SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

This was last published in May 2007

Dig Deeper on Database software management

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Hilary Cotter

Why should service providers pay attention to SOA?

SOA depicts how two services or programs can communicate with each other. Learn why SOA should catch the attention of service providers and the ... Continue Reading

When should a client use XP SP3 rather than upgrading to Vista or another OS?

Learn the new components of Windows XP SP3 including black hole router detection and network access protection. Compare XP SP3 features to Vista and ... Continue Reading

Why would I recommend Oracle VM to a client instead of Hyper-V or VMware?

Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our IT Channel experts

View all IT Channel questions and answers

MicroscopeUK

NetApp positions for hybrid world with as-a-service model

Vendor offers more flexibility to appeal to those users that want to pay in the as-a-service style

DXC cuts the ribbon on London innovation centre

Firm open to bringing in partners to work on cracking customer digital transformation challenges

HPE rolls out Pro series to encourage closer ties with partners

Vendor hoping that giving the channel access to the same training and tools it provides internal staff will increase collaboration

SearchSecurity

Gartner: Cybersecurity skills shortage requires a new approach

At the Gartner Security and Risk Management Summit, analysts discuss the challenge of finding skilled cybersecurity professionals...

ReliaQuest's cybersecurity platform integrates technologies

ReliaQuest's security analytics platform, GreyMatter, claims to improve threat detection by up to four times and reduce system ...

GandCrab decryption tool helps victims recover data

The No More Ransom initiative released one last GandCrab decryption tool to help victims recover data after the ransomware was ...

SearchStorage

AI-infused HPE Primera storage array debuts; HPE 3PAR still in the mix

While HPE Primera, which includes HPE InfoSight AI and machine learning tech, will be available to order in August, the company ...

8 NAS appliance features to consider for small business

There are a growing number of options for small business users purchasing a NAS appliance. Look through the list of eight ...

Compare and assess 4 top small-business NAS devices

Discover how four small-business NAS appliances stack up against one another regarding their available features to help determine...

SearchNetworking

5G and SD-WAN could provide reliable, alternate connectivity

5G and SD-WAN could develop into an alternative connectivity option that offers high speeds and low latency to geographic areas ...

Kaloom introduces real-time INT for data center visibility

Kaloom's in-band network telemetry, FlowEye, intends to provide data center managers with a full view of a packet's real-time ...

DH2i's DxConnect brings zero-trust connectivity to networks

DH2i's zero-trust architecture software, DxConnect, will address common security issues and bring microtunnel development, ...

SearchCloudComputing

HPE GreenLake composable cloud services get a boost

HPE's latest products support hybrid cloud strategies by allowing users to tie composable and hyper-converged infrastructure ...

5 tips to right-size your cloud instances and VMs

Improperly sized cloud instances and VMs can wreak havoc on your budget and decrease performance. Delve deeper into right-sizing ...

Microsoft AI Builder brings machine learning to PowerApps

Microsoft AI Builder empowers nonprogrammers to incorporate AI as they build applications using low-code/no-code platforms.

SearchDataManagement

Data virtualization tools promote anywhere, anytime data access

This online handbook examines data virtualization software and how organizations are deploying and using the technology as part ...

Data virtualization benefits seen in unified views, IT agility

Through in-place integration, data virtualization platforms can provide wider access to data and simplify security and governance...

MongoDB Atlas cloud service adds data lake, touts multi-cloud

MongoDB released an S3-compatible data lake its developer legions can quickly query. But, word of MongoDB Atlas use on Google’s ...

SearchBusinessAnalytics

How the Salesforce acquisition will affect Tableau users

In the wake of Salesforce's acquisition of Tableau, it remains to be seen whether Tableau users will be pushed to the cloud and ...

Google acquisition of Looker to boost Google Cloud analytics

By acquiring Looker, Google will enhance its analytics and BI capabilities available through Google Cloud, while becoming a ...

6 tips for effective customer data mining

Digging into customer analytics can improve sales opportunities -- but how does an organization balance that against data privacy...

Dig Deeper on Database software management

Related Q&A from Hilary Cotter

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.