Microsoft SQL Server

Microsoft SQL Server
Table of Contents 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. Minimize Surface Area Manage Service Accounts Authenticate accounts Secure Network Setup Disable System Stored Procedures Ensure strong password policy Restrict Administrative Privileges Manage Database Ownership Manage Schemas Manage access to database objects Manage catalog Control remote data execution Encrypt sensitive data Enable security auditing Execute Microsoft security utilities periodically Stay current on patches Ensure the physical security of your server. Use secure file Systems Secure install Backup policy Prevent SQL injection Create security awareness program Secure MSDE installations
1/9
. 1. Minimize Surface Area

TASK LIST
1. Install only those components that have immediate use. Additional components can always be installed when needed. 2. Enable only the optional features that have immediate use. 3. Review optional feature usage before doing an in-place upgrade and disable unneeded features either before or after the upgrade. 4. Use SQL Server Surface Area Configuration to standardize this policy. 5. Develop a policy for the usage of optional features. Use SQL Server Surface Area Configuration to standardize optional feature enabling. Document any exceptions to the policy on a per-instance basis. 6. Turn off unneeded services by setting the service to either Manual startup or Disabled.
MAINOPTIONS
Versions: SQL Server 2005, SQL Server 2008 Express
2. Manage Service Accounts

TASK LIST
1. Use a specific user account or domain account rather than a shared account for SQL Server services. 2. Do not give any special privileges to the SQL Server service account; they will be assigned by group membership. 3. Manage privileges through the SQL Server supplied group account rather than through individual service user accounts. 4. Always use SQL Server Configuration Manager to change service accounts. 5. Use CREDENTIALs to execute job steps that require specific privileges rather than adjusting the privilege to the SQL Server Agent service account. 6. If an agent user needs to execute a job that requires different Windows credentials, assign them a proxy account that has just enough permissions to get the task done. 7. Never install SQL Server on a domain controller. 8. Delete unused service accounts.
MAINOPTIONS
Versions: SQL Server 2005, SQL Server 2008 Express, SQL Server 2008
3. Authenticate accounts
TASK LIST
1. Always use Windows Authentication mode if possible. 2. Use Mixed Mode Authentication only for legacy applications and non-Windows users. 3. Use the standard login DDL statements instead of the compatibility system procedures. 4. Change the sa account password to a known value if you might ever need to use it. Always use a
2/9
strong password for the sa account and change the sa account password periodically. 5. Do not manage SQL Server by using the sa login account; assign sysadmin privilege to a known user or group. 6. Rename the sa account to a different account name to prevent attacks on the sa account by name. 7. Ensure that the mapping between database users and logins at the server level is correct. 8. Run sp_change_users_login with the report option regularly to ensure that the user mapping is as expected.
MAINOPTIONS
4. Secure Network Setup

TASK LIST
1. Limit the network protocols supported. 2. Do not enable network protocols unless they are needed. 3. Do not expose a server that is running SQL Server to the public Internet. 4. Configure named instances of SQL Server to use specific port assignments for TCP/IP rather than dynamic ports. 5. If you must support SQL logins, install an SSL certificate from a trusted certificate authority. 6. Use "allow only encrypted connections" only if needed for end-to-end encryption of sensitive sessions. 7. Grant CONNECT permission only on endpoints to logins that need to use them. Explicitly deny CONNECT permission to endpoints that are not needed by users or groups.
MAINOPTIONS
5. Disable System Stored Procedures

TASK LIST
1. Disable xp_cmdshell unless it is absolutely needed. 2. Disable COM components once all COM components have been converted to SQLCLR. 3. Disable both mail procedures (Database Mail and SQL Mail) unless send mail is required from SQL Server. 4. Do not remove the system stored procedures by dropping them. 5. Do not DENY all users/administrators access to the extended procedures.
MAINOPTIONS
6. Ensure strong password policy
3/9
TASK LIST
1. If you must use SQL logins, ensure that SQL Server 2005 runs on the Windows Server 2003 operating system and use password policies. 2. Outfit your applications with a mechanism to change SQL login passwords. 3. Set MUST_CHANGE for new logins. 4. Periodically scan for accounts with NULL passwords and remove them or assign them strong passwords.
MAINOPTIONS
7. Restrict Administrative Privileges

TASK LIST
1. Use administrator privileges only when needed and minimize the number of administrators. 2. Avoid dependency on the builtin\administrators Windows group. 3. Provision admin principals explicitly.
MAINOPTIONS
8. Manage Database Ownership

TASK LIST
1. Have distinct owners for databases; not all databases should be owned by sa. 2. Minimize the number of owners for each database. 3. Leave the Cross-Database Ownership Chaining setting off unless multiple databases are deployed at a single unit. 4. Confer trust selectively 5. Migrate usage to selective trust instead of using the TRUSTWORTHY property.
MAINOPTIONS
9. Manage Schemas
TASK LIST
1. Group like objects together into the same schema. 2. Manage database object security by using ownership and permissions at the schema level.
4/9
3. Have distinct owners for schemas and minimize the number of owners for each schema. 4. Not all schemas should be owned by dbo.
MAINOPTIONS
10. Manage access to database objects

TASK LIST
1. Encapsulate access within modules. 2. Manage permissions via database roles or Windows groups. 3. Use permission granularity to implement the principle of least privilege. 4. Do not enable guest access. 5. Use users without logins instead of application roles 6. Disable ad hoc data access on all providers except SQL OLE DB, for all users except members of the sysadmin fixed server role. 7. Allow ad hoc data access only on trusted providers. 8. Periodically scan fixed server and database roles to ensure that membership is only granted to trusted individuals.
MAINOPTIONS
11. Manage catalog

TASK LIST
1. The catalog views are secure by default. No additional action is required to secure them. 2. Grant VIEW DEFINITION selectively at the object, schema, database, or server level to grant permission to view system metadata without conferring additional permissions. 3. Review legacy applications that may depend on access to system metadata when migrating the applications to SQL Server 2005. 4. Do not allow direct catalog updates.
MAINOPTIONS
12. Control remote data execution

TASK LIST
1. Phase out any remote server definitions.
5/9
2. Replace remote servers with linked servers. 3. Leave ad hoc queries through linked servers disabled unless they are absolutely needed. 4. Use constrained delegation if pass-through authentication to a linked server is necessary.
MAINOPTIONS
13. Encrypt sensitive data Encrypt high-value and sensitive data.

TASK LIST
1. Use symmetric keys to encrypt data, and asymmetric keys or certificates to protect the symmetric keys. 2. Password-protect keys and remove master key encryption for the most secure configuration. 3. Always back up the service master key, database master keys, and certificates by using the key-specific DDL statements. 4. Always back up your database to back up your symmetric and asymmetric keys. 5. Install certificate to enable SSL connections. 6. Certificates should use the fully-qualified DNS name of the server. 7. Use the SQL Server service account to encrypt database files with EFS.
REFERENCE
If application requires data encryption, consider using the products of such vendors as Protegrity and Application Security Inc.
MAINOPTIONS
14. Enable security auditing Enable security auditing of Sysadmin actions, fixed role membership changes, all login related activity, and password changes. After selecting appropriate auditing options, script the audit, wrap it in a stored procedure,and mark that stored procedure for AutoStart.Auditing is scenario-specific. Balance the need for auditing with the overhead of generating addition data. Audit successful logins in addition to unsuccessful logins if you store highly sensitive data. Audit DDL and specific server events by using trace events or event notifications. DML must be audited by using trace events. Use WMI to be alerted of emergency events.
MAINOPTIONS
15. Execute Microsoft security utilities periodically

TASK LIST
6/9
1. Run BPA against SQL Server 2005. 2. Regularly run MBSA 2.0 to ensure latest SQL Server 2005 patch level 3. Regularly run MBSA 2.0 for SQL Server 2000 instances
MAINOPTIONS
Versions: SQL Server 2005
16. Stay current on patches

TASK LIST
1. Always install the latest service packs and security patches. 2. Enable automatic updates whenever feasible but test them before applying to production systems. 3. Keep an inventory of all versions, editions, and languages of SQL Server for which you are responsible. 4. Subscribe to Microsoft security bulletins. 5. Maintain test systems that match the configuration of your production systems, and are readily available for testing new patches.
MAINOPTIONS
17. Ensure the physical security of your server.

TASK LIST
1. Put a firewall between your server and the Internet. 2. Always block TCP port 1433 and UDP port 1434 on your perimeter firewall. If named instances are listening on additional ports, block those too. 3. In a multi-tier environment, use multiple firewalls to create screened subnets.
MAINOPTIONS
18. Use secure file Systems

TASK LIST
1. Use NTFS 2. Use RAID for critical data files

MAINOPTIONS
7/9
19. Secure install

TASK LIST
1. Delete or secure old setup files 2. Delete or archive the following files after installation: sqlstp.log, sqlsp.log, and setup.iss in the :\Program Files\Microsoft SQL Server\MSSQL\Install folder for a default installation, and the :\Program Files\Microsoft SQL Server\ MSSQL$\Install folder for named instances. 3. If the current system is an upgrade from SQL Server 7.0, delete the following files: setup.iss in the %Windir% folder, and sqlsp.log in the Windows Temp folder. 4. Remove sample databases from production servers.
MAINOPTIONS
20. Backup policy

TASK LIST
1. Back up all data regularly and store copies in a secure off-site location. 2. Periodically test your disaster recovery system.
MAINOPTIONS
21. Prevent SQL injection

TASK LIST
1. Defend against SQL injection by validating all user input before transmitting it to the server. 2. Limit the scope of possible damage by permitting only minimally privileged accounts to send user input to the server. 3. Run SQL Server itself with the least necessary privileges.
MAINOPTIONS
22. Create security awareness program Ensure that members of your development team understand major security issues: current threats, security trends, changing security environments, and attack scenarios. Require relevant security training for all
8/9
developers and testers. Increase the awareness of issues like cross-site scripting, buffer overflows, SQL injection, and dangerous APIs.Identify specific categories of threats that apply to your product for example, denial of service, escalation of privileges, spoofing, data tampering, information disclosure and repudiation.
MAINOPTIONS
23. Secure MSDE installations If MSDE is distributed with application, the following additional guidance applies: Install MSDE using "Windows security mode" as the default. When distributing MSDE to customers, use the Microsoft-supplied installer rather than merge modules. When installing an instance of MSDE that will operate only as a local data store, disable the Server Net-Libraries. If product includes MSDE, make this known to end customers. In the future, end customers may need to install or accept MSDE-specific software updates. MSDE installs SQL Server Agent by default, but leaves the Service startup type to "Manual." If application does not use SQL Server Agent, change this to "Disabled." Include security best practice information in your product documentation.
MAINOPTIONS
9/9

Microsoft SQL Server

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Microsoft SQL Server

Transféré par

Droits d'auteur :

Formats disponibles

Microsoft SQL Server

. 1. Minimize Surface Area

Versions: SQL Server 2005, SQL Server 2008 Express

2. Manage Service Accounts

4. Secure Network Setup

5. Disable System Stored Procedures

6. Ensure strong password policy

7. Restrict Administrative Privileges

8. Manage Database Ownership

10. Manage access to database objects

11. Manage catalog

12. Control remote data execution

1. Phase out any remote server definitions.

13. Encrypt sensitive data Encrypt high-value and sensitive data.

15. Execute Microsoft security utilities periodically

Versions: SQL Server 2005

16. Stay current on patches

17. Ensure the physical security of your server.

18. Use secure file Systems

1. Use NTFS 2. Use RAID for critical data files

19. Secure install

20. Backup policy

21. Prevent SQL injection

Vous aimerez peut-être aussi