The MicroTrain Blog

DBA’s Guide to SQL Server Security

by Cecille Ramirez on December 9th, 2009

I revised this article to make it more meaningful to readers by citing examples. Data is the most precious thing in an organization. Protecting it is the most critical thing that every DBA should do. So, where do we pay attention to with the so many issues that definitely are vulnerable to attacks?

As a DBA, we overlook a lot of simple things like making sure backup tapes are accessed by the right person only, desktop connected to data should at all times be password protected as opposed to unattended, firewall should be in place, allow the right protocols, establish encrypted connections, enable services that are needed, setup minimum admin privileges, do the same thing with service accounts, define the authentication to see whether a strong password is required, set permission to each user, always validate code that may perform SQL injection attack, preparedness at the time of disaster and lastly implement auditing.

To summarize, the idea is to be on top of things even before the trouble comes in. Be proactive enough to have a plan prior to just being reactive. Losing data is one mistake away to losing your job as a DBA. Microsoft website on SQL Server has a lot of tools a DBA can use. One of which is the Microsoft Baseline Security Analyzer. Don’t forget about the Surface Area Configuration Tool as well which is new to SQL Server 2005.


There you go, it’s just a matter of coming up with a plan of what and where to look for.

Raves & Praise

Connect with MicroTrain

Begin building a successful long-term career pathway.

(630) 981-0200

Back to Top