VARs can offer database clients two classes of security services:
- Monitoring services
- Best practices analysis
Important monitoring services include the following:
- Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
- Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
- Destructive DDL commands -- drop table statements.
- Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.
As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.
Best practices analysis can include the following:
- Checks for weak or no passwords.
- Scans to ensure that all accounts are running under the least privileges.
- Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
- limiting use of the guest account and the sysadmin role.
This was first published in May 2007