Layers of Security

  • Comments posted to this topic are about the item Layers of Security

  • I have to agree, it's a mess to configure firewalls. Thou I've only configured my personal ones.

    One time I started out sending an email to the internet service provider I had, asking which protocols and ports they needed open for me to get internet. They didnt know! I started out hard, blocking a bit too much so I didnt even get the packages from the isp that gave me my ip address.. It is a mess and last i checked it was not that easy to find out all the information one should have.

  • Agreed, though I wonder how many DBAs actually have the authority to set the rules involving database security policies or even set standards for developers and insist that they be followed in all projects? Not many probably (I certainly don't).

    The probability of survival is inversely proportional to the angle of arrival.

  • OK Steve, you have me interested. I consider SQL Security to be as complex as anything I have seen. I have zero issues configuring my Windows server to be as secure as possible. I think I know enough to do things right, but I don't know "why" to choose one selection over another. Vendors still push for "sa" accounts for access and there is little I can do when I am told to implement a system with that poor of a design, but there are systems that I have more control over. The article above yours mentions "teaching a man (woman) to fish".

    What do you suggest as the best resource for security in SQL Server 2008 R2?

    Preferably a nice set of articles like the ones SQLServerCentral is doing for SSRS, or how about a good book, maybe even a blog somewhere?

    Even those of us who consider themselves experts in this vein should benefit by reading more about it. For those of us who struggle with it, good information can be trememndous. I know BO has information, but to me that is more of a reference, and useful once you know what you want to do. A good primer, followed by good detail, is usually easier for most of us to pick up.

    Dave

    Dave

  • djackson 22568 (12/6/2011)


    Vendors still push for "sa" accounts for access and there is little I can do when I am told to implement a system with that poor of a design, but there are systems that I have more control over.

    I've had a few vendors ask for SA in the past. Digging in, we found they wanted SA because a) that's what they always use, and b) because they wanted to create logins or run a job from the application.

    We could easily do the "create" logins from SSMS (or EM in that case) and the application would see them. We could also grant rights to run jobs without giving SA. Some vendors want SA, but don't really even know why they have that requirement.

    What do you suggest as the best resource for security in SQL Server 2008 R2?

    Preferably a nice set of articles like the ones SQLServerCentral is doing for SSRS, or how about a good book, maybe even a blog somewhere?

    Even those of us who consider themselves experts in this vein should benefit by reading more about it. For those of us who struggle with it, good information can be trememndous. I know BO has information, but to me that is more of a reference, and useful once you know what you want to do. A good primer, followed by good detail, is usually easier for most of us to pick up.

    Dave

    We are working on a security stairway series, but it's tough to get one done. For now, I would recommend a couple resources:

    Securing SQL Server: http://www.amazon.com/gp/product/1597496251?ie=UTF8&tag=redgatsof-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1597496251

    Hardening SQL Server: http://www.sqlmag.com/article/sql-server/Hardening%20SQL%20Server-135858

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply