One of your top priorities as a DBA (maybe the top priority) is to secure your SQL Servers, the home to your customer details, human resources data and all business-critical information. You must not only protect SQL Server against external
Requires Free Membership to View
When you register, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics and biggest challenges faced by today's SQL Server database pros.
Hannah Smalltree, Editorial Director
threats, but the
much-more-common internal threats -- and the measures you take to control access will go a long way
in achieving that. This guide will walk you through key tips and expert advice to help you control
internal and external access to SQL Server, and it will highlight access control enhancements in
SQL Server 2005.
TABLE OF CONTENTS
Controlling internal access
Controlling external access
SQL Server 2005 access control
Additional security resources
| Controlling internal access | Return to Table of Contents |
- Hiding
SQL Server
If you're running SQL Server in an environment where you don't want computers to access it, you must hide the instance from network discovery.
- Access
SQL Server securely using Windows domain accounts
Windows domain accounts offer the most secure access to SQL Server. Find out why and how to use Windows authentication to defend against hackers.
- Change
privilege levels for SQL Server 2000 services
SQL Server 2000 users can access OS features in accounts where the server process runs, which makes the database vulnerable to attackers unless you change the privileges.
- Which
user is logged into which database
Get help tracking (in SQL Server itself) which SQL Server users are currently logged in and which database(s) they are accessing.
| Controlling external access | Return to Table of Contents |
- Hacker's-eye
view of SQL Server
Hackers can devastate your SQL Server workflow and cripple your company's business. Learn the four primary methods used to hack into SQL Server.
- Use
SQLPing to prevent outside access
Make sure no listening ports are open for public access on your SQL Server machines -- or you could be relaying sensitive database information to the outside world.
- Securely
sharing access to SQL Server
Get a secure way to share access to a physical SQL Server running multiple databases.
| SQL Server 2005 access control | Return to Table of Contents |
- Granting
permissions in SQL Server 2005
New security features in SQL Server 2005 make it easier to manage and grant permissions on a more granular basis. Get an overview of new features and functions.
- Top
10 security enhancements in SQL Server 2005
Here is a high-level list, in no particular order, of perhaps the 10 most significant security enhancements in SQL Server 2005.
- SQL
Server password policies and credentials
In addition to new security features related to .NET managed code, other new security features will help you tighten authentication through SQL Server logins.
- Permissions,
visibility, UDTs and user-defined aggregates
A user-defined type must be defined in the SQL Server catalog to be visible to SQL Server stored procedure, then users need the appropriate permission to invoke it.
| Additional security resources | Return to Table of Contents |
- SQL
Server Security Learning Guide
From authentication to encryption, get up to speed on SQL Server security techniques.
- SQL
Server Security School
Take a class in SQL Server security.
- Topics:
Security
Research security best practices in this topics section.
This was first published in November 2005