SQL Server and Azure SQL Database are two of the most complete and powerful data platforms in the world. With SQL Server and Azure SQL Database you can store and organize structured, semi-structured and unstructured data and transform it into useful knowledge via complex transformations and sophisticated processing.
The above, make it a necessity for every Organization to secure and harden their SQL Server instances up to the maximum possible level, without of course affecting the operation of the supported systems.
For this purpose, there are published security standards and guidelines by well-respected security organizations which can be used for securing your SQL Server instances. This is however a complex process, based on which you need to thoroughly assess every single SQL Server instance you have against a list of security factors. Moreover, it is a process that needs to be constantly repeated as databases and SQL Server instances are not static. They change. New databases are added, new features might be enabled and so on.
Securing SQL Server is not just a matter of securing its surface area. A proper hardening process involves securing the following as well:
- Physical environment (i.e. data room)
- Operating system
- Client applications
All the above require well-balanced teamwork and coordination in order to ensure that all, or at least the majority of possible vulnerabilities has been mitigated.
Now, when it comes to securing your SQL Server instances, you can check a powerful software tool which can help you through the process of eliminating vulnerabilities that might have to do with the setup of your SQL Server instances and databases. This tool is DBA Security Advisor.
DBA Security Advisor is a powerful security tool for SQL Server which runs security assessments against one or multiple SQL Server instances. Based on a rich set of security factors, it generates assessment reports which contain not only the detected security risks, but also recommendations as well as remediation scripts where applicable.
The security checks shipped with the Enterprise Edition of DBA Security Advisor target the below areas of SQL Server:
- Logins – Server Role Associations
- Surface Area
- Authentication and Authorization
- Password Policies
Some examples of security checks are:
- Logins – Server Role Association
- Ad Hoc Distributed Queries
- CLR Enabled
- Cross DB Ownership Chaining
- Database Mail XPs
- Ole Automation Procedures
- Guest User
- Orphaned Users
- Public Database Role
- Password Policy
- List of Failed Logins
- CLR Assembly Permission Set
- Credentials Check (sa:sa)
- Credentials Check (user:user)
- …and much more!
The workflow model of DBA Security Advisor is very simple:
->Connect to one or more SQL Server Instances
–> Select Checks
—> Run Assessment
—-> Evaluate Recommendations and Remediation Scripts
——> Take Actions
——-> Re-run assessment and evaluate the results
Note that with DBA Security Advisor you can assess multiple SQL Server instances, access older assessment reports via the history mechanism and perform comparisons, export the reports and much more.
Read more about SQL Server Security:
- Why Secure Your SQL Server Instances?
- Top 10 security considerations for your SQL Server instances
- Securing SQL Server Surface Area
Learn more about interesting technology topics in our eBook: “Tech How To’s Vol. 1“
Reference: TechHowTos.com (http://www.techhowtos.com)
Rate this article:
Recommended eBooks on SQL Server: