您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 数据库安全性清单Azure database security checklist

为了帮助提高安全性,Azure 数据库包括大量可用于限制和控制访问的内置安全控件。To help improve security, Azure Database includes a number of built-in security controls that you can use to limit and control access.

其中包括:These include:

  • 防火墙,可用于创建防火墙规则,以便根据IP 地址限制连接,A firewall that enables you to create firewall rules limiting connectivity by IP address,
  • 可从 Azure 门户访问的服务器级防火墙Server-level firewall accessible from the Azure portal
  • 可从 SSMS 访问的数据库级防火墙规则Database-level firewall rules accessible from SSMS
  • 使用安全连接字符串保护数据库连接Secure connectivity to your database using secure connection strings
  • 使用访问管理Use access management
  • 数据加密Data encryption
  • SQL 数据库审核SQL Database auditing
  • SQL 数据库威胁检测SQL Database threat detection

简介Introduction

云计算需使用许多应用程序用户、数据库管理员和程序员不熟悉的新安全范例。Cloud computing requires new security paradigms that are unfamiliar to many application users, database administrators, and programmers. 由于这个原因,一些组织对于是否要出于安全风险因素实现云基础结构以进行数据管理犹豫不决。As a result, some organizations are hesitant to implement a cloud infrastructure for data management due to perceived security risks. 但是,通过更好地了解 Microsoft Azure 和 Microsoft Azure SQL 数据库中内置的安全功能,可极大减缓这方面的担忧。However, much of this concern can be alleviated through a better understanding of the security features built into Microsoft Azure and Microsoft Azure SQL Database.

清单Checklist

查看此清单之前,建议阅读 Azure 数据库安全性最佳做法一文。We recommend that you read the Azure Database Security Best Practices article prior to reviewing this checklist. 了解最佳做法后,便能够充分利用此清单。You will be able to get the most out of this checklist after you understand the best practices. 然后,可使用此清单确保解决重要的 Azure 数据库安全性问题。You can then use this checklist to make sure that you’ve addressed the important issues in Azure database security.

清单类别Checklist Category 描述Description
保护数据Protect Data

动态加密/传输中加密Encryption in Motion/Transit

静态加密Encryption at rest
控制访问Control Access

数据库访问Database Access
  • 身份验证(Azure Active Directory 身份验证),AD 身份验证使用 Azure Active Directory 管理的标识。Authentication (Azure Active Directory Authentication) AD authentication uses identities managed by Azure Active Directory.
  • 授权,授予用户必需的最低权限。Authorization grant users the least privileges necessary.

应用程序访问Application Access
  • 行级别安全性(使用安全策略,同时基于用户的标识、角色或执行上下文来限制行级别访问)。Row level Security (Using Security Policy, at the same time restricting row-level access based on a user's identity,role, or execution context).
  • 动态数据掩码(使用“权限和策略”,通过对非特权用户模糊化敏感数据来限制此类数据的泄露)Dynamic Data Masking (Using Permission & Policy, limits sensitive data exposure by masking it to non-privileged users)
主动监视Proactive Monitoring

跟踪和检测Tracking & Detecting

Azure 安全中心Azure Security Center
  • 数据监视,使用 Azure 安全中心作为 SQL 和其他 Azure 服务的集中式安全监视解决方案。Data Monitoring Use Azure Security Center as a centralized security monitoring solution for SQL and other Azure services.

结束语Conclusion

Azure 数据库是一个可靠的数据库平台,提供满足众多组织要求和法规遵从要求的整套安全功能。Azure Database is a robust database platform, with a full range of security features that meet many organizational and regulatory compliance requirements. 通过控制对数据的物理访问,结合透明数据加密、单元格级加密或行级别安全性使用各种文件级、列级或行级数据安全选项,可轻松保护数据。You can easily protect data by controlling the physical access to your data, and using a variety of options for data security at the file-, column-, or row-level with Transparent Data Encryption, Cell-Level Encryption, or Row-Level Security. 此外,Always Encrypted 支持针对加密的数据执行操作,简化应用程序更新的过程。Always Encrypted also enables operations against encrypted data, simplifying the process of application updates. 反过来,访问 SQL 数据库活动的审核日志可以提供所需的信息来帮助自己了解何时以何种方法访问了数据。In turn, access to auditing logs of SQL Database activity provides you with the information you need, allowing you to know how and when data is accessed.

后续步骤Next steps

只需几个简单的步骤,即可大大提升数据库抵御恶意用户或未经授权的访问的能力。You can improve the protection of your database against malicious users or unauthorized access with just a few simple steps. 在本教程中,学习:In this tutorial you learn to: