1. Install the latest service pack
One of the most effective ways to improve server security is to upgrade to SQL Server Service Pack 3a (SP3a). In addition, you should also install all published security updates.
2. Use the Microsoft Baseline Security Analyzer (MBSA) to evaluate server security
MBSA is a tool that scans for unsafe configurations of a variety of Microsoft products, including SQL Server and Microsoft SQL Server Desktop Engine (MSDE 2000). It can be run locally, or it can run over the network. The tool detects SQL Server installations for the following issues:
1) Too many members of the sysadmin fixed server role.
2 Grant the right to create cmdexec jobs for roles other than sysadmin.
3 empty or simple password.
4. Fragile authentication mode.
5 give the Administrators group too many rights.
6 An incorrect access control table (ACL) in the SQL Server data directory.
7 The installation file uses the SA password in plain text.
8 Grant the Guest account too much rights.
9 Run SQL Server in a system that is also a domain controller.
10 the incorrect configuration of the Everyone group provides access to specific registry keys.
An incorrect configuration of the SQL Server service account.
12 The necessary service packs and security updates are not installed.
Microsoft provides free downloads of MBSA.
3. Use Windows Authentication Mode
Whenever possible, you should require Windows Authentication mode for connections to SQL Server. It protects SQL Server from most Internet tools by restricting connectivity to Microsoft Windows users and domain user accounts, and your server will benefit from Windows security enhancements, For example, stronger authentication protocols and enforced password complexity and expiration times. In addition, credential delegation (the ability to bridge credentials across multiple servers) can also be used only in Windows Authentication mode. On the client side, Windows Authentication mode no longer requires storing passwords. Storing passwords is one of the major vulnerabilities of applications that log on using standard SQL Server. To install the Windows Authentication mode in SQL Server Enterprise Manager, use the following procedure: