
	Home > Ask the Systems Channel Experts > Database Administration Services Questions & Answers > SQL Server database security

Ask The Systems Channel Expert: Questions & Answers

EMAIL THIS

SQL Server database security

EXPERT RESPONSE FROM: Retired Expert - Hilary Cotter

		Pose a Question

		Other Systems Channel Categories

		Meet all Systems Channel Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 30 May 2007
What database security services should I offer my SQL Server customers and how often should I test them for security flaws?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Database Administration Services
	What opportunities are there for VARs in a SQL Server upgrade?
	How to decide which disaster recovery strategy is right for customers?
	Why outsource database management services to a VAR?
	Offer SQL Server security services
	Integrating Microsoft Office with SQL Server
	What should I expect when migrating custom applications from SQL Server to MySQL?
	SQL Server capacity planning
	SQL Server 2005 business suite and Microsoft Office integration
	Controlling Microsoft SQL Server sprawl
	Database clustering secures data

Database Performance Tuning and Monitoring Tools

Channel Explained: Federated databases

Oracle Partner Program Checklist

BMC Software Partner Program Checklist

Maintaining performance after a database consolidation

Refining plans for database consolidation

Cleaning up with database consolidation services

How to diagnose and troubleshoot database performance problems

RDBMS performance monitoring tools

Remote DBA services: Overcoming sales hurdles

Oracle DBA trends: Beyond basics

Relational Database Management Systems (RDBMSes)

SQL Server 2008 Reporting Services for high-availability deployment

SQL Server 2008 Reporting Services for Internet deployment

SQL Server 2008 hardware and software requirements

Key features in SQL Server 2008 Reporting Services editions

Optimizing SQL Server 2008 performance

SQL Server 2008 features study guide

Troubleshooting a failed SQL Server 2008 installation

Microsoft SQL Server 2008 guide

Oracle Database 11g study guide

Federated databases

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

VARs can offer database clients two classes of security services:

Monitoring services
Best practices analysis

Important monitoring services include the following:

Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
Destructive DDL commands -- drop table statements.
Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

Checks for weak or no passwords.
Scans to ensure that all accounts are running under the least privileges.
Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
limiting use of the guest account and the sysadmin role.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy