SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Published: 30 May 2007

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Dig Deeper on Database software management

Related Q&A from Hilary Cotter

What are the best SMB databases?

Discover the best basic SMB database -- and learn when it's time for your SMB clients to upgrade. Continue Reading

SQL Server capacity planning

In order for SQL Server capacity planning to be affective, resellers must plan the hardware to last the life of the server. Continue Reading

Architectural solutions to Web-based applications with large datasets for VARs

Rather than throwing hardware to configure a database to support web-based applications with large dynamic datasets, VARs can use architectural ... Continue Reading

MicroscopeUK

Check Point launches distribution marketplace strategy

Security player Check Point launches programme to ensure it is covering an increasingly popular route to market

MSPs retain staff and focus on riding out pandemic

Research from SolarWinds MSP indicates that although the last few months have been tough, most partners have adapted to changed ...

Schneider Electric increases rewards for edge-selling partners

Vendor continues to encourage engagement with edge solutions, with margins and discounts on offer

SearchSecurity

Guide to the latest Black Hat 2020 Conference news

This guide to Black Hat 2020 gathers breaking news, new ideas and technical expert insights from one of the leading cybersecurity...

What cybersecurity teams can learn from COVID-19

Nabil Hannan examines key similarities between medical and computer viruses that cybersecurity teams can use to keep businesses ...

Healthcare CISO offers alternatives to 'snake oil' companies

Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his ...

SearchStorage

SearchNetworking

Compare 3 DDoS mitigation strategies for enterprise networks

Enterprises can choose from three major approaches to mitigate DDoS attacks on their networks: Buy from an ISP, do it themselves ...

T-Mobile 5G progresses, Samsung intros 5G tablets

This week's 5G news includes T-Mobile 5G taking a significant step forward, Samsung releasing tablets and Intel and VMware ...

Discover 8 network diagramming tools aimed at architects

Network design tools help architects map out the company infrastructure but only with the right product. Explore these eight ...

SearchCloudComputing

10 cloud computing experts you should follow

Get up to speed on what's happening in the cloud by following some of the top voices in the industry, including those who are ...

Use this Amazon Cognito review to assess authentication tools

Amazon Cognito isn't as user-friendly as some competitors, but it does offer some unique advantages. Explore the pros, cons and ...

10 cloud computing myths debunked

A range of public cloud misconceptions -- including those related to security and cost -- give enterprise adopters the wrong idea...

SearchDataManagement

How Riot Games upped its enterprise data governance game

Data governance product manager at Riot Games details how the game vendor dealt with data ownership challenges by embracing new ...

Top 7 data catalog use cases for enterprises

From data lake modernization to data democratization, there are many benefits to a data catalog. Experts talk about the top ways ...

Metamorphosis of Kafka Confluent event streaming technologies

Kafka Confluent event streaming tools allow data managers, analysts and developers to capture, process, store, access and analyze...

SearchBusinessAnalytics

Importance of analytics heightened by COVID-19 pandemic

Business intelligence is needed when times are bad, and it's the organizations who have created a data-driven culture that are ...

Using data for public good in fight for racial equity

While some data-driven methods recently have been publicly scrutinized for biases in practice, there are plenty of ways data can ...

Baseball's Twins deploy Databricks to improve analytics power

With the amount of data used to make player personnel decisions in baseball growing exponentially, the Minnesota Twins began ...

Dig Deeper on Database software management

Use these commands to deploy SQL Server Docker containers

Microsoft SQL Server security best practices checklist

Solving SQL VSS writer problems during backup

SQL Server 2012 security: New default settings, greater flexibility

Related Q&A from Hilary Cotter

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.