server| Security before you make a secure configuration of your SQL Server 2000 database, you must first configure the system securely.
Make sure your * system is in a safe state. Then do the necessary security audits for the Database software (program) you want to use.
such as ASP, PHP and other scripts, this is a lot of database based Web applications often appear security risks,
For the script is primarily a filtering problem, you need to filter some similar, ' @/et characters to prevent the attacker from constructing malicious SQL statements.
Then, after installing the SQL Server2000, patch SP1 and the latest SP2.
Download address is: http://www.microsoft.com/sql/downloads/2000/sp1.asp
and http://www.microsoft.com/sql/downloads/2000/sp2.asp
After you have finished the three steps above, we will discuss the security configuration of SQL Server.
1, the use of Secure password policy
We put the password policy in all security configuration of the first step, please note that many database account password is too simple,
This is the same as the system password too simple. You should be more aware of the SA, and do not allow the SA account password to be written in the application or script.
A robust password is the first step in security!
When the SQL Server2000 is installed, if you are using mixed mode, you need to enter the password for the SA.
Unless you confirm that you must use a blank password. This is an improvement over previous versions.
At the same time develop a good habit of changing passwords regularly. The database administrator should periodically see if there are any accounts that do not meet the password requirements.
For example, use the following SQL statement:
Use master
Select Name,password from syslogins where Password is null
2, the use of security account strategy.
Because SQL Server cannot change the SA user name, you cannot delete this superuser.
So, we have to have the strongest protection for this account, including, of course, using a very strong password,
It is best not to use the SA account in the database application, only if there is no other way to log on to the SQL Server instance
(for example, the SA is used when other system administrators are unavailable or forget their password).
It is recommended that the database administrator create a new superuser with the same permissions as SA to manage the database.
The security account policy also includes not allowing administrator privileges to overflow the account.
SQL Server Authentication mode has both Windows identity authentication and mixed identity authentication.
If the database administrator does not want to be a system administrator to access the database through the * system login,
Can be in the account management of the system account "BUILTIN\Administrators" deleted.
But the result is that once the SA account forgets the password, there is no way to recover it.
Many hosts use database applications just to do queries, modify, and other simple functions,
Assign accounts according to your actual needs and give you the right to meet your application requirements and needs only.
For example, as long as the query function, then use a simple public account can select the.
3, strengthen the record of the database * records.
Audit the failure and success of database logon events, select Security in the instance properties,
Select the audit level as a whole, so that in the database system and the * as System * log,
The login events for all accounts are recorded in detail.
Check the SQL server* log periodically to see if any suspicious logon events have occurred, or use a DOS command.
FINDSTR/C: "Login" D:\Microsoft SQL server\mssql\log\*.*
4. Managing extended Stored Procedures
Perform a major operation on the stored procedure and be cautious about the permissions that the account calls extended stored procedures.
In fact, in most applications there is not much use of the system's stored procedures,
and SQL Server so many system stored procedures are only used to meet the needs of the vast number of users,
So delete the unnecessary stored procedures,
Because some systems ' stored procedures can easily be exploited to elevate permissions or destroy them.
If you do not need to extend the stored procedure xp_cmdshell please remove it. Use this SQL statement:
Use master
Sp_dropextendedproc <|>xp_cmdshell<|>
xp_cmdshell is the best way to get into the system, which is a big back door for the system.
If you need this stored procedure, please use this statement to recover.
Sp_addextendedproc <|>xp_cmdshell<|> <|>xpsql70.dll<|>
If you do not need to discard OLE automatic stored procedures (which can cause certain features in the manager to not be used),
These processes include the following:
sp_OACreate sp_OADestroy sp_OAGetErrorInfo sp_OAGetProperty
sp_OAMethod sp_OASetProperty sp_OAStop
Removing unwanted registry access stored procedures, the registry stored procedure can even read out the password of the system administrator as follows:
Xp_regaddmultistring Xp_regdeletekey Xp_regdeletevalue
Xp_regenumvalues Xp_regread xp_regremovemultistring
Xp_regwrite
There are other extended stored procedures that you might want to check.
When dealing with stored procedures, be sure to avoid causing damage to the database or the application.
5, the use of Protocol encryption
The tabular data stream protocol used by SQL Server 2000 for network Exchange.
If not encrypted, all network transmissions are plaintext, including passwords, database contents, etc.
This is a great security threat. Can be intercepted in the network what they need, including database accounts and passwords.
Therefore, in the case of conditions, it is best to use SSL to encrypt the protocol, of course, you need a certificate to support.
6, do not let people casually detect your TCP/IP port
By default, SQL Server uses 1433-port listening, and many people say that when SQL Server is configured, this port is changed.
So that other people can not easily know what port to use.
Unfortunately, Microsoft's undisclosed 1434-port UDP probes make it easy to know what TCP/IP ports are used by SQL Server.
But Microsoft is still considering this problem, after all, open and open port will cause unnecessary trouble.
Select the properties of the TCP/IP protocol in the instance properties. Choose to hide the SQL Server instance.
If you hide an instance of SQL Server, the client that attempts to enumerate an existing instance of SQL Server on the network is blocked
In response to the broadcast given. This way, others cannot use 1434来 to detect your TCP/IP port (except with Port Scan).
7. Modify the port used by TCP/IP
On the basis of the previous configuration, change the original default port 1433.
Select the properties of the TCP/IP protocol in the network configuration in the instance properties to change the default port used by TCP/IP to a different port.
9. Reject probes from 1434 ports
Because 1434-port probes are not limited, can be detected by others to some database information, but also may be a Dos attack to the database server CPU load, so for Windows 2000* system, in the IPSec filter rejected 1434-port UDP traffic,
You can hide your SQL Server as much as possible.
10. IP Restrictions on network connections
The SQL Server 2000 database system itself does not provide a secure solution for network connectivity,
However, Windows 2000 provides this security mechanism. The use of * as the system's own IPSec can achieve the security of IP packets.
Limit the IP connection to ensure that your IP is accessible and that other IP port connections are denied.
Effective control of security threats from the network.
Refer to the use of IPSec for: http://www.microsoft.com/china/technet/security/ipsecloc.asp
The security configuration of some of the SQL Server described above, with the above configuration, gives SQL Server sufficient security capabilities. Of course, the more important is to strengthen the internal security control and security training for administrators,
And the security issue is a long-term resolution process, but also need to do more security maintenance.
