Security Defense solution for MS SQL SERVER

I divided the entire defense solution into two parts: defense against the vulnerability solution of the ms SQL server service itself, and prevention of SQL Injection script attacks
.

1) defense against Microsoft SQL SERVER Vulnerabilities

① Use the network firewall to filter non-local service requests to ms SQL SERVER.
The simplest method is to add the following rule groups to the personal firewall, such as Skynet, on the local host of ms SQL SERVER:
Rule 1: Allow local access to ports TCP1433 and UDP1434
Rule 2: prevent all addresses from accessing the TCP1433 and UDP1434 ports of the Local Machine
Note: Rule 1 must have a higher priority than rule 2.
In this way, you can.

② Periodically use MBSA to scan the ms SQL server and ensure that the patch version of ms SQL SERVER is the latest version.
Bytes ----------------------------------------------------------------------------------------------
For instructions on using MBSA, see:
Http://demonalex.nease.net/mbsa/index.html>
Bytes ----------------------------------------------------------------------------------------------

③ Check for weak passwords.

2) solutions to prevent SQL Injection script attacks

① Modify the default path of the IIS directory.

② Use SecureIIS to filter special characters/strings.
Bytes ----------------------------------------------------------------------------------------------
Appendix: special characters/strings include:

SQL statements that may be exploited by attackers.
Select, having, group, from, where, update, insert, create, exec, execute

Extended stored procedures that may be exploited by attacks.
Xp _ and sp _

Some special symbols.
@, % ,;,,",! , --, 1 = 1
Bytes ----------------------------------------------------------------------------------------------

③ Set special error information in IIS to prevent attackers from getting any information they want in the error information.
Bytes ----------------------------------------------------------------------------------------------
Appendix: perform the following operations:
Open "properties"-"main directory" of WEB Services in IIS-"Configure..." button-"application debugging"-"select"
Send a text error message to the customer "-" "OK"
Bytes ----------------------------------------------------------------------------------------------

④ When calling the database, try not to use the operator (dbo) or sa account to reduce the risk of intrusion.

⑤ Ensure that the script source code used by the website is confidential.

6. Strengthen the Administrator entry path.