SQL Server Security

Question

Post reply

SQL Server Security

sosoba

SSC Rookie

Points: 45
More actions
February 7, 2003 at 9:53 am

#158548

I am a developer that would like to know more about how SQL Server security works. I would appreciate any advice on any tutorials you know about that would help with this.
Thanks
Steve Osoba
Developer
The System Shop, Inc.

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Steve Jones - SSC Editor SSC Guru Points: 736212 More actions · Answer 1

http://www.sqlservercentral.com/columnists/sjones/sqlserversecurityresources.asp

http://www.sqlservercentral.com/columnists/ckempster/sql_server_security.asp

Steve Jones

sjones@sqlservercentral.com

http://www.sqlservercentral.com/columnists/sjones

http://www.dkranch.net

tcartwright SSCertifiable Points: 5573 More actions · Answer 2

Steve J, your article is an excellent compilation of resources about security. I will be assimilating them soon into my heap....

Tim C.

//Will write code for food

One Windows to rule them all, One Windows to find them,

One Windows to bring them all and in the darkness bind them

In the Land of Microsoft where the Shadows lie.

Tim C //Will code for food

ecpasos SSChasing Mays Points: 658 More actions · Answer 3

Hi,

The Database Best Practices link appears to be stale.

cafemar1 SSCrazy Points: 2405 More actions · Answer 4

Steve,

I have reading your security articles and found them very helpful.

I have a question, though. Is there a way I can trace any hacker attempt to log in? Not using Windows tracer or third party applications.

I can trace my internal users without any rpoblem, but I do not know how to monitor any attempt to get into pour system. If so, would you please give me an idea on how to. I searched BOL and could find anything regarding this issue.

Our SQL security is more than OK (never perfect, there is always something to learn.) We have been improving almost every day on this matter, but if there is something I could use without buy any third party application it will be great! We already quoted some of those, anyways.

Thank you.

Jeff W SSCertifiable Points: 5207 More actions · Answer 5

How bad can security be....

One year ago I started in a new position at a company that had fired their first DBA of 1.5 years.

Here's what I found:

No sa passwords on any of the servers

Domain Groups with the sysadmin role

The dba that was fired still works here at night to create reports...noone was told

Links across all DB Servers

All applications used the sa account w/out a password.

All Developers, Call Center, Managers, etc..using Enterprise Manager.

I was scared when I first walked in here. We are better now, but I am still trying to get security to be part of the plan.

"Keep Your Stick On the Ice" ..Red Green

WillisJohnson Newbie Points: 8 More actions · Answer 6

Hi Steve,

Here's a whitepaper that gives a good overview of the SQL 2000 RTM version security architecture and features:

http://www.microsoft.com/sql/techinfo/administration/2000/security/securityWP.asp

A revision covering SP3 and best practices is in the pipeline.

Here's a SQL Security Top Ten list, with some helpful links:

http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp

I like the chapter on SQL Server Erik Birkholz shared on NTBUGTRAQ last week:

http://www.specialopssecurity.com/SpecialOpsCh12.pdf

This article on security auditing is also very helpful:

http://www.microsoft.com/technet/security/prodtech/dbsql/sql2kaud.asp

Hope this helps!

Willis Johnson

SQL UE