SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Published: 30 May 2007

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Dig Deeper on Database software management

Related Q&A from Hilary Cotter

Why should service providers pay attention to SOA?

SOA depicts how two services or programs can communicate with each other. Learn why SOA should catch the attention of service providers and the ... Continue Reading

When should a client use XP SP3 rather than upgrading to Vista or another OS?

Learn the new components of Windows XP SP3 including black hole router detection and network access protection. Compare XP SP3 features to Vista and ... Continue Reading

Why would I recommend Oracle VM to a client instead of Hyper-V or VMware?

Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our IT Channel experts

View all IT Channel questions and answers

MicroscopeUK

Canalys warns 2020 unlikely to match last year in the PC market

The analyst house has cast its eye over the state of the PC market and given the reasons why the months ahead might prove to be ...

Increasing security shift and platform approach benefiting Kaseya

Firm lifts the lid on how 2019 fared and details of its growth and increasing customer numbers

Skills crisis threatens to derail customer growth ambitions

Getting hold of talent is top of the list of concerns for UK tech leaders and is causing many of them to cast doubts over the ...

SearchSecurity

McAfee CEO Chris Young steps down, Peter Leav to take over

Chris Young has stepped down as McAfee CEO, and Peter Leav is taking his place. Young led the company's spin-out from Intel in ...

Unpatched Citrix vulnerability expands as mitigations fall short

Citrix discovered another product affected by last month's vulnerability, while security researchers found an attacker blocking ...

Put application security testing at the top of your do-now list

It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take ...

SearchStorage

Red Hat OpenShift Container Storage seeks to simplify Ceph

Red Hat delayed a major OpenShift Container Storage update to work on simplifying Ceph storage and management; 4.2 update also ...

NVMe-oF performance monitoring best practices that work

Don't let your storage network infrastructure get in the way of delivering NVMe-oF's low-latency benefits. See how these best ...

Quantum F-Series line expands with entry-level NVMe flash

New Quantum F-Series model is aimed at media customers who need NVMe in a smaller footprint. F-1000 server scales to 77 TB of ...

SearchNetworking

5G vs. Wi-Fi: Verizon says cellular will win

In the not-too-distant future, businesses could find themselves weighing 5G vs. Wi-Fi in the campus and office. Verizon has ...

Gartner WAN edge Magic Quadrant offers buying advice

How should businesses buy WAN edge technology? You probably shouldn't rely on vendor name recognition alone. Instead, consider ...

Future of networking technology relies on 5G, edge computing

In this roundup of networking blogs, experts discuss the key trends they look forward to in 2020 and how these advancements could...

SearchCloudComputing

Google Cloud support premium tier woos enterprise customers

Google Cloud has rolled out a new Premium Support offering aimed at deep-pocketed enterprises with larger, more complex ...

Confidential computing promises secure cloud apps

Adopt confidential computing to protect sensitive data in the cloud. Learn the basics about these technologies and evaluate ...

A comprehensive Azure instance comparison for your workloads

When it comes to choosing the best Azure compute instance for your workload, the options can be overwhelming. Use these tips to ...

SearchDataManagement

MariaDB X4 brings smart transactions to open source database

Open source database vendor MariaDB updates its flagship platform with new features to enable the convergence of transactional ...

How data lineage tools boost data governance policies

Organizations can bolster data governance efforts by tracking the lineage of data in their systems. Get advice on how to do so ...

Proactive practices for data quality improvement

Instead of waiting for data quality to become an issue, consider a proactive approach. Here are some ways to improve data quality...

SearchBusinessAnalytics

Storytelling using data makes information easy to digest

In a Q&A, Nate Nichols and Anna Schena Walsh of AI-based analytics vendor Narrative Science talk about how data storytelling can ...

Data-driven storytelling makes data accessible

In a Q&A, Nate Nichols and Anna Schena Walsh of data storytelling vendor Narrative Science discuss their book on storytelling and...

Startup Uplevel targets software engineering efficiency

Startup vendor Uplevel emerged from stealth on Wednesday touting a platform aimed at improving the efficiency of software ...

Dig Deeper on Database software management

How can a text editor plug-in enable privilege escalation?

Microsoft SQL Server security best practices checklist

SQL Server meets database application security

Solving SQL VSS writer problems during backup

Related Q&A from Hilary Cotter

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.