VARs can offer database clients two classes of security services:
- Monitoring services
- Best practices analysis
Important monitoring services include the following:
- Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
- Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
- Destructive DDL commands -- drop table statements.
- Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.
As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.
Best practices analysis can include the following:
- Checks for weak or no passwords.
- Scans to ensure that all accounts are running under the least privileges.
- Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
- limiting use of the guest account and the sysadmin role.
Related Q&A from Hilary Cotter
Learn the new components of Windows XP SP3 including black hole router detection and network access protection. Compare XP SP3 features to Vista and ...continue reading
Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM.continue reading
SOA depicts how two services or programs can communicate with each other. Learn why SOA should catch the attention of service providers and the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.