SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Published: 30 May 2007

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Dig Deeper on Database software management

How can a text editor plug-in enable privilege escalation? Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson.

Microsoft SQL Server security best practices checklist Authentication, complex passwords and limiting permissions are three of the top bullet points on this SQL Server security best practices checklist.

SQL Server meets database application security Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.

Solving SQL VSS writer problems during backup Backup expert Brien Posey explains how to solve common SQL VSS writer problems users can face during SQL database backups.

Why SQL Server security matters: A case study With a DBA's multiple responsibilities, it's easy to neglect SQL Server security. This case study by Basit Farooq explains why this is so dangerous.

Managing linked server security in SQL Server What do you need to know to effectively manage your linked server? Find out in this tip from SQL Server expert Roman Rehak.

Related Q&A from Hilary Cotter

Why should service providers pay attention to SOA?

SOA depicts how two services or programs can communicate with each other. Learn why SOA should catch the attention of service providers and the ... Continue Reading

When should a client use XP SP3 rather than upgrading to Vista or another OS?

Learn the new components of Windows XP SP3 including black hole router detection and network access protection. Compare XP SP3 features to Vista and ... Continue Reading

Why would I recommend Oracle VM to a client instead of Hyper-V or VMware?

Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our IT Channel experts

View all IT Channel questions and answers

MicroscopeUK

Sabio looks for growth with fresh CEO

Firm looks to build on six acquisitions in the last three years with a fresh face in the CEO chair

MicroScope: Time for change

In this issue, we ask experts how they're approaching digital transformation to meet customers demand, and we look at whether the...

Barracuda enjoys MSP growth

The firm has seen its MSP business improve over the last year and there are no signs that will slow down in the short-term

SearchSecurity

DOJ takes action against Dridex malware group, Evil Corp

The U.S. Justice Department indicts two alleged members of the Russian threat group behind the Dridex banking Trojan, known as ...

Session cookie mishap exposed HackerOne private reports

A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack ...

NSS Labs drops antitrust suit against AMTSO, Symantec and ESET

NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a ...

SearchStorage

Samsung V-NAND SSDs designed for high capacity, speed, efficiency

Samsung's V-NAND chip breaks through existing 3D NAND cell stacking limits with the industry's first 100+ layers in a move ...

Portworx ships backup, capacity management for containers

Portworx's storage product tacks on PX-Backup and PX-Autopilot for Capacity Management modules for enterprises building stateful ...

Computational storage for IoT and other potential use cases

IoT is the main application for computational storage. Another potential use case is inside scale-out server architecture, but ...

SearchNetworking

4 SD-WAN vendors integrate with AWS Transit Gateway

Aruba, Cisco, Citrix and Silver Peak are among the first SD-WAN vendors to integrate their products with the AWS Transit Gateway.

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Catch up on the different features available with the first wave of Wi-Fi 6, including OFDMA and Target Wake Time, and find out ...

3 networking startups rearchitect routing

Networking startups Arrcus, DriveNets and Volta Networks help service providers redefine routing in the data center and at the ...

SearchCloudComputing

Review these Azure Service Bus best practices

When applications talk, you need to listen. Learn about Microsoft's cloud messaging service, its main features, best practices to...

Instill cloud change management best practices

Automation is essential to change management in the cloud. Discover the best practices that ensure your IT team is in sync and ...

How much cloud does an IT disaster recovery plan need?

It's not easy to get the right mix of traditional and cloud-based DR resources. Here's how to strike a balance between what's ...

SearchDataManagement

Amazon cloud database and data analytics expand

AWS expands its Redshift data warehouse capabilities including managed storage and query acceleration at the re:Invent 2019 ...

Vendors move away from open source database software licensing

While open source is a key to success for many database vendors, it can also potentially lead to a competitive threat from a ...

Oracle looks to grow multi-model database features

Decade after decade, Oracle continues to be relevant in the database market as it pivots to include an expanding list of ...

SearchBusinessAnalytics

Sisense analytics platform update features AI, data prep tool

Augmented intelligence features and an in-warehouse data prep tool highlight Sisense's latest update, its second since acquiring ...

Operation Fistula uses data to treat childbirth injuries

Aided by an analytics stack developed by Exasol, nonprofit Operation Fistula is working to end obstetric fistula in targeted ...

Automated tools broaden the future scope of data science

Automated data science tools may make their way into the data science process, but are unlikely to ever be able to do everything ...

SQL Server database security