Layers of Security

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQLServerCentral.com » Editorials » Layers of Security

Layers of Security

Rate Topic

Display Mode

Topic Options

Author

Message

Steve Jones - SSC Editor

Posted Monday, December 05, 2011 10:46 PM

SSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 4:46 PM
Points: 31,433, Visits: 13,745

Comments posted to this topic are about the item Layers of Security

Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help

Post #1216781

IceDread

Posted Tuesday, December 06, 2011 12:31 AM

SSC Veteran

Group: General Forum Members
Last Login: Friday, November 16, 2012 3:47 AM
Points: 290, Visits: 988

I have to agree, it's a mess to configure firewalls. Thou I've only configured my personal ones.

One time I started out sending an email to the internet service provider I had, asking which protocols and ports they needed open for me to get internet. They didnt know! I started out hard, blocking a bit too much so I didnt even get the packages from the isp that gave me my ip address.. It is a mess and last i checked it was not that easy to find out all the information one should have.

Post #1216797

sturner

Posted Tuesday, December 06, 2011 7:07 AM

Ten Centuries

Group: General Forum Members
Last Login: Yesterday @ 12:33 PM
Points: 1,315, Visits: 2,887

Agreed, though I wonder how many DBAs actually have the authority to set the rules involving database security policies or even set standards for developers and insist that they be followed in all projects? Not many probably (I certainly don't).

The probability of survival is inversely proportional to the angle of arrival.

Post #1217041

djackson 22568

Posted Tuesday, December 06, 2011 7:12 AM

Old Hand

Group: General Forum Members
Last Login: Tuesday, May 07, 2013 8:56 AM
Points: 310, Visits: 470

OK Steve, you have me interested. I consider SQL Security to be as complex as anything I have seen. I have zero issues configuring my Windows server to be as secure as possible. I think I know enough to do things right, but I don't know "why" to choose one selection over another. Vendors still push for "sa" accounts for access and there is little I can do when I am told to implement a system with that poor of a design, but there are systems that I have more control over. The article above yours mentions "teaching a man (woman) to fish".

What do you suggest as the best resource for security in SQL Server 2008 R2?

Preferably a nice set of articles like the ones SQLServerCentral is doing for SSRS, or how about a good book, maybe even a blog somewhere?

Even those of us who consider themselves experts in this vein should benefit by reading more about it. For those of us who struggle with it, good information can be trememndous. I know BO has information, but to me that is more of a reference, and useful once you know what you want to do. A good primer, followed by good detail, is usually easier for most of us to pick up.

Dave

Dave

Post #1217050

Steve Jones - SSC Editor

Posted Tuesday, December 06, 2011 8:07 AM

SSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 4:46 PM
Points: 31,433, Visits: 13,745

djackson 22568 (12/6/2011)

Vendors still push for "sa" accounts for access and there is little I can do when I am told to implement a system with that poor of a design, but there are systems that I have more control over.

I've had a few vendors ask for SA in the past. Digging in, we found they wanted SA because a) that's what they always use, and b) because they wanted to create logins or run a job from the application.

We could easily do the "create" logins from SSMS (or EM in that case) and the application would see them. We could also grant rights to run jobs without giving SA. Some vendors want SA, but don't really even know why they have that requirement.

What do you suggest as the best resource for security in SQL Server 2008 R2?

Preferably a nice set of articles like the ones SQLServerCentral is doing for SSRS, or how about a good book, maybe even a blog somewhere?

Even those of us who consider themselves experts in this vein should benefit by reading more about it. For those of us who struggle with it, good information can be trememndous. I know BO has information, but to me that is more of a reference, and useful once you know what you want to do. A good primer, followed by good detail, is usually easier for most of us to pick up.

Dave

We are working on a security stairway series, but it's tough to get one done. For now, I would recommend a couple resources:

Securing SQL Server: http://www.amazon.com/gp/product/1597496251?ie=UTF8&tag=redgatsof-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1597496251
Hardening SQL Server: http://www.sqlmag.com/article/sql-server/Hardening%20SQL%20Server-135858

Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help

Post #1217107

« Prev Topic | Next Topic »

Permissions