Browse DevX
Sign up for e-mail newsletters from DevX


Securing Your SQL Server : Page 4

A growing consciousness of security has brought Microsoft SQL Server database security into focus as never before. Planning for database security should begin early in the development process and there are important vulnerabilities that you need to prevent in your application's SQL Server.

SQL Server Security Best Practices
What should you do to make your SQL Server as secure as possible? Here's a strategy that can help.

Do the Basics First
These basic steps are recommended so often now that they approach common sense:

  • Use Windows authentication whenever possible for users and applications
  • If you are using SQL Server authentication, secure your SA account with a strong password and only let a select few know it
  • Assign users minimal permissions
  • Deny access to tables and views in the database—have your application execute stored procedures to get data
  • Don't expose your SQL Server to the Internet; if you must, change it from port 1433 to some other port number and filter that port
  • Give SQL Server and SQL Agent domain logins that do not require administrative access to the server
  • Apply the latest SQL Server service pack and security patch
  • Test!
Test Using the Microsoft Baseline Security Analyzer
You can use a number of utilities to test your SQL Server. You can go to Microsoft's site and download the Microsoft Baseline Security Analyzer, for example. This utility will scan your system for Windows, IIS, and SQL Server vulnerabilities and will present you a number of recommendations. You can see some sample output from the MBSA in Figure 1.

Ron Talmage heads Prospice, LLC, a database consulting firm based in Seattle. He is a SQL Server MVP, PASS newsletter co-editor, current president of the Pacific Northwest SQL Server Users Group, and also writes for SQL Server Professional and SQL Server Magazine. .
Thanks for your registration, follow us on our social networks to keep up-to-date