
	Home > Ask the Systems Channel Experts > Database Administration Services Questions & Answers > SQL Server database security

Ask The Systems Channel Expert: Questions & Answers

EMAIL THIS

SQL Server database security

EXPERT RESPONSE FROM: Retired Expert - Hilary Cotter

		Pose a Question

		Other Systems Channel Categories

		Meet all Systems Channel Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 30 May 2007
What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

EXPERT RESPONSE

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Database Administration Services
	What opportunities are there for VARs in a SQL Server upgrade?
	How to decide which disaster recovery strategy is right for customers?
	Why outsource database management services to a VAR?
	Offer SQL Server security services
	Integrating Microsoft Office with SQL Server
	What should I expect when migrating custom applications from SQL Server to MySQL?
	SQL Server capacity planning
	SQL Server 2005 business suite and Microsoft Office integration
	Controlling Microsoft SQL Server sprawl
	Database clustering secures data

Database Performance and Tuning

Maintaining performance after a database consolidation

Refining plans for database consolidation

Cleaning up with database consolidation services

How to diagnose and troubleshoot database performance problems

RDBMS performance monitoring tools

Remote DBA services: Overcoming sales hurdles

Oracle DBA trends: Beyond basics

Oracle, system integrator develop new HR product

SQL Server capacity planning

Providing database services: The initial client meeting

Relational Database Management Systems (RDBMSes)

Federated databases

Metadata Basics

Oracle RAC troubleshooting advice and application migration tips

Oracle Database 11g tutorial

Systems products to pay attention to

Reasons to upgrade to SQL Server 2008

SQL Server security: Enhancements in encryption, authentication and auditing

SQL Server security: Auditing

SQL Server security: Authentication

Which databases underpin the applications to be virtualized?

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy