Home > Ask the Systems Channel Experts > Database Administration Services Questions & Answers > Offer SQL Server security services
Ask The Systems Channel Expert: Questions & Answers
EMAIL THIS

Offer SQL Server security services

Retired Expert - Hilary Cotter EXPERT RESPONSE FROM: Retired Expert - Hilary Cotter

Pose a Question
Other Systems Channel Categories
Meet all Systems Channel Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 25 July 2007
What database security services should I offer my SQL Server customers and how often should I test them for security flaws?


>
EXPERT RESPONSE
VARs can offer database clients two classes of security services:

  • Monitoring services
  • Best practices analysis

Important monitoring services include the following:

  1. Intrusion detection -- SQL Injection or buffer overflow attacks like SQL Slammer.
  2. Unauthorized object access as part of the larger umbrella of Sarbanes Oxley compliance.
  3. Destructive DDL commands -- drop table statements.
  4. Account rights escalation – guest role account enabling, or adding a low privileged user account to the sysadmin role.

As new exploits are discovered, continuous threat analysis is an important service for a VAR to offer.

Best practices analysis can include the following:

  1. Checks for weak or no passwords.
  2. Scans to ensure that all accounts are running under the least privileges.
  3. Locking down of xp_cmdshell and other features which may expose your SQL Servers to exploits.
  4. Limiting use of the guest account and the sysadmin role.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Database Administration Services
What opportunities are there for VARs in a SQL Server upgrade?
How to decide which disaster recovery strategy is right for customers?
Why outsource database management services to a VAR?
Integrating Microsoft Office with SQL Server
What should I expect when migrating custom applications from SQL Server to MySQL?
SQL Server database security
SQL Server capacity planning
SQL Server 2005 business suite and Microsoft Office integration
Controlling Microsoft SQL Server sprawl
Database clustering secures data

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts