Problem solve

SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Follow:

Download this free guide

Download Now: New Data Management Opportunities for the Channel

In this e-guide, explore the impact of big data and the cloud on data management, and the resulting opportunities for channel partners – particularly in the healthcare vertical where the growth of EHR fuels demand for clinical data repositories.

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

This was last published in May 2007

Dig Deeper on Database Management Products and Solutions

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Hilary Cotter

Why should service providers pay attention to SOA?

SOA depicts how two services or programs can communicate with each other. Learn why SOA should catch the attention of service providers and the ... Continue Reading

When should a client use XP SP3 rather than upgrading to Vista or another OS?

Learn the new components of Windows XP SP3 including black hole router detection and network access protection. Compare XP SP3 features to Vista and ... Continue Reading

Why would I recommend Oracle VM to a client instead of Hyper-V or VMware?

Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our IT Channel experts

View all IT Channel questions and answers

MicroscopeUK

Channel roundup: Who's gone where?

All change at the top of Tech Data and plenty of movement in the security world in another week of people starting fresh chapters...

Security industry has to change to remain an effective opposition to cyber criminals

The cyber criminal world has moved to a platform approach and it increases the challenges for those trying to protect data

Densify launches UK&I channel

Cloud optimisation provider Densify signs distiribution agreement with DataSolutions

SearchCloudProvider

Despite GDPR penalties, cloud partners note complacency among clients

Cloud firms work busily to align their businesses with Europe's data protection legislation, but many observe a lack of urgency ...

Hybrid cloud cost optimization an ongoing opportunity for partners

For all its virtues, the hybrid cloud model can create a number of cloud cost optimization and management headaches for customers...

Cloud for healthcare: What is the role of IT channel firms?

Healthcare providers are under greater pressure to pursue digital transformation this year. Learn how partners can aid cloud for ...

SearchSecurity

Women in cybersecurity discuss hiring, advice and being mentors

A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best ...

Government hacking tactics questioned at OURSA

The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance ...

Keeper Security forms vulnerability disclosure program with Bugcrowd

Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a ...

SearchStorage

Morro Data adds replication, Azure Active Directory support

Startup Morro targets SMB customers with a CloudNAS 3.0 file storage update that adds replication capabilities and support for ...

SSDs vs. HDDs: When is all-flash storage overkill?

The SSD vs. HDD analysis isn't as simple as it looks. SSD prices are falling, and capacities increasing. But HDDs are still a ...

Ultrathin memory storage device could spell breakthroughs

According to its creators, atomristor technology promises a vast improvement on modern flash storage devices, but mainstream use ...

SearchNetworking

Router security options advised following U.S. hacker alert

A rare government alert that Russian hackers are targeting routers in the United States and the United Kingdom has security ...

Analyst balks at blockchain distributed ledger in networking

Blockchain distributed ledger technology is untested, unproven and overly complex, making it unsuitable for networking, ...

Network-as-a-service market blossoms as demands grow

The network-as-a-service market is attracting more attention, as enterprises look for ways to outsource some of their ...

SearchCloudComputing

IaaS and PaaS blurred lines increase lock-in risks

There are three distinct cloud service categories: IaaS, PaaS and SaaS. However, IaaS and PaaS are getting a little too close, ...

Single pane of glass for multi-cloud management still elusive

Unified management for multi-cloud remains a work in progress. Vendors have yet to produce the perfect single-pane-of-glass tool ...

Microsoft takes holistic approach to IoT security concerns

Azure Sphere extends security from the cloud to the device. It's the most holistic approach on the market and provides another ...

SearchDataManagement

GDPR data protection edicts make good data governance a must

The European Union's new GDPR law puts the onus on companies to ensure that their data governance and management practices enable...

GDPR rules can spur broader steps to protect sensitive data

Companies need to make compliance with GDPR's requirements on managing personal data a priority, but they should also work to ...

Data integrity protection spurs greater security spending

As hacking, ransomware and malware attacks mount, companies place big data protection and integrity among the primary reasons for...

SearchBusinessAnalytics

Cambridge Analytica-Facebook case shows need for ethical data mining

Ethical data collection practices are becoming even more important, as cases like Cambridge Analytica's misuse of Facebook data ...

Rethinking analytics processes spurs enterprise innovation

By taking a fresh look at the makeup of their analytics organizations, enterprises can innovate their business models and take ...

Diversified data sets for analytics deliver top results

Analytics teams should focus on data diversity to ensure that their projects deliver the most meaningful insights -- but they ...

Related Resources

Dig Deeper on Database Management Products and Solutions

Related Q&A from Hilary Cotter

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.