SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Published: 30 May 2007

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Dig Deeper on Database software management

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Hilary Cotter

When should a client use XP SP3 rather than upgrading to Vista or another OS?

Learn the new components of Windows XP SP3 including black hole router detection and network access protection. Compare XP SP3 features to Vista and ... Continue Reading

Why would I recommend Oracle VM to a client instead of Hyper-V or VMware?

Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading

Why should service providers pay attention to SOA?

SOA depicts how two services or programs can communicate with each other. Learn why SOA should catch the attention of service providers and the ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our IT Channel experts

View all IT Channel questions and answers

MicroscopeUK

LzLabs moving to plug mainframe expertise gap

Pressure is mounting from various sides on those customers that are still using apps that are stuck on aging mainframes

SonicWall investing in direct touch and channel skills

Security player has seen resellers flocking to its University to get skilled up and is looking to drive more business their way ...

Nutanix reassures channel in transition to software company

Nutanix launches partners services programme and pushes OEM relationships

SearchSecurity

Exposed Docker hosts open the door for cryptojacking

Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware ...

Essential instruments for a pen test toolkit

Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific ...

Imperva breach update puts blame on exposed AWS API keys

Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor ...

SearchStorage

Cloud repatriation from the storage experts' point of view

Four industry experts discuss whether enterprises are really bringing data back from the public cloud, what's driving this trend ...

New Violin Systems CEO talks up ambitious storage roadmap

New Violin CEO talks up plans for newly architected, NVMe-based flash array that will focus on enterprise software capabilities ...

Hitachi storage refocuses on enterprise with new VSP array

Large commercial consumers have been the primary target for Hitachi storage systems of late, but new Hitachi Vantara VSP 5000 ...

SearchNetworking

3 potential multi-cloud challenges that could go unnoticed

Disaster recovery, vendor lock-in and cost are major factors as organizations evaluate multi-cloud strategies. However, these ...

After ransomware virus, Merck's medicine was network automation

After a ransomware attack, Merck decided the best remedy was to deploy network automation tools designed to transform how it ...

Prep for SD-WAN challenges, and you'll reap its rewards

Reap SD-WAN's multiple benefits by knowing ahead of time what the likely issues will be and the options available at the ...

SearchCloudComputing

6 long-term plans to add to cloud cost optimization strategies

Short-term cost management tools are one way to improve cost efficiencies in the cloud, but to stay on track, you also need ...

IaaS vs. PaaS options on AWS, Azure and Google Cloud Platform

Looking to shift your workloads to the cloud? Understand and compare the IaaS and PaaS options on AWS, Azure and Google Cloud ...

5 best practices for choosing cloud developer tools

Enterprises are pushing cloud app development as a way to stay up to date on the latest IT trends. Find out how to pick the right...

SearchDataManagement

PostgreSQL 12 boosts open source database performance

Widely used open source PostgreSQL database platform gets a major update providing users with new SQL query capabilities for JSON...

Data integration vs. ETL in the age of big data

Data integration provides a consistent view of business performance across multiple data sources, though it needs to keep up with...

5 steps to an improved data quality assurance plan

Consultant David Loshin offers tips on developing a data quality strategy that can help identify data errors before they cause ...

SearchBusinessAnalytics

ThoughtSpot BI platform an early adopter of AI

Due to AI, ThoughtSpot's analytics tools have been accessible to citizen data scientists from the start, Andrew Yeung, the ...

ThoughtSpot 6 advances AI power of BI platform

New augmented intelligence and machine learning tools, along with a new mobile app, highlight the release of the new update to ...

Promethium tool taps natural language processing for analytics

The software, called Data Navigation System, was designed to enable non-technical users to make complex SQL requests using plain ...

Dig Deeper on Database software management

Related Q&A from Hilary Cotter

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.