How to Get SQL Server Security Horribly Wrong


SQL Server security is a complex and important task. Everyone gets some of the setting right, and it is also probably true that everyone has something set wrong. Unless you review the available settings and your specific environment periodically, you could have a security hole big enough you a malicious user to access your database servers.

In this article by Robert Sheldon, we find he has specific areas he thinks you should address:

  • Failure #1: Not securing the physical environment
  • Failure #2: Not protecting the server environments
  • Failure #3: Implementing inadequate network security
  • Failure #4: Not updating and patching your systems
  • Failure #5: Maintaining a large surface attack area
  • Failure #6: Using improper authentication
  • Failure #7: Assigning the wrong service accounts
  • Failure #8: Failing to control access to SQL Server resources
  • Failure #9: Failing to encrypt sensitive data
  • Failure #10: Following careless coding practices
  • Failure #11: Not verifying SQL Server implementations
  • Failure #12: Failing to audit your SQL Server instances




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s