Work responsibilities took up my time on Thursday and Friday, so I never got around to posting. Here's the resources I planned on covering on Friday: online sources for SQL Server security.
Website: Center for Internet Security - SQL Server Benchmarks
CIS is well known for producing quality benchmarks for securing products. Among the benchmarks pulished are those for SQL Server 2000 and 2005. These are recommendations on how to make your SQL Server installations more secure.
Blog: Laurentiu Cristofor's blog
Mr. Cristofor covers a lot of SQL Server security topics in his blog posts. He is a Microsoft employee who has worked on the SQL Server database engine. If you're looking for information about encryption within SQL Server 2005, this is the place to go.
Chip Andrews' site which features tools such as SQLPing. Also, it has the most comprehensive SQL Server version database out there.
Whitepaper: SQL Server 2005 Security Overview for Database Administrators by Don Kiely
A quick down-and-dirty introduction to the security features found in SQL Server 2005. If you're just getting your feet wet in this version of SQL Server, this is the whitepaper to read first when it comes to getting a feel for SQL Server security.
Whitepaper: SQL Server 2005 Security Best practices - Operational and Administrative Tasks by Bob Beachemin
This whitepaper goes a bit deeper than the overview with respect to a few topics. Again, if you're concerned about security with SQL Server 2005, you should read this whitepaper.
Blog: Microsoft Security Response Center
While not focused on SQL Server, this is the blog where Microsoft's security response folks will post as vulnerabilities are discovered and announced. This is one of those sites you keep up with if you have any sort of security responsibility on a Windows-based platform.
Blog: Microsoft Switzerland Security Blog
Yes, this blog is in English. And while there is often similar material on this blog as there is on the MSRC blog, sometimes the Switzerland blog covers things not on the MSRC site or just beats those guys to the punch. I've got them in my blogroll to read because of this.
SQL Server |
Microsoft SQL Server |
SQL Server 2005 |
IT Security, MySQL, Perl, SQL Server, and Windows technologies.