In Review

The DBA has his or her hands full when it comes to the question of security. There are many areas to consider as we discussed in this extensive chapter. We do not only have to focus on the internal aspects of data security, such as who has access to what database objects, tables, views. and so on, but also what takes place in the outside world.

From this discussion, it is patently obvious the DBA assigned with security will require a good background in issues including network or distributed security, encryption, security protocols such as SSL and Kerberos, Access Control and Authentication theory, and so on. In addition, I believe it essential that the DBA have a good grounding in Active Directory; in the management of users, groups, and organizational units; in trusts; in delegation; and so on.

In my book, the good DBA will have migrated from general network security, trained in all aspects, including access control, group policy, and user and group management in Active Directory. The DBA who started a career in SQL Server should thus make a concerted effort to certify or train in network security. Connectivity and a working knowledge of networking is not as critical. For example, I believe it is more important to have a good understanding of delegation than to know how to configure a router or a subnet. Chapters 8 and 9, however, deal with a number of issues requiring more networking acumen, such as configuring replication and clustering.