Learning Guide: SQL Server security |
 |
By Sara Cushman, Assistant editor
27 May 2004 | SearchDatabase.com |
|
|
SQL Server is known for its ease-of-use and that characteristic is one reason why more and more businesses are choosing Microsoft's DBMS for large-scale implementations. But the default settings that make SQL Server so easy to set up can leave the doors open, making it an easy target. This learning guide can help you identify those problem areas and secure your SQL Server systems.
The Slammer worm of 2003 provided an apt demonstration of what happens when security vulnerabilities are left unattended. The attack also revealed weaknesses in networks, such as unprotected remote users connecting to company VPNs. But it doesn't take a major Internet worm to reveal weaknesses in your system. Some common mistakes in configuration include leaving the default public permissions as is, not changing the system administrator password to something difficult and allowing too many users too many privileges.
In simple terms, securing SQL Server means controlling access to the database and keeping current on all updates and patches. The hard part is implementing the rules and processes to do so. These guidelines can help you formulate a plan.
Knowing what to do is different from knowing how to do it. Here are a few real-world examples of how to implement secure practices with everyday SQL Server use.
Once you've covered your system, your job isn't done. New vulnerabilities will be discovered and will be exploited. Keep up to date on security bulletins and available patches. Microsoft offers these sites to learn about and report vulnerabilities, and download the necessary patches.
Be proactive in your SQL Server security practices. Figure out how to hack your system before someone else does. Here are a few lessons on how hackers hack.
|
|
|
|
Learn from past mistakes
