An Enterprise-Class Plan for Securing Microsoft SQL Server Databases

If you are running Microsoft SQL Server databases to support critical enterprise applications, you are part of a growing trend. The cost/performance benefits of Microsoft SQL Server on the Microsoft Windows NT and Windows 2000 platforms have fueled the growth of SQL Server as a platform for enterprise-class applications.

Common Vulnerabilities in Database Security

Creating an enterprise security plan is a complex endeavour. It involves evaluating multiple threats that gain access through many network paths to a hodgepodge of different applications and systems. With the focus on systems and paths, databases are frequently overlooked. Securing the database should be a fundamental tenet for any security practitioner when developing his or her security plan. The database is the source of data, the "crown jewels" in the information economy. Any security effort must start with this in mind and end with the strongest level of controls applied at the database layer.

SQL Server 2000 Security - Part 13 - SQL Injection attack

Typically, access to data is provided via client applications, which increases the range of potential vulnerabilities and places an equal share of responsibility for data security on software developers. This is especially important since application flaws can have just as catastrophic implications as a misconfigured or unsecured SQL Server installation.

Scanning the network for SQL Server

Have you ever wondered how many SQL Servers are on your network? Need their versions for patches, reporting, etc? Read about this technique for easily scanning for all the servers that are installed.

SQL Server 2000 Security - Part 10 - Auditing

A basic look at various ways in which you can perform some server auditing with SQL Server 2000.

Stop SQL Injection Attacks Before They Stop You

A new article from MSDN magazine on stopping SQL Injection attacks by examining how the SQL can be exploited. It's a good basic article for developers as well as DBAs who might have to review code.

SQL Server Auditing - Part 1

Our SQL Server Security expert, Brian Kelley, brings us the first part of a new series on auditing. Most of the auditing articles we've had are based on how you audit changes to data. Brian looks at auditing from the server itself, explaining the different levels of auditing built into SQL Server 2000.

Review: NGSSquirrel

NGS Software is in the security business and have been very successful in finding vulnerabilities in many products, notable SQL Server. They have used their expertise to build products to help you better secure your systems. Dale Corey looks at one of those products, NGSSquirrel, which does vulnerability assessment.

Save Your Password

Storing passwords in SQL Server for authentication by your application is a common practice. But not always a good one. Someone with access could easily see all passwords and perhaps cause mischief inside your application. Imagine the office gossip getting access to your HR application as the HR director! Not a good thing. Dinesh Asanka has written a short piece on how you can use a built in function in SQL Server to encrypt these passwords and use them with a minimum of effort.

What is the minimum permissions you would need...