Securing the server and database in SQL Server

SQL Server security is made up of multiple layers: network, operating system, server-level and database. These layers need to be hardened individually because a breach in any one of them could mean failure for an entire solution.

Network and operating system security were discussed in part one of this series. This section explores database and server-level protection.

Server security properties

In the server properties tab, a "server proxy account" can be specified for use by xp_cmdshell. While I strongly advice against it, if you do plan on using xp_cmdshell, I recommend putting in a proxy account with very low privileges.

Specifically, there are two noteworthy settings under server properties: Enable C2 audit tracing and Enable Common Criteria compliance.

Enable C2 audit tracing allows the tracing of object access -- both success/fail -- to the data drive, which -- unless controlled -- grows until the server shuts down.

Enable Common Criteria compliance causes memory to be overwritten before it is reallocated. While this causes a more secure system, memory usage will be slower. Furthermore, the option also changes login auditing and permission sets. As a result, before turning this option on, it is important to be careful with the permissions design in the database as well as the performance requirements.

SQL Server SSL security

SQL Server Configuration Manager controls any SSL usage.

If a certificate is installed, right-click Protocols for ...

To read more you must become a member of SearchSQLServer.com

As an existing member of the TechTarget network please activate your SearchSQLServer.com account 

By joining SearchSQLServer.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Security Meet compliance requirements with improved database security practices Hardening the network and OS for SQL Server security SQL Server security made simple and sensible Blog: Protect your databases from the internal threat Setting up SQL Server Service Broker for secure communication The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Database Management and Administration Using traces in SQL Server Profiler Meet compliance requirements with improved database security practices Hardening the network and OS for SQL Server security How SQL Server 2008 components impact SharePoint implementations Troubleshooting Distributed Transaction Coordinator errors in SQL Server Achieving high availability and disaster recovery with SharePoint databases Clearing the Windows page file and its effect on server performance Deploying a SQL Server virtual appliance for Microsoft Hyper-V How to create SQL Server virtual appliances for Hyper-V Push vs. pull: Configuring SQL Server replication

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

S2K8 and select Properties. The following screen will appear:

Figure 1 (click to enlarge)
[IMAGE]

Under the Flags and Certificate tabs, it can be specified whether or not an encryption is forced.

In a highly-secure production system, it is best to force the encryption. I recommend setting the Hide Instance option to Yes for production systems. This is because allowing the SQL Server browser service to locate an instance in production makes it easier to locate and hack a production SQL Server.

Furthermore, in production environments it is best to avoid a self-signed certificate because it could be breached by a man-in-the-middle attack – an attack where active eavesdropping is used by making independent connections with each victim and relaying the messages between them. In Dev/QA environments, this will depend on the security levels needed with the systems being worked on.

SQL Server endpoint security

When an endpoint is created, ensure that the state is only started if necessary, use a non-standard port (notify the network group of the port along with the protocol TCP involved) and allow/require encryption.

Only the necessary ports should be open, and only for the required protocols. Assuming the network is not encrypting traffic, I recommend setting the encryption to "required". In the case below, the other endpoint would have to be set to required (or supported).

CREATE ENDPOINT endpoint_mirroring
 STATE = STARTED
  AS TCP ( LISTENER_PORT = 8035 )
  FOR DATABASE_MIRRORING</font> (
  AUTHENTICATION = WINDOWS KERBEROS,   ENCRYPTION = SUPPORTED,
  ROLE=ALL);

The next step is to grant the right to connect to the endpoint. I recommend not using basic authentication due to security issues. You should also try to limit the connection access to the fewest logins possible. Preferably, use logins that are either specific to this endpoint or have very narrow usage in the enterprise.

GRANT CONNECT on ENDPOINT::endpoint_mirroring TO [Domain\ConnectingUser];
GO

SQL Server service account security

Every SQL Server service should be installed with a different Active Directory (AD) account. There should never be a reason to give a SQL Server service AD account Domain Admin.

This is typically done because people get lazy and sacrifice security for ease of use. Each SQL Server service should use a different account because each service uses different functional areas requiring different permissions to be properly locked down. In other words, your SQL Server service AD account probably does not need permissions to access the Internet or the ability to login interactively.

In database systems, a breach in any part of the overall system can be exploited to gain access to critical systems. Therefore, it is important to consider how the various layers – network, operating system, server, and database - are interconnected.

ABOUT THE AUTHOR:   

[IMAGE] Matthew Schroeder is a senior software engineer who works on SQL Server database systems ranging in size from 2 GB to 3+ TB, with between 2k and 40+k trans/sec. He specializes in OLTP/OLAP DBMS systems as well as highly scalable processing systems written in .NET. Matthew is a Microsoft certified MCITP, Database Developer, has a master's degree in computer science and more than 12 years of experience in SQL Server/Oracle. He can be reached at cyberstrike@aggressivecoding.com.

Rate this Tip To rate tips, you must be a member of SearchSQLServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.