March 9, 2009 at 7:48 am
Hi guyz, i need to work on the security of a database, even on the network, and need to know how this is done. Any help please?
March 9, 2009 at 8:08 am
Start by making sure the database is being accessed by logins other than sa. Then make sure the logins being used have the minimum rights necessary in order to get the job done, and nothing more.
Other things to look into are the Surface Area Configuration tool. Make sure none of the more open processes are activated, unless they absolutely have to be. For example, xp_cmdshell. Make sure it's not in use unless there is absolutely a vital need for it, and even then challenge why the same thing can't be done through CLR.
Speaking of CLR, make sure it's set up correctly (trustworthy, etc.), or that there's a darn good reason for it to be opened up.
That'll handle most of the basics.
After that, it's code review to make sure you're doing everything you can to avoid SQL injection. Working with sys admins to make sure the firewall is configured correctly to block ad hoc access to the database server and to make sure VPN is set up correctly so you can access the server remotely if you need to. And so on.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply