Databases
  1. Home
  2. Computing & Technology
  3. Databases
See More About:
Database Insecurity
The Remedy
More of this Feature
Part 1: The Problem
Part 2: The Attack
Related Resources
Database Servers Take the Security Test
SQL Server Resources
Database Security Resources
From Other Guides
Network Security Tutorial
Web Site Security
Electronic Commerce
Elsewhere on the Web
Microsoft Security White Paper
SQL Server Security Checklist

So, you're convinced about the seriousness of database security. What can you do to ensure that your organization's database doesn't fall victim to Maxus and friends? The old adage about an ounce of protection definitely applies in this situation. Spending an hour or two tightening up the security controls on your database might nip a potentially disastrous hacker attack in the bud.

If you're running Microsoft SQL Server, the single most important task is to ensure that a strong password protects your "sa" account (and your other accounts as well!). Simply open up Enterprise Manager and drill down to the "Logins" selection of the database you're concerned with. Click on the "sa" account and you'll be presented with the screen below:


 SQL Server Account Properties Screen

If there's no password provided (as illustrated by the red box above), your database is wide open! Any user who can reach your machine can gain full access to your databases by simply using the default login parameters. Insert a password and repeat this test for the other accounts and databases you're responsible for.

Next, take a look at the services you're running on the machine that hosts your database server. Are they all necessary? If you find extraneous services running, remove them. They're only adding unnecessary complexity to your Internet presence that could possibly introduce additional vulnerabilities to your system security.

If you'd like to do a more in-depth check by hand and are comfortable with database administration tasks, this SQL Server Security Checklist might come in handy. If you have a large number of databases to verify and you're short on time, try running the scripts included in the SANS Institute's Information Security Reading Room.

Database security is the responsibility of every database administrator. Play it safe -- your organization's reputation is on the line.

Next page > > Page 1, 2, 3

Previous Features

Subscribe to the Newsletter
Name
 Email

Explore Databases
About.com Special Features

Holiday Central

What to eat, where to go, fun things to do and how to save money on the perfect gifts. More >

Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Databases
  1. Home
  2. Computing & Technology
  3. Databases

©2009 About.com, a part of The New York Times Company.

All rights reserved.