Manage Learn to apply best practices and optimize your operations.

Top 10 SQL Server security tips

Password cracking tools and hacking tricks were by far the front runners in our tally of the top 10 SQL Server security tips, thus far for 2006. View all ten tips that have piqued the interest of our audience when it comes to SQL Server security.

Password cracking and SQL Server hacking tips topped your list of favorites on during the first half of 2006. View all 10 tips that piqued your SQL Server security interests.

#1 - Ten hacker tricks to exploit SQL Server systems
SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do.

#2 - Password cracking tools for SQL Server
When performing SQL Server penetration tests and security audits, there is one probe you must not miss: password cracking. Contributor Kevin Beaver identifies tools to check for password weaknesses.

#3 - Ten IIS tips to lock down SQL Server
IIS security measures can be implemented outside SQL Server to protect databases from malicious attacks. CISSP Kevin Beaver offers 10 Internet Information Server tips to harden SQL Server security.

#4 - Working with schemas in SQL Server 2005
If you're managing too many databases with too many objects, it may be time to take advantage of SQL Server 2005's ANSI SQL feature: schemas. Find out how schemas can help.

#5 - Introducing the SQL Server 2005 Surface Area Configuration tool
Managing and securing SQL Server 2005 services could be a nightmare if not for the Surface Area Configuration tool.

#6 - Configure Windows Firewall to allow SQL Server connections
To access a SQL Server instance on a computer protected by Windows Firewall, you must configure the security tool to receive incoming connections. This tip explains how.

#7 - Encryption enhancements in SQL Server 2005
SQL Server encryption was once cumbersome and incomplete, as it failed to secure data at rest. Not any more, says CISSP Kevin Beaver. He explains SQL Server 2005 encryption enhancements and best practices.

#8 - Discover and lock down vulnerable SQL Server services
Be sure to protect those "naked" SQL Servers -- databases unnecessarily exposed to internal and external hackers. Contributor Kevin Beaver explains how to test for vulnerable SQL Server services.

#9 - Tool to configure and lock down SQL Server 2005 services
The SQL Server 2005 Surface Area Configuration tool allows you to manually enable only the services you absolutely need, minimizing the attack surface.

#10 - Run SQL Server as a domain account for network access
Security-conscious administrators tend to run SQL Server with reduced privileges -- but don't make those privileges too restrictive or you may find SQL Server unusable.

More information from

  • Sign up for our RSS feeds to get new expert technical advice every week day
  • Look up SQL Server definitions in our Glossary
  • Peruse our SQL Server Topics for help troubleshooting SQL Server DBA, developer or management problems
  • Dig Deeper on SQL Server Security

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.