Hardening Your SQL Server Instance - PowerPoint PPT Presentation

About This Presentation
Title:

Hardening Your SQL Server Instance

Description:

Chapter 8 Hardening Your SQL Server Instance Hardening Hardening The process of making your SQL Server Instance more secure New features Policy based management ... – PowerPoint PPT presentation

Number of Views:167
Avg rating:3.0/5.0
Slides: 14
Provided by: liuj151
Learn more at: https://people.wou.edu
Category:

less

Transcript and Presenter's Notes

Title: Hardening Your SQL Server Instance


1
Chapter 8
  • Hardening Your SQL Server Instance

2
Hardening
  • Hardening
  • The process of making your SQL Server Instance
    more secure
  • New features
  • Policy based management (chapter 10)
  • Kerberos authentication for other communication
    protocols beside TCP/IP, such as named pipes and
    shared memory
  • Tighter integration between SQL Server 2008 and
    Windows Server 2008 and Active Directory Domain
    Services
  • Can re-name the sa account
  • Others

3
Authentication
  • Windows authentication
  • Always because the users are Windows users first.
  • Generally the password is more secure
  • Mixed Mode
  • Can be as secure as Windows
  • Provides a secondary guard
  • Necessary to support public facing applications
  • Not supporting Kerberos a more mature and
    robust protocol
  • Can change between the two
  • Book recommendation use Windows authentication
    only
  • My recommendation allow both, use Windows
    authentication whenever make sense, use SQL
    Server authentication whenever necessary.

4
The SA account
  • Everybody knows about it
  • It has all the power
  • When compromised, the hacker could cause a lot
    major damagers such as collecting important
    information or destroy the master table.
  • We should not use it for daily operations in a
    production environment
  • Should replace it with another account in two
    steps
  • Make sure there is another account with
    administrator privilege
  • Use Alter login SA with name abc-xyz
  • Document the new SA name
  • Document the SA password
  • Have process of changing SA password

5
SQL Server Configuration Manager
  • All programs ? Microsoft SQL Server 2008 ?
    Configuration Tools ? SQL Server Configuration
    Manager
  • Reduce the Surface Area what services are
    running

6
SQL Server Configuration Manager (2)
  • You can see
  • Services
  • Network Configuration
  • Client Configuration

7
Exercise 3
  • Finding out the meaning of the following types of
    connections and compare the pros and cons
  • Shared Memory
  • Named Pipes
  • TCP/IP
  • VIA
  • When listed in Client Protocols, they appear in
    certain order, what does the order indicate?
  • Due 2/24/2011

8
Change TCP port
  • The default is 1433
  • Change it so hackers take longer to find it
  • Document the new number

9
Hiding a SQL Server Instance from Broadcasting
info
  • Before hiding, client can find the instance with
    Server Browser listening the traffic on the net
  • After hiding, only the parties know the instance
    can target the instance

10
Windows Server 2008 Tools
  • Using Security Configuration Wizard
  • Verify Security Using the Microsoft Baseline
    security Analyzer
  • SQL Server 2008 Best Practice Analyzer Tool

11
Hardening Service Account
  • There are many build in service account
  • Just about one for each service
  • You can set to have each service account manage
    the corresponding service or have a single
    account manages all services
  • In a large enterprise you may have a large team,
    different team members are responsible for
    different components, the services accounts are a
    fitting approach
  • In a small shop, use one account for everything

12
Hardening Service Account (2)
  • Basic principles
  • Principle of Least Privilege
  • Give as little rights as you can operate
  • Principle of Isolation
  • Make each account apply to each instance and
    component to control the damages if compromised
  • These principles generate more work ?

13
Others
  • Install Service Packs and hot fixes
  • Monitoring using Security Logs
  • Remove the BUILDIN\Administrators group
  • Use of Firewall
Write a Comment
User Comments (0)
About PowerShow.com