SQL Server database security

SQL Server database security is as important to a customer as ensuring their servers don't encounter any downtime. These tools will help keep your customer's database secure.

Hilary Cotter

Published: 30 May 2007

What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Dig Deeper on Database software management

Related Q&A from Hilary Cotter

Why would I recommend Oracle VM to a client instead of Hyper-V or VMware?

Learn why Oracle VM would be chosen over Hyper-V or VMware and read an expert's recommendations for implementing Oracle VM. Continue Reading

What are Web services, and how can they benefit my clients?

Learn how Web services, as the latest incarnation of service-oriented computing, can offer numerous benefits to you and your clients. Continue Reading

What are best practices for selling Software as a Service (SaaS)?

Learn the benefits of Software as a Service (Saas) for your customers and how you can create and sell services that best fit their business needs. Continue Reading

MicroscopeUK

Home working product demand increasing strain on channel stocks

The rush of customers to equip staff for a world of home working has led to huge spikes in demand of certain products over the ...

Coronavirus: Extreme makes partner programme changes to up support

Extreme Networks has become the latest vendor to use the tools in its partner programme to increase the support it can give ...

MicroScope: Seeking sustainability

In this issue, we look at sustainability in the channel, with customers increasingly wanting to know that their reseller has a ...

SearchSecurity

Microsoft warns hospitals of impending ransomware attacks

Microsoft warned "dozens" of hospitals with vulnerable gateway and VPN software that an infamous ransomware group known as REvil ...

4 essential AI-enabled security concerns for buyers and vendors

Experts offer four concerns for enterprises and vendors to discuss in order to deploy and run AI-based cybersecurity tools.

Risk & Repeat: Zoom security comes under fire

This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about ...

SearchStorage

Choose between NAND vs. NOR flash memory

When comparing NAND flash memory to NOR, it's important to examine the structural differences to understand which type of ...

The future of flash memory promises unprecedented speed, capacity

NAND flash's future involves more layers and bits per cell. At the same time, NVMe-oF, storage class memory and other new ...

Komprise stretches NAS migration tool for multi-cloud use

Komprise's Elastic Data Migration moves beyond NAS-to-NAS migration over LANs to enable customers to shift file and object data ...

SearchNetworking

CloudGenix-Palo Alto buy combines SD-WAN with cloud security

The CloudGenix-Palo Alto Networks acquisition will combine the Prisma cloud security suite with CloudGenix's software-defined WAN.

A deep dive into the differences between 5G and Wi-Fi 6

While the latest cellular and Wi-Fi technology generations -- 5G and Wi-Fi 6, respectively -- have been pitted against one ...

Maintaining network infrastructure in a pandemic and beyond

Network infrastructure that supports remote workers is essential today and will be far into the future. That includes VPN ...

SearchCloudComputing

5 tips that can lead to Azure cloud management success

Many factors go into managing Azure resources, and they vary based on a company's needs. Explore five pieces to the larger cloud ...

AWS security options grow with Amazon Detective

AWS has released Amazon Detective, a managed threat hunting service that generates visualizations out of log data from native ...

Explore the pros and cons of cloud computing

Familiarize yourself with the basics of computing in the cloud, how the market has changed over the years, and the advantages and...

SearchDataManagement

PlanetScale extends multi-cloud database as a service

Open source-based PlanetScaleDB adds support for Microsoft Azure, enabling a multi-cloud database as a service platform that ...

Oracle NoSQL database comes to the cloud

Another Oracle database is coming to the cloud with the general availability of Oracle NoSQL Database Cloud Service as the demand...

MariaDB SkySQL enables cloud-native database as a service

MariaDB brings back an old name for its cloud-native database-as-a-service platform. MariaDB CEO Michael Howard details how he's ...

SearchBusinessAnalytics

Importance of analytics clear amid COVID-19 crisis

With health organizations and business leaders alike trying to minimize the effects of COVID-19, analytics is playing a critical ...

AI tools in analytics software key in fighting COVID-19

With data skewed by incomplete testing, augmented intelligence and machine learning tools are helping data scientists create ...

Should your company hire a freelance data scientist?

Enterprises need to make the right hiring choices when it comes to supporting their data projects. Here are some reasons your ...

Dig Deeper on Database software management

First take on Oracle 19c: 6 useful enhancements for DBAs

How can a text editor plug-in enable privilege escalation?

Microsoft SQL Server security best practices checklist

SQL Server meets database application security

Related Q&A from Hilary Cotter

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.