In this blog, we are covering an overview of Implements Data Security And Data Classification, advanced threat protection, and how to enable data classification in Azure SQL Database.
Topics We’ll Cover :
- Data Classification
- Advanced Threat Protection
- SQL Injection
- Enable Data Security And Data Classification
- Enable Data Security On Azure SQL Database
Data Classification
Data classification permits you to decide and assign value to your organization’s data and gives a typical beginning stage for administration. It process categorizes data by sensitivity and business impact in order to identify risks. At the point when data is classified, you can oversee it in a manner that shields delicate or significant information from theft or loss.
In the SQL Server Management Studio and Azure portal, you can configure data classification. The classification engine scans your database and locates columns with names that indicate that the column could have sensitive information.
Advanced Threat Protection
Advanced threat protection checks the queries that are run against the database and also monitors the connection of the Azure SQL database. If Advanced threat protection detects any anomaly then it will set the auditing to enable for the deeper investigation
Alert Supported By Advanced Threat Protection
- Vulnerability to SQL Injection: This attack generally looks for T-SQL Code into the database. Example: A stored procedure that does not clean the user inputs.
- Brute Force SQL Credentials: Whenever a higher number of login failures occurs with different credentials
- Access from unusual Azure data center: This alert is looking for attacks from an Azure data center that is not normally accessed.
- Access from an unusual location: This alert is triggered when a user logs in from an unusual geographic location.
- Potential SQL injection: This alert is triggered when an attacker is actively attempting to execute a SQL injection attack.
SQL Injection
SQL injection injects a code into the database that will destroy the database and it is one of the most common web hacking techniques. This SQL injection most often happens when you have dynamically generated SQL within your client application.
For Example:
The above SQL is valid and will return all the rows from the user’s table since OR 2=2 is always true.
What if the user name contains the names and passwords?
Select user id, name, password from users from where user id =112 or 1=1; in this case, the hacker might get access to the username and passwords.
Read More: About Azure Data Studio.
Enable Data Security And Data Classification
1. The first thing required to perform is to get a Trial Account of Microsoft Azure. (You get 200 USD FREE Credit from Microsoft to practice).
You can Check out our blog to know more about how to create a free Azure account.
2. Click on the Azure search bar and search for Azure SQL Database.
3. Select the Azure SQL Database server.
4. From the main blade of your Azure SQL server, navigate to the Security section and select Security Center.
5. Select the toggle switch under AZURE DEFENDER FOR SQL to ON, and then click on Storage account and create a new one.
6. On the Create storage account page fill in all the necessary details like performance, replication and account kind, etc.
7. Toggle the switch for Periodic recurring scans to ON. Fill in all the details Send scan reports to and Send alerts to dialog boxes. Deselect Also send email notifications to admins and subscription owners. And select Advanced Threat Detection types and review the selections. Leave all of the boxes checked and select OK.
Enable Data Classification On An Azure SQL Database
1. In the left navigation, select Overview. Copy the Server name.
2. Navigate to the AdventureWorksLT database in the Azure portal by scrolling down in the overview screen for the Azure SQL server and select the database name.
3. Navigate to the Security section of the main blade for your Azure SQL Database and select Data Discovery & Classification.
4. On the Data Discovery & Classification screen, you will see an informational message that reads We have found 15 columns with classification recommendations. Select that link.
5. On the next Data Discovery & Classification screen select the check box next to Select all, select Accepted selected recommendations, and then select Save to save the classifications into the database.
Frequently Asked Questions
1. Where is the data from data classification stored in SQL Server 2019?
In the sys.sensitivity_classifications catalog view.
2. Which of the following threats is analyzed by Advanced Threat Protection?
One of the key features of ATP is SQL Injection inspection.
3. Which attack type is commonly associated with dynamic SQL?
SQL Injection attacks are common with poorly coded dynamic SQL.
You Should Also Try
- Exam DP-300: Microsoft Azure Database Administrator Associate
- Microsoft Certified Azure Database Administrator Associate(Hands-On Labs)
- Azure SQL Deployment Options | SQL Managed Instance | SQL Database| SQL On VM
- Schedule And Automate SQL Server DB Replication
Next Task For You
We will cover all the exam objectives, Hands-On Labs, and practice tests in our Azure Database Administrator training program. If you want to begin your journey towards becoming a Microsoft Certified: Azure Database Administrator Associate by checking our FREE CLASS.
Leave a Reply