HARDENING OF SQL SERVER:
=======================
Hardening:
Hardening SQL Server is nothing but Minimizing security risks to protect the data (that means, reducing its surface area and controlling access to it).
Reducing the surface area:
To reduce the surface area of SQL Server, apply the following best practices.
- Install only the required SQL Server components.
- Don't install SQL Server Reporting Services (SSRS) on the same server as the database engine also running on that.
- Disable the SQL Server services that won't be immediately used. E.g., SQL Server browser service.
- Don't use the default TCP/IP ports. E.g., Use dynamic port: 1633
- Disable the network protocols that aren't required. E.g., Named Pipes.
- Make sure that the antivirus and firewall software versions are current and configured correctly.
After that, you initially reduce the surface area, you need to manage its configurations.
In SQL Server 2005, Microsoft introduced the Surface Area Configuration Manager (And its command-line counterpart sac.exe) for this purpose. However, this tool performs only the most common management tasks.
(e.g., enabling remote connections and supported protocols).
To perform the less common tasks (e.g., designating service accounts and authentication mode), you need to use the SQL Server Configuration Manager, the system stored procedure sp_configure, or a Windows tool (e.g., Windows Management Instrumentation—WMI).
In SQL Server 2008, Microsoft replaced the Surface Area Configuration Manager with the Policy-Based Management system.With this system, you can manage the configurations for the full surface area—it's a one-stop shop for your surface area needs.
Controlling Access:
Ø SA (System Admin) account should be disable.
Ø Sysadmin right should not provide to any groups and logins.
Thanks & Regards,
ChanBasha Patan
+91-7411823445
Think before you print. Go Green.
nice thank you for sharing SQL Server DBA Online Training hyderabad
ReplyDelete