RJ's SQL Server and MySQL Notes

Notes on SQL Server and MySQL

  • Advertisements

Getting Hard

Posted by rjssqlservernotes on June 11, 2013

It surprises me to read the conclusion of a recent study characterizing most data breaches are easily avoidable; the targets were most often not “pre-identified for attack; 79 percent of victims were targets of opportunity, and 96 percent of attacks were not highly difficult.”  I’ve ranted from my soapbox on many occasions regarding the need for DBAs to be proactive about data security to avoid becoming the target of opportunity for some hacker. As a professional DBA implementing data encryption represents the final line of defense in data security (Data Insecurity A Perspective on Data Encryption) on a server that has been properly secured.

Taking simple steps to harden SQL Server would thwart most opportunistic attacks – basic steps include:

  • Disable the SA account. There is no reason to have an active SA account on any SQL Server.
  • Remove Built-in Administrators group login.
  • Perform monthly security audits of server logins and database users. Create a SSA job to run the script and send you an email with the results. Limiting the number of accounts with elevated privileges can be easily accomplished with regular reviews.
  • Change the default TCP/IP Port.
  • Turn off SQL Server Browser.

There are many excellent references available discussing server hardening via a simple Internet search to which the reader is referred.


Sorry, the comment form is closed at this time.

%d bloggers like this: