How to secure a database from scatch ?

  • Hi,

    I am SQL Server DBA (2000/2005), I have some problems setting security(lack of security knowledge) , which book/article you recommend me.

    How to secure a database from scatch (user/login/roles).

    I need to know all steps.

    Thanks a lot for your help.

    Regards,

    Ahmed

  • What exactly are you wanting to secure and to what extent? Security can be as little as restricting who can connect to your SQL Server (create only those logins that are necessary), what can connect to your SQL Server (firewalling, restricting access to the machine to specific IP addresses) through to restricting access at a column level & using encryption.

    Then there's consideration to be given to the security of the physical files, the backup files, the physical server and network communications.

    And with all of this, there's the balance between security & usability.

    So one of the first questions to ask is just how sensitive is the data?

    Check out BOL first - lots of stuff in there and it's free.



    Scott Duncan

    MARCUS. Why dost thou laugh? It fits not with this hour.
    TITUS. Why, I have not another tear to shed;
    --Titus Andronicus, William Shakespeare


  • Agreed that you should check books online. Also, if you are still using SQL Server 2000, there is a great book by Chip Andrews, David Litchfield, and Bill Grindlay titled "SQL Server Security" that is very thorough - though certain sections might be a bit too much to digest if you are completely new to SQL Server security. A lot of the concepts apply in 2005 as well but it is much more secure from the start so there is not as much work to do in some areas.

    Once you've gotten started, http://www.sqlsecurity.com has some useful tools and references, but aside from the SQL Security Checklist in the FAQs section, there isn't a lot on getting started.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply