Run a safe SQL Server installation

Source: Internet
Author: User
Tags sql injection microsoft baseline security analyzer
Data collection and distribution is one of the responsibilities of network management and must ensure the accuracy and security of such data. No matter what operating systems they are, database servers need special management to ensure operational security.

Good security begins with installation. Now let's take a look at how to get SQL Server security at the beginning.
Install
Before installation, locate the terminal router or firewall and specify UDP and TCP ports 1433 and 1434 as the IP address of SQL Server. This will help prevent SQL injection vulnerabilities during installation.
Do not install SQL Server on a domain controller. The weakness of a program can compromise the entire domain. Before the installer transfers data, you 'd better install SQL Server on an operating system with a fully patched OS.
The SQL Server Service should run under an independent local account. In this way, even if someone destroys the program, other servers will not be affected.
If the server is a Windows-based network service, all connections to the server require Windows authentication. This will make it unnecessary for users to remember the passwords of other connections, thus reducing the burden on users.

Service account
In general, service accounts pay attention to the permissions assigned to them. SQL Server uses two accounts: SQL Server Engine and SQL Server Agent. Both accounts are run as domain users with the general account permissions.
If you use the executable program of SQL Server, the SQL Server Agent account requires the local Windows administrator privilege.
Note: If you need to change the account related to the SQL Server service, you can use SQL Server Enterprise Manager ). Enterprise administrators set appropriate permissions for the files and registry keys used by SQL Server. Do not use the Services applet of MMC on the control panel to change these accounts.
After installation

By running the Microsoft killpwd.exe program, you can clear the plain text sysadmin password stored in different installation files during installation.
After clearing the installation file from the new server, run Microsoft Baseline Security Analyzer (MBSA ). This tool can scan and test problems arising during installation, including:
Too many sysadmin members want to act as server roles.
Assign permissions to create a CmdExec job.
Blank or click the password.
Weak authentication methods.
Excessive permissions assigned to the administrator Group.
SQL Server running on the system of the domain controller.
Inappropriate configurations for each group.
Improper configuration of the SQL Server service account.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.