Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SQL Server Security Resources for DBAs and System Admins
SQL Server Security
Recent SQL Server Worms ![[worm]](/data/assets/smilies/worm.gif "[worm] [worm]")
and viruses have shown how vulnerable SQL Server can be. Microsoft is attempting to reduce the security holes in the product. However, the main responsibility for security lies with DBAs and system administrators. If we are administering SQL Server, we had better be well acquainted with SQL Server security.
SQL Server Books Online (SQL BOL) contains a lot of info about SQL Security.
Managing Security
http://msdn.microsoft.com/library/en-us/adminsql/ad_security_05bt.asp
However, the information in SQL BOL is not sufficient. Here are additional resources that we should bookmark and review.
SQLSecurity.com is dedicated to SQL Server security issues.
http://www.sqlsecurity.com/
You can find the "SQL Server Security FAQ" on the site.
http://www.sqlsecurity.com/faq.asp
They also have a "SQL Server Security Checklist."
http://www.sqlsecurity.com/checklist.asp
You can run a free analysis to see if your workstation or Server is vulnerable to attack.
http://www.sqlsecurity.com/audit.asp
The SANS Institute has some excellent info on SQL Security as well as some scripts you can use to check on certain security issues.
http://rr.sans.org/win/SQL_sec.php
SQL Server security model and SQL Server security best practices by Narayana Vyas Kondreddi. (suggested by sguslan)
http://vyaskn.tripod.com/sql_server_security_best_practices.htm
Microsoft is becoming more aggressive in addressing security and educating users.
Check the Microsoft SQL Server Website for updated security information
http://www.microsoft.com/sql/default.asp
Resources and Tools for Checking SQL Server Security
http://www.microsoft.com/sql/downloads/securitytools.asp
You can download a "SQL Server 2000 Security" white paper at the following link.
http://www.microsoft.com/sql/techinfo/administration/2000/securityWP.asp
A "SQL Server 7.0 Security" white paper is available at...
http://www.microsoft.com/sql/techinfo/administration/70/securityWP.asp
Microsoft Security Resources
http://www.microsoft.com/security/default.asp
TechNet Security
http://www.microsoft.com/technet/security/default.asp
Database and SQL Server Security
http://www.microsoft.com/technet/security/prodtech/dbsql/default.asp
Best Practices for Enterprise Security
http://www.microsoft.com/technet/security/bestprac/bpent/bpentsec.asp
Security Administration - SQL Operations Guide
http://www.microsoft.com/technet/prodtechnol/sql/maintain/operate/opsguide/sqlops3.asp
Don't forget that MSDE is SQL Server and Can Make Workstations Vulnerable.
List of products using MSDE:
http://www.microsoft.com/technet/security/MSDEapps.asp
Finally, the SQLSecurity website has a list of other SQL Security sites.
http://www.sqlsecurity.com/links.asp
-----------------------------------------------
The following quote is on the home page of SQLSecurity.com.
X-) "There is no 'patch' for stupidity."![[dazed]](/data/assets/smilies/dazed.gif "[dazed] [dazed]")
There may not be a "patch" for stupidity but there is a "patch" for ignorance. That patch is education.![[smarty]](/data/assets/smilies/smarty.gif "[smarty] [smarty]")
and viruses have shown how vulnerable SQL Server can be. Microsoft is attempting to reduce the security holes in the product. However, the main responsibility for security lies with DBAs and system administrators. If we are administering SQL Server, we had better be well acquainted with SQL Server security.SQL Server Books Online (SQL BOL) contains a lot of info about SQL Security.
Managing Security
http://msdn.microsoft.com/library/en-us/adminsql/ad_security_05bt.asp
However, the information in SQL BOL is not sufficient. Here are additional resources that we should bookmark and review.
SQLSecurity.com is dedicated to SQL Server security issues.
http://www.sqlsecurity.com/
You can find the "SQL Server Security FAQ" on the site.
http://www.sqlsecurity.com/faq.asp
They also have a "SQL Server Security Checklist."
http://www.sqlsecurity.com/checklist.asp
You can run a free analysis to see if your workstation or Server is vulnerable to attack.
http://www.sqlsecurity.com/audit.asp
The SANS Institute has some excellent info on SQL Security as well as some scripts you can use to check on certain security issues.
http://rr.sans.org/win/SQL_sec.php
SQL Server security model and SQL Server security best practices by Narayana Vyas Kondreddi. (suggested by sguslan)
http://vyaskn.tripod.com/sql_server_security_best_practices.htm
Microsoft is becoming more aggressive in addressing security and educating users.
Check the Microsoft SQL Server Website for updated security information
http://www.microsoft.com/sql/default.asp
Resources and Tools for Checking SQL Server Security
http://www.microsoft.com/sql/downloads/securitytools.asp
You can download a "SQL Server 2000 Security" white paper at the following link.
http://www.microsoft.com/sql/techinfo/administration/2000/securityWP.asp
A "SQL Server 7.0 Security" white paper is available at...
http://www.microsoft.com/sql/techinfo/administration/70/securityWP.asp
Microsoft Security Resources
http://www.microsoft.com/security/default.asp
TechNet Security
http://www.microsoft.com/technet/security/default.asp
Database and SQL Server Security
http://www.microsoft.com/technet/security/prodtech/dbsql/default.asp
Best Practices for Enterprise Security
http://www.microsoft.com/technet/security/bestprac/bpent/bpentsec.asp
Security Administration - SQL Operations Guide
http://www.microsoft.com/technet/prodtechnol/sql/maintain/operate/opsguide/sqlops3.asp
Don't forget that MSDE is SQL Server and Can Make Workstations Vulnerable.
List of products using MSDE:
http://www.microsoft.com/technet/security/MSDEapps.asp
Finally, the SQLSecurity website has a list of other SQL Security sites.
http://www.sqlsecurity.com/links.asp
-----------------------------------------------
The following quote is on the home page of SQLSecurity.com.
X-) "There is no 'patch' for stupidity."
There may not be a "patch" for stupidity but there is a "patch" for ignorance. That patch is education.