtime from within SQL Server. You’ll also explore Transact-SQL (T-SQL) language advances, native XML support, a new security model, and other features Microsoft SQL Server 2000 Administrator’s Companion, Marci Frohock Garcia, Jamie Reding, Edward, Whalen, Steve Adrien DeLuca. For SQL 2000 reference, this comprehensive, easy-to-read guide that saves time by providing all the facts you need to deploy, administer, and support SQL Server 2000 in organizations of any size. </SLIDESCRIPT> <SLIDETRANSITION>There are also a number of good books from other publishers</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Para encontrar los títulos más recientes, visite

Publicaciones de terceros Complementarias para profesionales de informática
<SLIDETITLE>Third Party Books</SLIDETITLE> <KEYWORDS>Third Party Books</KEYWORDS> <KEYMESSAGE>Here are some useful third party books</KEYMESSAGE> <SLIDEBUILDS>1</SLIDEBUILDS> <SLIDESCRIPT> Check your favorite bookseller for these titles: Microsoft SQL Server 2005 New Features, Michael Otey. Get full details on all the innovative features and benefits available in SQL Server This authoritative guide explains the new and improved enterprise data management capabilities, developer functions, and business intelligence tools A First Look at SQL Server 2005 for Developers, Bob Beauchemin, Niels Berglund, Dan Sullivan. Written for application and database developers who want to get a heads up, this book describes the new technologies being added to SQL server 2005, the problems they are intended to solve, and the entirely new data models they represent </SLIDESCRIPT> <SLIDETRANSITION>Microsoft also has instructor led courses if you prefer the classroom style environment.</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Estos libros se pueden encontrar y adquirir en todas las librerías de prestigio y con los proveedores en línea

Microsoft Learning Recursos de capacitación para profesionales de informática
Título Disponible 2733 Actualizar sus habilidades de administración de bases de datos a Microsoft SQL Server 2005 Ahora 2734 Actualizar sus habilidades de desarrollo de bases de datos a Microsoft SQL Server 2005 <SLIDETITLE>Microsoft Learning</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Talk about the E-Learning Course</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Microsoft Learning (formerly MS Training & Certification and MS Press) develops courseware called Microsoft Official Curriculum (MOC), which includes eLearning, MS Press Books, Workshops, Clinics, and Microsoft Skills Assessment. MOC is offered in instructor-led environments; it offers comprehensive training courses for IT professionals, support, and implementation solutions using Microsoft products and technologies. The courses that best support this session are Updating Your Database Administration Skills to Microsoft SQL Server 2005 and Updating Your Database Development Skills to Microsoft SQL Server 2005, which are both available now. For more information please visit </SLIDESCRIPT> <SLIDETRANSITION>There is also an assessment program available that can help you test you knowledge. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Para ver el programa detallado o para encontrar un proveedor de capacitación, visite

Evaluar su Preparación Evaluación de habilidades de Microsoft
¿Qué es la evaluación de habilidades de Microsoft? Una herramienta de aprendizaje de auto estudio para evaluar la preparación respecto a las soluciones de productos y tecnología, en lugar de roles de trabajo (certificación) Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003 Sin costo, en línea, sin supervisión y disponibles para cualquiera Responde a la pregunta: “¿Estoy listo?” Determina las diferencias en habilidades y proporciona planes de estudio con cursos de Microsoft Official Curriculum Coloque su Calificación más alta para ver cómo se compara con los demás visite <SLIDETITLE>Skills assessment</SLIDETITLE> <KEYWORDS>Assessment, Microsoft Learning, Certification</KEYWORDS> <KEYMESSAGE>Microsoft Learning provides a free online learning tool</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Microsoft Skills Assessment is a free online learning tool. It’s an easy way for IT professionals to check their skills for implementing or managing Microsoft product or business solutions. Just take a short, 30 question assessment and see how well you know your stuff. The Skills Assessment includes a Personalized Learning Plan, which includes links to Microsoft Official Curriculum, specific TechNet articles, Press books, and other Microsoft learning content. There’s also a way to measure how well you did compared with others who took the same assessment. Microsoft Skills Assessment is an expanding learning platform. Available now are assessments for Windows Server 2003 including security and patch management, Exchange Server 2003, Windows Storage Server, Office 2003, and Visual Studio .NET. </SLIDESCRIPT> <SLIDETRANSITION>If you want to take your skills assessment to the next level, there are a number of Certification programs available.</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Conviértase en un Microsoft Certified Systems Administrator (MCSA)
¿Qué es la certificación MCSA? Para los Profesionales de informática que manejan y mantienen redes y sistemas basados en Microsoft Windows Server ¿Cómo me convierto en un MCSA de Microsoft Windows Server 2003? Apruebe 3 exámenes básicos Apruebe un examen opcional o dos certificaciones CompTIA ¿Dónde obtengo mayores informes? <SLIDETITLE> MCSA Certification </SLIDETITLE> <KEYWORDS>MSCA, Microsoft Learning, Certification</KEYWORDS> <KEYMESSAGE>Prove your skills administering a Windows Environment</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The Microsoft Certified Systems Administrator (MCSA) certification is designed for professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows® Server Implementation responsibilities include installing and configuring parts of the systems while management responsibilities include administering and supporting the systems. For more information about the MCSA certification, please visit: </SLIDESCRIPT> <SLIDETRANSITION>The MCSE Certification is also available. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Conviértase en un Microsoft Certified Systems Engineer (MCSE)
¿Qué es la certificación MCSE? Certificación Premier para los Profesionales de informática que analizan los requisitos, diseñan, planean e implementan la infraestructura para las soluciones empresariales con base en Microsoft Windows Server System ¿Cómo me convierto en un MCSE de Windows Server 2003? Apruebe 6 exámenes básicos Apruebe un exámen opcional de una lista completa ¿Dónde obtengo mayores informes? <SLIDETITLE> MCSE Certification </SLIDETITLE> <KEYWORDS>MSCE, Microsoft Learning, Certification</KEYWORDS> <KEYMESSAGE>Prove your skills at designing, planning and implementing the Windows Server System</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The Microsoft Certified Systems Engineer (MCSE) credential is the premier certification for professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software. Implementation responsibilities include installing, configuring, and troubleshooting network systems. For more information about the MCSE certification, please visit: <SLIDETRANSITION>This event is presented to you by TechNet. So what is TechNet?. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

Suscripciones a TechNet ¿Ya se enteró de lo más reciente?
¡Software sin límites de tiempo! El software para evaluación de la versión completa proporciona una mayor flexibilidad a los suscriptores a TechNet Plus. Soporte técnico complementario. Los dos incidentes gratuitos de soporte técnico que se incluyen con todas las suscripciones a TechNet Plus le ahorran tiempo al resolver problemas de misión crítica. Tenga a la mano los recursos más actuales. Evalúe, implemente y brinde soporte a las soluciones de Microsoft, que se ofrecen mensualmente en CD o en DVD, sin depender de una conectividad a Internet ni de los firewalls. <SLIDETITLE> TechNet Subscription </SLIDETITLE> <KEYWORDS>Technet</KEYWORDS> <KEYMESSAGE>TechNet Plus has some new benefits</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Many of you may be familiar with the Microsoft TechNet events and the Web site, but have you heard the news about valuable benefits for TechNet Plus subscribers? Developed in response to customer feedback, TechNet Plus v2.0 is the most convenient and reliable source for evaluating, managing, and supporting Microsoft products. With TechNet Plus you can: Evaluate Microsoft software without time limits. This is a huge benefit and allows IT pros to try products such as Microsoft Office System and Windows Server System software without the worry of timing-out. Save time resolving mission-critical systems issues. TechNet Plus subscriptions include two complimentary technical support incidents to help IT pros resolve mission-critical issues fast. And, in countries where pay-per-incident support is offered, TechNet Plus subscribers receive a 20% discount on any additional support calls. TechNet Plus ensures there are resources available to address your technical issues, and that you have the most current resources on hand for evaluating, implementing, and supporting Microsoft solutions. For details on this visit </SLIDESCRIPT> <SLIDETRANSITION>TechNet also provides a number of community resources</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

¿En dónde puedo obtener ayuda?
Chats y difusiones por el Web gratuitos Lista de grupos de noticias Sitios de la comunidad de Microsoft Eventos de la comunidad Columna de la comunidad <SLIDETITLE>Community Help</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Where to get more help </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>There are a number of community resources available on TechNet, all of them then free. You can attend a regular chat with members of the products groups or technology specialists from Microsoft or you can attend a Web cast where you can see sessions like the one you’ve just watched, but presented live and with the ability to ask questions as you go. You can also locate or post questions into the public newsgroups. The newsgroup page lists the available groups, plus provides an interface for you to read and post into. Those TechNet Plus subscribers can use these groups to post questions that through your subscription ID will be answered by Microsoft within 24 hours. The main community site provides a comprehensive list of resources available, more than we can cover on this slide, plus the page has some dynamic features with continually updating content. The events page provides dates and details where you can attend a TechNet event live. These events take places worldwide and provide you the opportunity to take to Microsoft specialists face-to-face. And finally, the TechNet Columns provide a variety of topics written by industry author. </SLIDESCRIPT> <SLIDETRANSITION>[Thanks the audience for attending and sign off]</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

TNT4-05 <SLIDETITLE>Entry Slide</SLIDETITLE>

Presentaciones similares

Presentación del tema: "TNT4-05 <SLIDETITLE>Entry Slide</SLIDETITLE>"— Transcripción de la presentación:

Presentaciones similares

Sobre el proyecto

Feedback

Iniciar la sesión

Autorizarse a través de una red social:

TNT4-05 <SLIDETITLE>Entry Slide</SLIDETITLE>

Presentaciones similares

Presentación del tema: "TNT4-05 <SLIDETITLE>Entry Slide</SLIDETITLE>"— Transcripción de la presentación:

Presentaciones similares

Sobre el proyecto

Feedback