DBA’s Guide to SQL Server Security

by Cecille Ramirez on December 9th, 2009

I revised this article to make it more meaningful to readers by citing examples. Data is the most precious thing in an organization. Protecting it is the most critical thing that every DBA should do. So, where do we pay attention to with the so many issues that definitely are vulnerable to attacks?

As a DBA, we overlook a lot of simple things like making sure backup tapes are accessed by the right person only, desktop connected to data should at all times be password protected as opposed to unattended, firewall should be in place, allow the right protocols, establish encrypted connections, enable services that are needed, setup minimum admin privileges, do the same thing with service accounts, define the authentication to see whether a strong password is required, set permission to each user, always validate code that may perform SQL injection attack, preparedness at the time of disaster and lastly implement auditing.

To summarize, the idea is to be on top of things even before the trouble comes in. Be proactive enough to have a plan prior to just being reactive. Losing data is one mistake away to losing your job as a DBA. Microsoft website on SQL Server has a lot of tools a DBA can use. One of which is the Microsoft Baseline Security Analyzer. Don’t forget about the Surface Area Configuration Tool as well which is new to SQL Server 2005.


There you go, it’s just a matter of coming up with a plan of what and where to look for.

Raves & Praise

D. Easter

PMP Certification Training, November 2008

Thanks Microtrain for conducting a great PMP course that set me on a successful path to obtain my PMP certification. I have passed the test!

Jennie

Student Employment Success - Project/Process Manager

My Career Services Manager was very friendly and helpful and had excellent follow-up. She seemed to really care how things were going and kept me moving in the right direction. The resources available in job search were great and the visibility that there were jobs out there looking for my skillset was promising. Additionally, the training, as well as having an updated resume stating the Microtrain course work I had taken made me feel more confident and marketable as I looked for employment. It showed that I was dedicated and took project management and process management seriously.

Kaycee Ekufu

MCSA

The instructor [Al Khalfan] was very knowledgeable in the field. He presented the materials and concepts with a professional touch. He also frequently adds humor to his teachings, which made it easier for me to understand. The support staff was all nice, gentle, caring, and very helpful. The materials, rooms and amenities were excellent and exceeded expected standards.

Ron Cwik

PMP Certification Training, 2008

Great training facility. Great instructors. Great experience.

David

A Cisco Success Story

I attended a resume writing seminar & conducted mock phone interviews with a Microtrain career counselor. These two activities gave me a leg up on distinguishing myself from all the other people looking for work. Since the career counselor's at Microtrain had a track record of getting people hired, their insight and positive past experiences helped me tremendously in getting hired with a Cisco Voice Systems Integrator in the Chicago area. I was hired as a Cisco Voice Tech Engineer with a starting salary of $65,000 / year with a Cisco voice systems reseller located in the Chicagoland area. Microtrain was very instramental in making this a reality. From expediting my WIA grant, to providing excellent hands-on training from knowledgable instructors I was able to achieve becoming certified with my CCNP. Microtrain's career services was the final catalyst in connecting me with this company by communicating with them on my behalf and with me in setting up the interview. One week later and I was hired. No joke. Thanks Microtrain!

Connect with MicroTrain

Begin building a successful long-term career pathway.

(630) 981-0200

Back to Top