O'Reilly logo

The Database Hacker's Handbook: Defending Database Servers by Bill Grindlay, John Heasman, Chris Anley, David Litchfield

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuration

After a secure installation of SQL Server, the next step is to lock down the server, ensuring that any unnecessary features and services are removed.

Step 5: Configure Network Libraries

The network libraries used by SQL Server should be restricted to the minimum required by the infrastructure. Supporting unnecessary netlibs is similar to running redundant services on the server; obscure network libraries could contain vulnerabilities that put the server at risk. TCP/IP has now become the most commonly used netlib for SQL Server, and this coupled with SSL support will give a secure foundation for accessing SQL Server.

Step 6: Configure Auditing and Alerting

Well-configured auditing allows administrators to continually monitor activity on their server and minimize the damage caused by an intrusion by early detection.

SQL Server does not provide the ability to lock out accounts after multiple failed logins, used as a defense against brute-force attacks. For this reason auditing of failed logons is strongly recommended; this can be set using the Enterprise Manager or by setting the following registry value to 2 (setting it to 3 will record successful logins as well):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\AuditLevel

Step 7: Lock Down Privileges

By default the SQL Server install grants the guest account public role membership in all databases except for the model database. It's recommended that you disable the guest account within Windows and revoke ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required