How to protect your SQL Server database

The security of the database is always very important, I believe it will be helpful to everyone.

1. First, you need to install the latest service pack

One of the most effective ways to improve server security is to upgrade to SQL Server Service Pack 3a (SP3a). In addition, you should also install all published security updates.

2. Use the Microsoft Baseline Security Analyzer (MBSA) to evaluate the security of the server MBSA is a tool that scans for unsafe configurations of a variety of Microsoft products, including SQL Server and Microsoft SQL Server Desktop Engine (MSDE 2000). It can be run locally, or it can run over the network. The tool detects SQL Server installations for the following issues:

(1) Too many members of the sysadmin fixed server role.

(2) grant the right to create cmdexec jobs for roles other than sysadmin.

(3) An empty or simple password.

(4) Fragile authentication mode.

(5) Give the Administrators group too much rights.

(6) An incorrect access control table (ACL) in the SQL Server data directory.

(7) The SA password with plain text in the installation file.

(8) grant the Guest account too much rights.

(9) Run SQL Server on a system that is also a domain controller.

(10) An incorrect configuration of the Everyone group that provides access to a specific registry key.

(one) Incorrect configuration of the SQL Server service account.

(12) The necessary service packs and security updates are not installed.

Microsoft provides free downloads of MBSA.

3. Use Windows Authentication Mode

Whenever possible, you should require Windows Authentication mode for connections to SQL Server. It protects SQL Server from most Internet tools by restricting connectivity to Microsoft Windows users and domain user accounts, and your server will benefit from Windows security enhancements, For example, stronger authentication protocols and enforced password complexity and expiration times. In addition, credential delegation (the ability to bridge credentials across multiple servers) can also be used only in Windows Authentication mode. On the client side, Windows Authentication mode no longer requires storing passwords. Storing passwords is one of the major vulnerabilities of applications that log on using standard SQL Server. To install the Windows Authentication mode in SQL Server Enterprise Manager, use the following procedure:

(1) Expand the server group.

(2) Right click on the server, and then click Properties.

(3) In the authentication of the Security tab, click Windows only.

4. Isolate your server and regularly back up

Physical and logical isolation form the basis of SQL Server security. The machine hosting the database should be in a physically protected place, preferably a locked room, equipped with flood detection and fire detection and fire-fighting systems. The database should be installed in the security zone of the enterprise intranet and not directly to the Internet. Back up all data on a regular basis and save the copy at a secure site field point.

5. Assign a robust sa password

The SA account should always have a strong password, even on servers that are configured to require Windows authentication. This will ensure that when the server is reconfigured for mixed mode authentication, there will be no blank or vulnerable SAS.

To assign the SA password, use the following procedure:

(1) Expand the server group, and then expand the server.

(2) Expand Security, and then click Login.

(3) In the details pane, right-click the SA, and then click Properties.

(4) In the Password box, enter a new password.