Unformatted text preview:

HOUSTON COMMUNITY COLLEGE SOUTHWEST Designing Security for Microsoft SQL Server 2005, Academy ITSC 1091 Date and Time of class: Class CRN: Instructor’s Name: School Site: Phone number:-2- Revised 5/06/07 HOUSTON COMMUNITY COLLEGE • SOUTHWEST COURSE SYLLABUS Designing Security for Microsoft SQL Server 2005, Academy ITSC 1091 This course teaches security design for database systems using Microsoft® SQL Server™ 2005 and is intended for current professional database administrators who have three or more years of on-the-job experience administering SQL Server database solutions in an enterprise environment. Topics address recently identified current events, skills, knowledges, and/or attitudes and behaviors pertinent to the technology or occupation and relevant to the professional development of the student. This course was designed to be repeated multiple times to improve student proficiency. COURSE OBJECTIVE This two-day instructor-led course enables database administrators who work with enterprise environments to design security for database systems using Microsoft® SQL Server™ 2005 GOALS Students will gain skills in: • Security design considerations for server environment, which includes business needs, regulatory requirements and network systems, and database considerations. • Learning how to monitor security and respond to threats. LEARNING OUTCOMES After completing the course, students will be able to: • Install and configure SQL Server 2005 • Explain the principles of SQL Server security. • Describe the methodology to design a SQL Server security policy. • Explain the importance of monitoring SQL Server security. • Integrate SQL Server security with enterprise-level authentication systems. • Develop Windows server-level security policies. • Develop a secure communication policy. • Define security monitoring standards for SQL Server at the enterprise and server level. • Design a SQL Server instance-level security policy. • Design a database-level security policy. • Design an object-level security policy. • Define security monitoring standards for instances and databases. • Secure data by using encryption and certificates. • Design data encryption policies. • Determine a key storage method. • Analyze business and regulatory requirements.-3- Revised 5/06/07 • Determine the exceptions and their impact on security. • Design a response policy for virus and worm attacks. • Design a response policy to handle the denial-of-service attacks. • Design a response policy to prevent internal and SQL injection attacks. PREREQUISITE Before attending this course, students must have: • Have basic knowledge of security protocols and how they work. For example, NTLM or Kerberos. • Have basic knowledge of public key infrastructure (PKI) systems. For example, how public and private keys work, strengths and weaknesses, and what they are used for. • Have working knowledge of network architectures and technologies. For example, how a firewall works, how IPSec works in networking context, common vulnerability points, etc. • Have working knowledge of Active Directory directory service. For example, security models, policies, group policy objects (GPOs), and organizational units (OUs). • Be able to design a database to third normal form (3NF) and know the trade offs when backing out of the fully normalized design (denormalization) and designing for performance and business requirements in addition to being familiar with design models, such as Star and Snowflake schemas. • Have strong monitoring and troubleshooting skills. • Have experience creating Microsoft Visio® drawings or have equivalent knowledge. • Have strong knowledge of the operating system and platform. That is, how the operating system integrates with the database, what the platform or operating system can do, interaction between the operating system and the database. • Have basic knowledge of application architecture. That is, different methods of implementing security in an application, how applications can be designed in three layers, what applications can do, the interaction between applications and the database, and interactions between the database and the platform or operating system. • Have knowledge about network security tools. For example, sniffer and port scanning. Must understand how they should be used. • Be able to use patch management systems. • Have knowledge of common attack methods. For example, buffer overflow, replay attacks, etc. • Be familiar with SQL Server 2005 features, tools, and technologies. • Have a Microsoft® Certified Technology Specialist: Microsoft SQL Server 2005 credential or equivalent experience. In addition, it is recommended, but not required, that students have completed: • Course 2778, Writing Queries Using Microsoft SQL Server 2005 Transact-SQL. • Course 2779, Implementing a Microsoft SQL Server 2005 Database. • Course 2780, Maintaining a Microsoft SQL Server 2005 Database. REQUIRED TEXTBOOK-4- Revised 5/06/07 The provided student kit includes a comprehensive workbook and other necessary materials for this workshop. COURSE REQUIREMENTS AND EXPECTATIONS This is a 16-hour instructor guided course. Student will complete hands-on, in-class assignments. ATTENDANCE To fully benefit from the class, students are expected to attend all classes. REQUIREMENTS FOR COURSE COMPLETION CERTIFICATE To receive a Certificate of Completion and be awarded Continuing Education Units, students must meet the following requirements: • Attend at least 80% of scheduled class time • Complete the course lab demonstrating 80% mastery of course concepts or equivalent skills demonstration to instructor. OPPORTUNITIES FOR STUDENT-FACULTY INTERACTION Students are encouraged to ask questions and request clarification or guidance as needed during class. A question and answer period is always provided. OPPORTUNITIES FOR CAREER EXPLORATION Topics relevant to future employment and career exploration opportunities will be presented to the students, including certification and degree prospects. OPPORTUNITIES FOR SUPPLEMENTAL INSTRUCTION Students are informed of instructional aids and resources, including books, other publications, and web sites relevant to the course. SPEAKER FORUM At the discretion of the instructor,


View Full Document

HCC ITSC 1091 - Syllabus

Documents in this Course
Load more
Download Syllabus
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Syllabus and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Syllabus 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?