Home
Topics
Systems Channel
Database Management Products and Solutions
Offer SQL Server security services

Offer SQL Server security services

Retired Expert - Hilary Cotter

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
Limiting use of the guest account and the sysadmin role.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- network convergence

This was first published in July 2007

Back to top

More from Related TechTarget Sites

Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup
Microscope

Cloud Provider
- News briefs: Google cloud services headline I/O, Compute Engine opens
  
  In these briefs, Google I/O delivers news about Google's cloud services, including a new database service and general availability of Compute Engine.
- How can you maximize the ROI for IPv6 training?
  
  Have a well-thought-out plan for IPv6 training before you start, says IPv6 expert Ciprian Popoviciu, and follow these tips after schooling begins.
- Is it more useful to jump into IPv6 testing or master IPv6 theory?
  
  Mastering the theory behind IPv6 and the act of IPv6 testing are both important, but one is more helpful long term, says cloud expert Chip Popoviciu.
Security
- Using EMET to harden Windows XP and other legacy applications
  
  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.
- Beyond privacy policies: Practical privacy for websites and mobile apps
  
  Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps.
- Exploit kits evolved: How to defend against the latest attack toolkits
  
  Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
Networking
- Troubleshooting network problems with good governance and design
  
  Packet loss, oversubscription, unpatched and inconsistent switch software still plague enterprise networks. Find out how engineers are fighting back.
- Networking blogs: Overlay Transport Virtualization, SDDC practicality
  
  In this week's networking roundup, bloggers advise how to use Overlay Transport Virtualization and discuss what's needed for a mature SDDC.
- Q&A: Why WLAN test tools should evolve quickly -- but likely won't
  
  Network consultant Peter Welcher talked to SearchNetworking about the evolution of WLAN test tools as more businesses look to wireless networks.
searchStorage
- Is there any popular software that allows me to share PCIe SSD cards?
  
  Learn the different methods to share PCIe SSD cards among multiple servers to improve performance and still keep costs down.
- Can object storage systems be used with file-based apps?
  
  Learn how to use applications such as Microsoft Exchange or SQL Server with object storage systems on the back end.
- How can host-based and array-based data replication techniques be compared?
  
  Learn the benefits and drawbacks to host-based and array-based replication methods to determine which one better suits your environment.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
Server Virtualization
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
- Columbia Sportswear's move from virtualization to private cloud computing
  
  Columbia Sportswear parlayed server virtualization into a private cloud. Along the way, it found that its management tools needed serious rethinking.
- Power management a must for oVirt high availability
  
  Dodge dreaded downtime by enabling power management in your oVirt 3.1 environment.
searchDataBackup
- Enterprise backup software avoids storage sales slump
  
  While storage vendors reported slow sales at start of 2013, Symantec and CommVault had success with enterprise backup software.
- Disk can help with backup tape rotation strategy
  
  Backup expert George Crump explains how to use disk to get the most out of your backup tape rotation strategy.
- How cloud archiving services compare
  
  Backup expert George Crump discusses the issues involved in picking a cloud archiving service for your organization.
MicroscopeUK
- Security is too complex
  
  Nick Booth is all ears as Sophos explains to its partners that simplicity is key in the security market
- Ofcom stresses importance of decent broadband
  
  An Ofcom report into the availability of communications has stressed the point that UK firms will miss out if broadband speeds do not improve
- Apple Stores get the thumbs up from shoppers
  
  Apple has come top of the charts with high street shoppers according to the latest Which? survey of who is doing well in the retail market

All Rights Reserved,Copyright 2006 - 2013, TechTarget