Securing SQL Server

FINAL EXAM

Instructions:

Articles Summarization from msdn.com:

  • Visit msdn.microsoft.comand search for “SQL Server Security Guidelines.” Read articles at three of the links that you find and summarize them 
  • Use Google (google.com) or another search engine and search the Web for “Database Security Guidelines.” Read articles at three of the links that you find and summarize them

 

Articles Summarization from msdn.com:

  • Visit msdn.microsoft.com and search for “SQL Server Security Guidelines.” Read articles at three of the links that you find and summarize them 
  • Use Google (google.com) or another search engine and search the Web for “Database Security Guidelines.” Read articles at three of the links that you find and summarize them

 

Securing SQL Server:

Securing SQL Server mainly involves platform and network security. Platform for SQL includes hardware and networking systems and binary files to process database.

  • Physical Security:

One of the best ways for physical security is strictly limit the access to server and hardware components.

  • Operating system Security:

The operating system can be secured by upgrading and updating it and then test them with database applications.

Security Guidelines:

BizTalk Server 2002 uses Windows NT security rather than SQL credentials so, it uses the credentials of currently logged on users and determine the SQL server privileges. So, there are some guidelines need to be followed when installing and configuring BizTalk Server Administration components. Some of the guidelines are given as below:

  • The user must be the member of BizTalk group.
  • Complete access to the shared queue, tracking and messaging management must be provided to the user.
  • Application identity account must have full permission on BizTalk Server WMI.

Azure SQL Database access control:

Firewall, authentication, and authorization are used to provide security to SQL database control access.

  • Firewall and its rules:

A relational DBMS service for Azure and other internet-based applications are provided by Microsoft. In order to protect data, a firewall prevents access to all the database until permissions are specified.

  • Authentication:

Two types of authentication are supported by SQL database, first, which uses username and password and second, which is managed by Azure active directory using identities.

  • Authorization:

It refers to the permissions granted to the user, and this is controlled by one’s user account’s database administrator.

Article summarization from google.com:

Database Hardening best practices:

Below is the list developed by IST system administrators to provide guidelines for securing database which stores sensitive or restricted data. Implementing these guidelines will prevent leakage, unauthorized access and data loss to databases.

  • Physical database server security
  • Firewalls
  • Application code
  • Administrator account password
  • Database software
  • Database backup and recovery
  • Database encryption and key management

 

Seven best practices to secure database:

As database contains a lot of important information’s such as credit card information which can be hacked, so database security is very important. Following are the seven best security practices to secure database:

  • Using database firewall and web application
  • Encrypting the data
  • Managing permissions access to database effectively
  • Auditing and monitoring database
  • Hardening the database to maximum possible extent
  • Ensuring physical database security
  • Reduce the database value

Database security practices for database administrator and developer:

The data stored, purchased or acquired are considered as an asset for various operations in any organization. Therefore, the security of the corporate databases and related issues have become the crucial point. This article describes some of the important points that can be considered to secure the database effectively. The points or guidelines are given as follows:

  • Testing the data regularly and securing it against effective disaster recovery plan
  • Separately keep the control on the database used for public reporting and for internal control.
  • Watch processes in database by monitoring it using activity monitor
  • It is very important to maintain very strong password for the security
  • Grouping the objects logically.
  • Queue the transaction log file so as to keep the data integrated.
  • Enable security to audit successful and failed logins to your database.
  • Groom the database containing sensitive information.