SQL Server 2008 best practices for hardening a SQL Server environment:
■ When the SQL Server installation is complete, harden the SQL Server environment.
■ Install the most recent critical fixes and service packs for both Windows and SQL Server.
■ When you’re selecting authentication modes, Windows Authentication is a more secure choice; however, if mixed mode authentication is required, leverage complex passwords and SQL Server 2008 password and lockout policies to further bolster security.
■ Do not use the SA account for day-to-day administration, logging on to the server remotely, or having applications use it to connect to SQL. It is best if the SA account is disabled and renamed.
■ Create a role-based security policy with the Security Configuration Wizard tool.
■ After SQL Server 2008 is installed, run the SQL Server Configuration Manager tool to disable unnecessary features and services and create policies with Policy Based Management.
■ Install only required components when installing SQL Server.
■ After the server has been hardened, periodically asses the server’s security using the MBSA and SQL Server BPA.
■ For production SQL Servers running mission-critical databases, either hide the instance or disable the SQL Server Browser service.
■ Change the default ports associated with the SQL Server installation to put off hackers from port-scanning the server.
■ Enable a firewall to filter unnecessary and unknown traffic.
■ At the very least, set security auditing to failed login attempts; otherwise, both failed and successful logins should be captured and monitored.
■ If upgrading previous versions of SQL Server, remove the BUILTIN/Administrators group from the SQL Server Logins.
Note from book "Microsoft SQL Server 2008 Management and Administration".
sql server 2008 studying notes.
ReplyDelete