SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Published: 30 May 2007

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Dig Deeper on Database software management

Related Q&A from Hilary Cotter

What are the best SMB databases?

Discover the best basic SMB database -- and learn when it's time for your SMB clients to upgrade. Continue Reading

SQL Server capacity planning

In order for SQL Server capacity planning to be affective, resellers must plan the hardware to last the life of the server. Continue Reading

Architectural solutions to Web-based applications with large datasets for VARs

Rather than throwing hardware to configure a database to support web-based applications with large dynamic datasets, VARs can use architectural ... Continue Reading

MicroscopeUK

Context: Shortages causing concern, but distributors optimistic

The first few weeks of this year have come on the back of a solid Q4, but it is still difficult to get stocks in some hardware ...

Computacenter adds to picture of strong Q4

Channel player issues trading update that adds to a growing list of evidence that H2 and the last few months of last year were ...

Sectigo launches programme and bolsters channel training

Security firm Sectigo is stepping up its channel support with a programme and portal designed to provide more access to training ...

SearchSecurity

Standardize cybersecurity terms to get everyone correct service

Some cybersecurity terms can refer to multiple service offerings, which can be confusing for companies looking to implement them ...

SolarWinds breach news center

The massive SolarWinds supply-chain attack continues to invade networks. Here's the latest news on the breach, how the malware ...

Adopting threat hunting techniques, tactics and strategy

Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, ...

SearchStorage

Compare 3 file and object storage products

Looking for a product that supports both object and file storage? Explore the varying features of Dell EMC, NetApp and Pure ...

Hitachi Vantara follows the herd on Kubernetes storage

HKS allows Hitachi Unified Compute Systems systems to directly manage file volumes and objects on clustered Kubernetes nodes. ...

New Infinidat CEO discusses storage transition

Ex-Western Digital exec Phil Bullinger replaces founder Moshe Yanai as CEO of Infinidat storage vendor. Bullinger says Infinidat ...

SearchNetworking

SolarWinds: Lessons learned for network management, monitoring

In this roundup of networking blogs, experts reveal the critical lessons learned from the SolarWinds hack in regard to network ...

7 key SD-WAN trends to evaluate in 2021

As SD-WAN continues to mature in 2021, the technology is expected to improve in its support for integrated remote access, ...

10 network security tips in response to the SolarWinds hack

From perimeter protection to persistent patching, enterprises should regularly review, update and test their network security ...

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

Acquiring five providers specializing in cloud-based consulting and managed services since November, IBM wants to make it easier ...

How to choose between IaaS and SaaS cloud models

Even if you already moved a few workloads to the cloud, it's never too early to start looking at where you are going and never ...

COVID-19 and remote work shift cloud predictions for 2021

If we learned anything from 2020, it's to expect the unexpected. Yet that doesn't stop analysts from trying to predict what's to ...

SearchDataManagement

Enterprise data lakes hold the key to actionable insights

Technological pillars of sound business decisions, AI, machine learning and advanced analytics depend on the quantity, quality ...

Data fabrics help data lakes seek the truth

Data fabrics can play a key role in aligning business goals with the integration, governance, reliability and democratization of ...

Kyligence builds out data cloud for OLAP and big data

Kyligence is advancing the Apache Kylin project with a cloud-native offering that can help organizations more efficiently execute...

SearchBusinessAnalytics

Why using graph analytics for big data is on the rise

Graph analytics is being used across industries for different reasons. Read on to see how they can improve organizational ...

Data governance framework key to analytics success

Successful data-driven decision-making relies on good data at its core, and it's a strong governance plan that ensures the ...

Looker, Google planning plenty of analytics collaborations

While collaboration with its parent company is prominent in Looker's plans, so are investments in analytics capabilities ...

SQL Server database security