You could do everything right within the database to secure your organization's data, but if there are holes in the operating system or in the SQL Server configuration, an attacker can still get in and out with the data you've worked so hard to protect. Therefore, securely configuring your SQL Server's surface is critical to the overall security posture of your data. This section begins by looking at the new security features in SQL Server 2008, and then takes a look at how to deploy SQL Server securely, starting with the operating system.
While SQL Server 2008 was intended to be more of an incremental upgrade from SQL Server 2005 than SQL Server 2005 was to SQL Server 2000, DBAs should take advantage of several new security features and enhancements to existing features in this release:
Kerberos authentication through more than TCP/IP.
Transparent data encryption
Extensible key management
Auditing enhancements through the new Audit object.
Security and surface area configuration through Policy-Based Management.
If you're familiar with SQL Server 2005's Surface Area Configuration (SAC) tool, that last enhancement may have caused a raised eyebrow. The Surface Area Configuration tool is not part of SQL Server 2008. Policy-Based Management handles all of the functions that SAC used to but enables you to apply them consistently across your SQL Server inventory by exporting and ...