This page is dedicated to SQL Server security. Small database or large, in today's ever-evolving technologies, it is paramount to provide a high level of security to your data. True security goes much further than just the database, and it truly should be done both physically and logically. You may remember the 'Slammer' -- SQL Slammer worm -- It nearly devastated the company I worked for back in 2003. I spent the whole weekend in the office, with the entire Operations Team, working to recover before Monday's open. You know how it got in? One of our best developers had simply been doing a little work from home. The vulnerability was there and a patch was available. I didn't know about it, I hadn't patched my servers yet, and it took our network down.
This is why I say it should be done both physically and logically. Otherwise, the risks are too great. In addition to my own tips, here are a couple of good references that I recommend pretty regularly:
Security Considerations for a SQL Server Installation
White Paper: Security Overview for Database Administrators
We all know that 'security' is a fairly wide-reaching category. I will try to post information for many different areas -- Data access, principals and securables, permission changes & authentication, encryption, DDL audits, SQL Injection, and more. Hopefully you will find something helpful. Please let me know if you have any problems, or if I can help further.
SQL Server Security tips:
This is why I say it should be done both physically and logically. Otherwise, the risks are too great. In addition to my own tips, here are a couple of good references that I recommend pretty regularly:
Security Considerations for a SQL Server Installation
White Paper: Security Overview for Database Administrators
We all know that 'security' is a fairly wide-reaching category. I will try to post information for many different areas -- Data access, principals and securables, permission changes & authentication, encryption, DDL audits, SQL Injection, and more. Hopefully you will find something helpful. Please let me know if you have any problems, or if I can help further.
SQL Server Security tips:
- Check the Authentication Mode Three ways to check your Authentication Mode
- Copy Object Permissions Quickly copy object permissions to another instance
- List Object Permissions Output all object permissions in the targeted database
- sys.sql_logins, Password Expiration View server-level metadata for your logins
- Sysadmin & SecurityAdmin Which logins are members of these fixed server roles
- sys.database_permissions Quick way to view database-level permissions, by principal
Really relevant server security tips. Thanks!
ReplyDelete