Threat and Vulnerability Mitigation (Integration Services)
Applies To: SQL Server 2016
Although Integration Services includes a variety of security mechanisms, packages and the files that packages create or use could be exploited for malicious purposes.
The following table describes these risks and the proactive steps that you can take to lessen the risks.
|Threat or vulnerability||Definition||Mitigation|
|Package source||The source of a package is the individual or organization that created the package. Running a package from an unknown or untrusted source might be risky.||Identify the source of a package by using a digital signature, and run packages that come from only known, trusted sources. For more information, see Identify the Source of Packages with Digital Signatures.|
|Package contents||Package contents include the elements in the package and their properties. The properties can contain sensitive data such as a password or a connection string. Package elements such as an SQL statement can reveal the structure of your database.||Control access to a package and to the contents by doing the following steps:|
1) To control access to the package itself, apply SQL Server security features to packages that are saved to the msdb database in an instance of SQL Server. To packages that are saved in the file system, apply file system security features, such as access controls lists (ACLs).
2) To control access to the package's contents, set the protection level of the package.
For more information, see Security Overview (Integration Services) and Access Control for Sensitive Data in Packages.
|Package output||When you configure a package to use configurations, checkpoints, and logging, the package stores this information outside the package. The information that is stored outside the package might contain sensitive data.||To protect configurations and logs that the package saves to SQL Server database tables, use SQL Server security features.|
To control access to files, use the access control lists (ACLs) available in the file system.
For more information, see Access to Files Used by Packages