© Peter A. Carter 2016

Peter A. Carter, Securing SQL Server, 10.1007/978-1-4842-2265-2_8

8. Protecting Credentials

Peter A. Carter

(1)Botley, UK

Stealing the credentials of a security principal with the intent of elevating your allowed permissions is known as identity spoofing. There are various ways that an attacker may attempt to steal credentials. This chapter discusses some of those methods, as well as countermeasures that you can put in place to mitigate the risk.

Protecting the sa Account

Although it has long been best practice to use Windows authentication rather than mixed mode authentication, which allows authentication using both Windows authentication and SQL authentication, the majority of corporate instances (in my experience) are still ...

Get Securing SQL Server: DBAs Defending the Database now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.