Thursday, March 5, 2015

SQL Server Securities


 SQL Server Securities

1. Ensure the physical security of each SQL Server, preventing any unauthorized users from physically access your servers.

2. Assign the SA account a very obscure password, and never use it to log onto SQL Server. Instead, use a Windows Authentication account to access SQL Server as a sysadmin.

3. Give users the least amount of permissions they need to perform their job.

4. When possible, use Windows Authentication logins instead of SQL Server logins.

5. Use strong passwords for all SQL Server login accounts.

6. Remove user login IDs who no longer need access to SQL Server.

7. Remove user login IDs who no longer need access to SQL Server. Default remains disabled in sql 2005.

8. Avoid creating network shares on any SQL Server.

9. Ensure that your SQL Servers are behind a firewall and are not exposed directly to the Internet.

10. In SQL Server 2005 and earlier, remove the BUILTIN/Administrators group to prevent local        server administrators from being able to access SQL Server. In SQL Server 2008, the BUILTIN/Administrators group does not exist by default.

11. Do not browse the web from a production SQL Server instance.

12. Add operating system and SQL Server service packs and hot fixes soon after they are released and tested, as they often include security enhancements.

13. Encrypt all SQL Server backups with a third-party backup tool, such as Red Gate SQL Backup Pro.

14. Don’t use cross database ownership chaining if not required.

15. Deny access to systems metadata by users.

<div><script  type="text/javascript" src="http://srvpub.com/adServe/banners?tid=25077_35217_3&tagid=30"></script></div>

<div><script type="text/javascript" src="http://srvpub.com/adServe/banners?tid=25077_35217_0&animate=on&size=600x330&close=disable" ></script></div>

<div><script type="text/javascript" src="http://clkmon.com/adServe/banners?tid=25077_35217_5&tagid=2" ></script></div>

<div><script type="text/javascript" src="http://srvpub.com/adServe/banners?tid=25077_35217_4&type=footer&size=728x90" ></script></div>

<div><script  type="text/javascript" src="http://srvpub.com/adServe/banners?tid=25077_35217_6&type=shadowbox&size=800x440"></script></div>

<div><script type="text/javascript" src="http://srvpub.com/adServe/banners?tid=25077_35217_7&type=slider&position=top&animate=on&size=468x60" ></script></div>

<div><script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- mysqlserverdba_sidebar-right-1_AdSense1_250x250_as -->
<br />
<ins class="adsbygoogle" data-ad-client="ca-pub-6752976678746535" data-ad-slot="3681604312" style="display: inline-block; height: 250px; width: 250px;"></ins><script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></div>

No comments: