VARs can offer database clients two classes of security services:
- Monitoring services
- Best practices analysis
Important monitoring services include the following:
- Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
- Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
- Destructive DDL commands -- drop table statements.
- Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.
As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.
Best practices analysis can include the following:
- Checks for weak or no passwords.
- Scans to ensure that all accounts are running under the least privileges.
- Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
- limiting use of the guest account and the sysadmin role.
Dig Deeper on Database software management
Related Q&A from Hilary Cotter
Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading
Learn how Web services, as the latest incarnation of service-oriented computing, can offer numerous benefits to you and your clients. Continue Reading
Learn the benefits of Software as a Service (Saas) for your customers and how you can create and sell services that best fit their business needs. Continue Reading