Skip navigation
Menu
Data Analytics and Data Management>SQL

Better SQL Server Security

Security continues to be one of the hottest topics in IT. The Internet and protocols such as Simple Object Access Protocol (SOAP) and XML have driven constant-connection computing to new levels. And as new technologies make your systems more accessible, the threat from viruses and intruders has never been greater. Here are seven steps to setting up better security for your SQL Server systems.

7. Establish Physical Security


Physical security means that your SQL Server system is running in a controlled-access environment in which only approved personnel have physical access to the system. If you don't have physical security, you don't have a secure system.

6. Give SA a Strong Password


You must ensure that the sa account has a strong password. If your SQL Server sa account isn't password-protected or uses a weak password such as "password," your system and possibly your entire network are easy prey for intruders.

5. Strengthen Your Firewall


To stop direct Internet access to your SQL Server system, block TCP port 1433 and UDP port 1434 at your firewall. Also, block any other ports you're using (e.g., for multiple instances). This one action would have stopped the SQL Slammer worm.

4. Enable Windows Authentication


Windows authentication provides stronger cross-network security than the mixed SQL Server security model. With Windows authentication, you don't need to embed logins and passwords in the application code where intruders can find them. Windows authentication also helps prevent Internet intrusions by allowing access only to domain accounts.

3. Limit Special Accounts' Rights


Set up special accounts, such as MSSQLServer and SQL Agent, to run as Windows domain users with regular user privileges, not as administrators. Many exploits target these accounts, so your network's at risk if these services have more authority than necessary. When you're setting up security, remember the principle of least privileges: Don't assign more rights than any account or service needs. If you don't need SQL Agent, reduce your attack surface by not running it.

2. Apply SP3a


The newest service packs always include the latest security fixes. Network intrusions often originate well after known problems and fixes are published. However, when creating exploits, crackers count on many organizations never applying the fixes.

1. Run a Security Analyzer


Several tools, such as Microsoft Baseline Security Analyzer, scan your network and servers for known security exposures, including those I've mentioned here. The tool you use isn't important, but instituting a regular routine of scanning for security problems and fixing them before someone else finds them is.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
digital world map on warehouse background
How To Build an International Shipping Software System
Jan 30, 2024
PowerShell Analytics header.jpg
Interactive Data Analytics With PowerShell, SQL, and ChatGPT (Sample Script)
Sep 19, 2023
blue gears
How To Filter SQL Server Data in Windows PowerShell
Sep 15, 2023
PowerShell Chart hero.jpg
How To Visualize SQL Server Data in PowerShell (With Sample Script)
Sep 11, 2023