Removing the Builtin Administrators - Some Pitfalls to Avoid

The SQL Server 2000 security model is not the best one of all the RDBMS platforms and requires some work to secure properly. One of the practices that is recommended is removing the builtin/administrators group from accessing the SQL Server. New author Kathi Kellenberger shows us some of the pitfalls she encountered when removing this group from her servers.

Securing Your Microsoft SQL Server Databases in an Enterprise Environm

If you are running Microsoft SQL Server databases to support critical enterprise applications, you are part of a growing trend.

Manipulating Microsoft SQL Server Using SQL Injection

Focuses on advanced techniques that can be used in an attack on an application utilizing Microsoft SQL Server as a backend. These techniques demonstrate how an attacker could use a SQL Injection vulnerability to retrieve the database content from behind a firewall and penetrate the internal network. Also provided are recommendations on how to prevent such attacks.

Which of the following commands will successfully create...

Is there a way to determine the last...

Securing your databases: Improving protection with a proactive securit

The key to effective security is embracing it as an ongoing process rather than a one time event. This document examines how database security can be enhanced with a proactive security lifecycle approach.

An Enterprise-Class Plan for Securing Microsoft SQL Server Databases

If you are running Microsoft SQL Server databases to support critical enterprise applications, you are part of a growing trend. The cost/performance benefits of Microsoft SQL Server on the Microsoft Windows NT and Windows 2000 platforms have fueled the growth of SQL Server as a platform for enterprise-class applications.

Common Vulnerabilities in Database Security

Creating an enterprise security plan is a complex endeavour. It involves evaluating multiple threats that gain access through many network paths to a hodgepodge of different applications and systems. With the focus on systems and paths, databases are frequently overlooked. Securing the database should be a fundamental tenet for any security practitioner when developing his or her security plan. The database is the source of data, the "crown jewels" in the information economy. Any security effort must start with this in mind and end with the strongest level of controls applied at the database layer.

SQL Server 2000 Security - Part 13 - SQL Injection attack

Typically, access to data is provided via client applications, which increases the range of potential vulnerabilities and places an equal share of responsibility for data security on software developers. This is especially important since application flaws can have just as catastrophic implications as a misconfigured or unsecured SQL Server installation.

Scanning the network for SQL Server

Have you ever wondered how many SQL Servers are on your network? Need their versions for patches, reporting, etc? Read about this technique for easily scanning for all the servers that are installed.