Security in Sql Server

Article
04/27/2010

SQL Server 2005 has met the comprehensive requirements for the Common Criteria evaluation program and been accepted as of January 2006. This is one of the most recognized industry-wide certifications for database products.

Have a look at some of the new security features in SQL 2005.

https://www.microsoft.com/sql/technologies/security/security-at-a-glance.mspx

From an architectural perspective, SQL Server 2005 differentiates between user and schema (unlike SQL 2000). This is an important distinction and provides more granular security control. Also, now you can encrypt the data in your database using a certificate or an encryption algorithm. These, and many other features, have been discussed at length in this article.

https://msdn.microsoft.com/sql/learning/security/default.aspx?pull=/msdnmag/issues/05/06/sqlserversecurity/toc.asp

SQL Server also has many components like Integration Services, SQLCLR etc. and there are special considerations that apply to their security. Refer to this great resource on MSDN that has subsequent links for security of each component.

https://msdn2.microsoft.com/en-US/library/ms161948.aspx

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

https://www.microsoft.com/technet/security/tools/mbsahome.mspx

WEBCASTS

Microsoft has also published a host of webcasts on SQL Server security that not only cover the basics of security, but also provide best practices recommendations for real world scenarios.

Security Best Practices: Hardening Your SQL Server

https://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032280301&EventCategory=5&culture=en-US&CountryCode=US

SQL Server 2005 Essentials: Security Enhancements

https://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032289824&EventCategory=5&culture=en-US&CountryCode=US

SQL Server 2005 Series (Part 5 of 10): Protecting Sensitive Data

https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032270061&EventCategory=3&culture=en-US&CountryCode=US

CASE STUDIES

At Microsoft, majority of our mission critical applications run against SQL 2005. Our internal IT division has implemented some of the largest payroll, sales, ERP applications in-house and have come up with home grown security best practices.

Here is a webcast that talks about how Microsoft IT manages security and encryption using SQL Servers databases. A must read.

https://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032282135&EventCategory=3&culture=en-US&CountryCode=US

SQL 2005 Security Overview for Administrators - Whitepaper
https://download.microsoft.com/download/4/7/a/47a548b9-249e-484c-abd7-29f31282b04d/SQLSecurityOverviewforAdmins.doc

Encryption features in SQL Server 2005 - Whitepaper
https://download.microsoft.com/download/4/7/a/47a548b9-249e-484c-abd7-29f31282b04d/SQLEncryption.doc

SQL Server 2005 Security Best Practices: Operational and Administrative Tasks - Whitepaper
https://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc

How to make unwanted access to SQL Server 2005 by an operating system administrator more difficult
https://support.microsoft.com/kb/932881

Encrypting Connections to SQL Server

https://msdn.microsoft.com/en-us/library/ms189067.aspx

User-Schema Separation

https://msdn.microsoft.com/en-us/library/ms190387.aspx

Permissions Hierarchy

https://msdn.microsoft.com/en-us/library/ms191465.aspx