« Protecting SQL Server Data | Main | Hiding Databases from Public and Other Users »

Common SQL Server Security Mistakes

In my Presentation: Common SQL Server Security Mistakes (link), I mentioned a number of different resources for additional learning.

Here they are (and I may update these over time).

 

Core SQL Server Security / Background
43% of companies surveyed in 2009 had lost data to hackers

Repudiation

The Seven Steps to Successful SQL Server Auditing

Escalation

David Penton’s Not-so Dynamic Sql (SQL Injection)

Least Privilege

SQL Server 2005 Security Best Practices - Operation and Administrative Tasks

Process Monitor (great for troubleshooting when de-privileging service accounts)

SQL Server Credentials and Proxies

I also have a script available which you can use to create an sp_execproc database role which is a great option for forcing applications to only use sprocs for additional security/lockdown. Eventually I’ll provide a blog post on how to use that (and how to address some of the limitations). But if you’d like that script, just ping me at mike at overachiever.net.



Comments

Loading Comments... loading comments

Post a comment

Comments may be moderated.

The following pseudo-markup is permitted:
      bold : *strong*
      italic : _em_
      hyperlinks : [linktext|http://link.url.here]