How to do data protection for SQL Server

For a variety of reasons, people who make security settings often do not understand the true value of the data, so they cannot properly protect the data. It is important for a database administrator to limit your data to the people you need to access and to ensure the legality of the people you visit. However, ensuring that data is accessible does not mean that the data is open to everyone, but instead you must carefully protect the data and open it only to those who need it.

Setting up security procedures

Common software maintenance and database updates will play an important role in system security, typically including the following steps:

1, assign a reliable password to the default system management (SA) account. Then, create your own unique named account, and put this account into the sysadmin. Be sure to confirm that the new account also has a reliable password.

2. Assign a separate password to each user. Better yet, use Windows integrated Security and have Windows follow a stable password rule.

3, decide which users need to view the data, and then assign the appropriate license. Please do not arbitrarily give users various permissions. For example, don't let everyone else's salary be accessed casually.

4, decide which users need to update the data, and then assign the appropriate license. Account managers should be able to view the information of all users, but programmers must limit the permissions to update the information. In particular, only the manager who is responsible for a particular account is the only person who can change the user's data.

You can learn a lot of knowledge through these series of information, but you should have them from the beginning. Otherwise, any user of the database can steal or delete your important data.

What is the easiest thing to make a mistake?

For records, it should be known that SQL Server is not absolutely secure. You should put forward some ideas and try to protect your server effectively. There are two points you must complete before installing the server:

1, set up the administrative personnel account number and password.

2, protect the system to prevent the infection by Slammer worm.

To make something special safe.

SQL Server 2000 has the default security settings through the SA account. During the installation process, SQL Server automatically establishes a managed user and assigns a blank password to the SA user name. Some managers like to set the SA password blank or a generic password so everyone can know. If you make such a mistake, anyone who enters your database can do whatever it wants. Anyone with the permission of a manager can do whatever they want-not just the database, but the entire computer. Therefore, users must be limited to access to the database according to their needs, do not give them too little rights, not too much.

Put aside the SA account you manage every day for a while, and let's take a look at the account with the secure password. Create another account to manage (either a SQL Server account or a Windows account, depending on your authentication mode). What you want to avoid is too easy to guess the name of the account or the password of the account, because anyone gets these accounts.

A bad thing that's alarming-slammer worm (Slammer worm)

In the January 2003 there were some very lethal malicious code, namely Slammer worm. This code is specifically targeted at the installation of SQL Server. By taking advantage of the imperfections in the SQL ServerA code, the worm can replicate its own programs while the SQL Server is installed, damaging the entire machine and other machines. Worms can fill the network with 15 seconds when they are generated. Microsoft has already spent a lot of effort to stop the worm, but the worm cannot be completely eliminated. Some people are starting to complain about the beta version of SQL Server because it caused system corruption during installation.

Many months have passed, is it necessary to be so wary of worms? The answer is yes. Because every day there are a lot of slammer copy and infect the machine. If a SQL Server without any patches is connected to the network, you will become a victim of this behavior. Ethically, before you connect SQL Server to a network line, you must protect your server and run all the new service patches.

The importance of service patches

Service patches are free at download time. Slammer does not damage your data, but it can cause a lot of damage to the server, its harm is obvious. The easiest way to protect your data is to download Service Pack 3 or Service Pack 3a.

How worms work this knowledge is not important, and it is important that worms survive for 6 months after the Microsoft patch is released. Worm-infected business systems usually have two reasons: one is that managers do not protect the system very effectively, and the worms themselves are too powerful.

You should note that SQL Server SP3 is also unable to guarantee that it will be able to maintain full data. You should monitor Microsoft's security bulletin (Microsoft Safety Bulletin) in real time to ensure that it is in the status of a service patch notification.

Select an authentication mode

One of the options that must be determined during SQL Server Setup is to select the security authentication mode. Here are two modes:

1. Windows Authentication Mode (also called Integrated mode)

2, Mixed mode

Windows Authentication mode users connect to a SQL Server by using a ready-made Windows user account. When a user connects to a server using a valid username and password, SQL Server confirms the user's registration information. The result is that users are only registered in Windows and SQL Server, and account information is tightly stored by Windows.

Blending mode is a combination of Windows authentication and SQL Server authentication. In mixed mode, some users can continue to use Windows accounts to access SQL Server, but others can only use SQL Server user accounts that are completely unrelated to Windows accounts. Each SQL Server account holds its user name and password. If these registration values are the same, the user must enter two times-one for Windows input and the other for SQL Server input.

Windows authentication is superior to mixed mode for the following reasons:

It provides more features than SQL Server authentication.

Many managers believe that Windows authentication is easier to implement and use.

With Windows authentication, you do not need to store passwords in the connection string.

Windows certification means you only need to store passwords in one place.

Unfortunately, Windows certification is not something that everyone can use. Mixed mode must be run in SQL Server 7.0, and Windows authentication can only be used in SQL Server2000. There are other environments where Windows authentication does not work because there is no way to gain mutual trust from the platform. In this case, you can only use mixed mode and SQL Server registration.

Other installation Tips

While installing SQL Server, there are some other techniques that are noteworthy.

Use TCP/IP as the network library for SQL Server. This is the library that Microsoft recommends to use, be subjected to test. If the server will be connected to the network, the use of non-standard ports will be damaged by someone with ulterior motives.

Use a low-level account to run SQL Server instead of an admin account. This protects the system when it crashes.

Do not allow guests without security permission to access any database that includes secure data.

Protect the database in a "locked room". Remember, a lot of harassment comes from inside people.

Summarize

The data should be protected from the outset by security measures. To prevent intentional or unintentional damage, you should protect your data. Learn to build a security model and use it. Let the security nightmare stay away from you and rest your work.