SQL Server Security

This page is dedicated to SQL Server security.  Small database or large, in today's ever-evolving technologies, it is paramount to provide a high level of security to your data.  True security goes much further than just the database, and it truly should be done both physically and logically.  You may remember the 'Slammer' -- SQL Slammer worm -- It nearly devastated the company I worked for back in 2003.  I spent the whole weekend in the office, with the entire Operations Team, working to recover before Monday's open.  You know how it got in?  One of our best developers had simply been doing a little work from home.  The vulnerability was there and a patch was available.  I didn't know about it, I hadn't patched my servers yet, and it took our network down.

This is why I say it should be done both physically and logically.  Otherwise, the risks are too great.  In addition to my own tips, here are a couple of good references that I recommend pretty regularly:

  Security Considerations for a SQL Server Installation
  White Paper: Security Overview for Database Administrators

We all know that 'security' is a fairly wide-reaching category.  I will try to post information for many different areas -- Data access, principals and securables, permission changes & authentication, encryption, DDL audits, SQL Injection, and more.  Hopefully you will find something helpful.  Please let me know if you have any problems, or if I can help further.  

SQL Server Security tips:

1 comment: