{"id":13774729,"url":"https://github.com/David-Seis/SecureYourAzureData","last_synced_at":"2025-05-11T07:30:32.419Z","repository":{"id":51940167,"uuid":"486267692","full_name":"David-Seis/SecureYourAzureData","owner":"David-Seis","description":null,"archived":false,"fork":false,"pushed_at":"2022-12-20T20:33:41.000Z","size":1520,"stargazers_count":15,"open_issues_count":1,"forks_count":4,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-03-20T11:47:21.162Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/David-Seis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSES/CODE_OF_CONDUCT.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-27T16:20:33.000Z","updated_at":"2023-07-29T13:28:31.000Z","dependencies_parsed_at":"2023-01-30T01:45:57.912Z","dependency_job_id":null,"html_url":"https://github.com/David-Seis/SecureYourAzureData","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/David-Seis%2FSecureYourAzureData","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/David-Seis%2FSecureYourAzureData/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/David-Seis%2FSecureYourAzureData/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/David-Seis%2FSecureYourAzureData/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/David-Seis","download_url":"https://codeload.github.com/David-Seis/SecureYourAzureData/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225022273,"owners_count":17408596,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T17:01:29.695Z","updated_at":"2024-11-17T09:31:16.373Z","avatar_url":"https://github.com/David-Seis.png","language":"Jupyter Notebook","funding_links":[],"categories":["Security"],"sub_categories":["Python"],"readme":"\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/Lock-2.png\"\u003e\n\n# Workshop: SQL Server Security Ground to Cloud\n\n#### \u003ci\u003eA Security Course For Data Professionals\u003c/i\u003e\n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/textbubble.png\"\u003e \u003ch2\u003eAbout this Workshop\u003c/h2\u003e\n\nWelcome to this workshop on [*SQL Server Security Ground to Cloud*](https://github.com/David-Seis/SecureYourAzureData). In this workshop, you'll learn about the computing security landscape, and the Data Professional's responsibilities within it. You'll also learn the latest security frameworks and paradigms, SQL Server security operations both on-premises and in-cloud, and the steps you should secure your organization's data.  \n\nThe focus of this workshop is to enable the Data Professional to secure and protect their data estate.\n\nYou'll start by creating a workshop enviroment using your own laptop or Virtual machine, then work through a module covering general security principles and where the data estates security measures and controls fit within that environment at your organization. From there, you will work through a hands-on module covering the security basics of on-premises and Virtual-Machine based installations of SQL Server. The next module covers the similarities and differences between an installation of SQL Server and the Azure SQL Database Environment. The final module covers monitoring your data environment and creating an Incident Response Plan for your organization, all with a focus on how to extrapolate what you have learned to create other solutions for your organization.\n\n\u003e This course does not currently focus on securing a Linux, Docker Container, or Kubernetes installation of SQL Server. This workshop also does not cover a highly-secure regulatory environment (such as C2 compliance), although most all of the concepts in this workshop are useful as a starting point to securely operate Microsoft SQL Server on those platforms and in those environments.\n\nThis [github README.MD file](https://lab.github.com/githubtraining/introduction-to-github) explains how the workshop is laid out, what you will learn, and the technologies you will use in this solution. To download this Lab to your local computer, click the **Clone or Download** button you see at the top right side of this page. [More about that process is here](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository). \n\n\u003e It's best to right-click any links you see and select \"Open in new Tab\" for easier navigation.\n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/checkmark.png\"\u003e \u003ch3\u003eLearning Objectives\u003c/h3\u003e\n\nIn this workshop you'll learn:\n\u003cbr\u003e\n\n- The general computing security landscape and the data estate's responsibilities in that environment\n- The basics of security for on-premises and in-Virtual Machine SQL Server installations\n- The basics of Microsoft Azure SQL Database security\n- How to monitor for and react to security incidents in your organization\n\nIn addition, you will recieve a [baseline Security Checklist to use as a starting point for a Defense-In-Depth check](https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/Security%20Checklist%20Template.md) of your on-premises and in-cloud environments.  \n\nThe goal of this workshop is to train technical professionals in the basics of SQL Server security both on-premises and in-cloud. \n\nThe concepts and skills taught in this workshop form the starting points for:\n\n - Technical professionals tasked with securing a data estate \n - Data professionals tasked with complete or partial responsibility for data security\n - Data Security team members who are not familiar with SQL Server security controls and auditing mechanisms\n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/building1.png\"\u003e \u003ch2\u003eBusiness Applications of this Workshop\u003c/h2\u003e\n\nBusinesses require a high level of security on their most fundamental asset: organizational data. Data breaches are costly, disruptive, and can both financially and structurally negatively impact the organization. Having trained professionals that understand the controls and mechanisms to secure that data is fundamental to the business' survival.\n\nSome industries require an even higher level of security, and are subject to regulatory and government compliance standards, such as healthcare, military, banking and government services. The professionals tasked with securing these environments need the highest level of training to ensure this compliance.\n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/listcheck.png\"\u003e \u003ch2\u003eTechnologies used in this Workshop\u003c/h2\u003e\n\nThis workshop uses the following technologies - although you are not limited to these, they form the basis of the workshop. At the end of the workshop you will learn how to extrapolate these components into other solutions. You will cover these at an overview level, with references to much deeper training provided.\n\n \u003ctable style=\"tr:nth-child(even) {background-color: #f2f2f2;}; text-align: left; display: table; border-collapse: collapse; border-spacing: 2px; border-color: gray;\"\u003e\n\n  \u003ctr\u003e\u003cth style=\"background-color: #1b20a1; color: white;\"\u003eTechnology\u003c/th\u003e \u003cth style=\"background-color: #1b20a1; color: white;\"\u003eDescription\u003c/th\u003e\u003c/tr\u003e\n    \u003ctr\u003e\u003ctd\u003eMicrosoft Windows Operating System\u003c/td\u003e\u003ctd\u003eThis workshop uses the Microsoft Windows operating system. You will navigate, install, and configure software, settings, and user components during the workshop.\u003c/td\u003e\u003c/tr\u003e\n    \u003ctr\u003e\u003ctd\u003eMicrosoft Azure Cloud Environment\u003c/td\u003e\u003ctd\u003eIn this workshop you will create an Azure SQL Database environment and enable and use the Microsoft Defender for SQL products.\u003c/td\u003e\u003c/tr\u003e\n    \u003ctr\u003e\u003ctd\u003eSQL Server on-premises and in-VM installations\u003c/td\u003e\u003ctd\u003eSQL Server is installed, configured, and audited on a student-supplied environment such as a laptop or Virtual Machine.\u003c/td\u003e\u003c/tr\u003e\n    \u003ctr\u003e\u003ctd\u003eGeneral Security Tools and Processes\u003c/td\u003e\u003ctd\u003eComputing hardware, networking, and configurations as they partain to security are used throughout the workshop.\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003e Although SQL Server is supported on Linux, Containers, and Orchestration Platforms such as Kubernetes, those platforms are not currently covered in this workshop. \n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/owl.png\"\u003e \u003ch2\u003eBefore Taking this Workshop\u003c/h2\u003e\n\nYou'll need a local system that you are able to install software on, completely format, and start over again. The workshop demonstrations use Microsoft Windows as an operating system and all examples use Windows for the workshop. Optionally, you can use a local or Microsoft Azure Virtual Machine (VM) to install the software on and use for the workshop. A free Virtual Machine image is provided for you using Hyper-V, VirtualBox, or Parallels in the pre-requisites.\n\nYou should have a Microsoft Azure account with the ability to create assets. (A free subscription is available, and described in the Pre-Requisite section)\n\nThis workshop expects that you understand the basics of the technologies you will use. If you are new to these, here are a few references you can complete prior to class:\n\n-  [Microsoft Windows](https://docs.microsoft.com/en-us/learn/browse/?expanded=windows\u0026products=windows)\n-  [Microsoft Azure](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-cloud-concepts/)\n-  [SQL Server](https://docs.microsoft.com/en-us/sql/sql-server/tutorials-for-sql-server-2016?view=sql-server-ver16)\n-  [Computing Security](https://www.microsoft.com/en-us/security/content-library/Home/Index?culture=en-US)\n\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/bulletlist.png\"\u003e \u003ch3\u003eSetup\u003c/h3\u003e\n\n\u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/00%20-%20Pre-Requisites.md\" target=\"_blank\"\u003eA full pre-requisites document is located here\u003c/a\u003e. These instructions should be completed before the workshop starts, since you will not have time to cover these in class. \n\n\u003e Remember to turn off any Virtual Machines from the Azure Portal when not taking the class so that you do incur charges (shutting down the machine in the VM itself is not sufficient)\n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\n\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/bookpencil.png\"\u003e \u003ch2\u003eWorkshop Modules\u003c/h2\u003e\n\nThis is a modular workshop, and in each section, you'll learn concepts, technologies and processes to help you complete the solution.\n\n\u003ctable style=\"tr:nth-child(even) {background-color: #f2f2f2;}; text-align: left; display: table; border-collapse: collapse; border-spacing: 5px; border-color: gray;\"\u003e\n  \u003ctr\u003e\u003ctd style=\"background-color: AliceBlue; color: black;\"\u003e\u003cb\u003eModule\u003c/b\u003e\u003c/td\u003e\u003ctd style=\"background-color: AliceBlue; color: black;\"\u003e\u003cb\u003eTopics\u003c/b\u003e\u003c/td\u003e\u003c/tr\u003e\n\n  \u003ctr\u003e\u003ctd\u003e\u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/00%20-%20Pre-Requisites.md\" target=\"_blank\"\u003e00 - Pre Requisites \u003c/a\u003e\u003c/td\u003e\u003ctd\u003e Covers the materials and tools you need, as well as the knowledge you need prior to taking this course.\u003c/td\u003e\u003c/tr\u003e\n  \u003ctr\u003e\u003ctd style=\"background-color: AliceBlue; color: black;\"\u003e  \u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/01%20-%20SecurityLandscape.md\" target=\"_blank\"\u003e01 - The Database Security Landscape\u003c/a\u003e \u003c/td\u003e\n      \u003ctd td style=\"background-color: AliceBlue; color: black;\"\u003e Explains the general Information Technology areas, and also frameworks for IT security. Covers the Database portion of those security areas.\u003c/td\u003e\u003c/tr\u003e\n  \u003ctr\u003e\u003ctd\u003e\u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/02%20-%20SQLServerSecurityBasics.md\" target=\"_blank\"\u003e02 - SQL Server Security\u003c/a\u003e\u003c/td\u003e\n      \u003ctd\u003e Details the primary components and tools for on-premises/Virtual Machine SQL Server security environments, from Principals and Securables to Data Control Language (DDL) statements.\u003c/td\u003e\u003c/tr\u003e\n  \u003ctr\u003e\u003ctd style=\"background-color: AliceBlue; color: black;\"\u003e\u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/03%20-%20SQLAzureSecurity.md\" target=\"_blank\"\u003e03 - Microsoft Azure SQL Security \u003c/a\u003e \u003c/td\u003e\n      \u003ctd td style=\"background-color: AliceBlue; color: black;\"\u003e Explains the similarities and differences between the data structures, statements, tools and processes to sure your Azure SQL databases in the Microsoft Azure Platform. \u003c/td\u003e\u003c/tr\u003e  \u003ctr\u003e\n  \u003ctd\u003e\u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/04%20-%20MonitoringAndIncidentResponse.md\" target=\"_blank\"\u003e04 - Monitoring and Mitigations\u003c/a\u003e\u003c/td\u003e\n      \u003ctd\u003e Covers the tools and processes you can use both on-premises and in-cloud to detect and secure your data estate. Also explains some of the common threats and mitigations for those threats to databases. \u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003cp style=\"border-bottom: 1px solid lightgrey;\"\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cimg style=\"float: left; margin: 0px 15px 15px 0px;\" src=\"https://raw.githubusercontent.com/microsoft/sqlworkshops/master/graphics/geopin.png\"\u003e\u003cb\u003eNext Steps\u003c/b\u003e\u003c/p\u003e\n\nNext, Continue to \u003ca href=\"https://github.com/David-Seis/SecureYourAzureData/blob/main/SQLSecurity/00%20-%20Pre-Requisites.md\" target=\"_blank\"\u003e\u003ci\u003e Pre-Requisites\u003c/i\u003e\u003c/a\u003e\n\n# Contributing\n\nThis project welcomes contributions and suggestions.  Most contributions require you to agree to a\nContributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us\nthe rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.\n\nWhen you submit a pull request, a CLA bot will automatically determine whether you need to provide\na CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions\nprovided by the bot. You will only need to do this once across all repos using our CLA.\n\nThis project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).\nFor more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or\ncontact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.\n\n# Legal Notices\n\n### License\nBuck Woody and David Seis grant you a license to the content in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode), see [the LICENSE file](https://github.com/David-Seis/SecureYourAzureData/blob/main/LICENSES/LICENSE), and grant you a license to any code in the repository under [the MIT License](https://opensource.org/licenses/MIT), see the [LICENSE-CODE file](https://github.com/David-Seis/SecureYourAzureData/blob/main/LICENSES/LICENSE-CODE).\n\nMicrosoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation\nmay be either trademarks or registered trademarks of Microsoft in the United States and/or other countries.\nThe licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks.\nMicrosoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.\n\nPrivacy information can be found at https://privacy.microsoft.com/en-us/\n\nMicrosoft and any contributors reserve all other rights, whether under their respective copyrights, patents,\nor trademarks, whether by implication, estoppel or otherwise.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDavid-Seis%2FSecureYourAzureData","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDavid-Seis%2FSecureYourAzureData","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDavid-Seis%2FSecureYourAzureData/lists"}