SQL Server Security

ASP.NET Community

0/5 (0 vote)

Oct 11, 2013

CPOL

2 min read

11723

There's a lot of great information on SQL Server Security covering both SQL Server 2000 and 2005.Blogs/DevCentersSQL Server 2005 Security on

There's a lot of great information on SQL Server Security covering both SQL Server 2000 and 2005.

Blogs/DevCenters

SQL Server 2005 Security on Microsoft.com - Start here.
SqlSecurity.com - Good security focused blog
10 Steps To Help Secure SQL Server 2000
Laurentiu Cristofor's Blog - Focused on security and SQL Server.
Robyn Page's SQL Server Cribsheets - Excellent cheat/cribsheets from Robyn Page, particularly the security one.
Pete Finnigan's SQL Server Security Blog - And a fine blog it is, linking to a number of valuable found resources like Ferruh Mavituna's excellent SQL Injection Cheat Sheet.

Whitepapers/Articles

Security Considerations For SQL Server - This section of MSDN is a wealth of information.

Securing SQL Server	Provides an overview of securing SQL Server.
Security Considerations for a SQL Server Installation	Describes preparing the Windows server and network for an installation of SQL Server 2005.
Setting Up Windows Service Accounts	Describes the minimum Windows-related rights and file permissions that are required by services that are installed by SQL Server 2005.
Surface Area Configuration	Describes how to minimize the vulnerable surface area of an installation of SQL Server 2005.
Security Considerations for Databases and Database Applications	Describes the security features of the SQL Server 2005 Database Engine.
Securing Analysis Services	Provides an overview of security in SQL Server 2005 Analysis Services (SSAS).
Security Considerations for Integration Services	Provides an overview of security in SQL Server 2005 Integration Services (SSIS).
Security Considerations for Replication	Provides a general overview of security in replication.
Securing Reporting Services	Describes the options for configuring security in SQL Server 2005 Reporting Services (SSRS).
Security Considerations for Notification Services	Provides an overview of security in SQL Server 2005 Notification Services.
Security Considerations for Service Broker	Provides a general description of security in SQL Server 2005 Service Broker.
CLR Integration Security	Provides an overview of security-related aspects of CLR Integration.
Security Catalog Views (Transact-SQL)	Lists the security-related metadata visible in catalog views that are optimized for performance and utility.
Security Functions (Transact-SQL)	Lists the functions that return information that is useful in managing security.
Cryptographic Functions (Transact-SQL)	Lists the functions that support encryption, decryption, digital signing, and the validation of digital signatures.

SQL Server Security Model - An older whitepaper, but a lot of good information about SQL Server 2000
Overview Of The Sql Server Security Model And Security Best Practices - Also older, but a fine overview.
SQL Server 2005 Security Datasheet - Here are three pages you can give your boss.
Security Considerations For SQL Server

Presentations

SQL Server Security (PPT) - Good presentation for Microsoft Research.