SQL Server 2005 Security Best Practices - Operational and Administrative Tasks
|
This white paper covers some of the operational and administrative tasks associated with SQL Server 2005 security and enumerates best practices and operational and administrative tasks that will result in a more secure SQL Server system. Each topic describes a feature and best practices. For additional information on the specifics of utilities, features, and data definition language (DDL) statements referenced in this white paper, see SQL Server 2005 Books Online. Features and options that are new or defaults that are changed for SQL Server 2005 are identified. Coding examples for operational tasks use Transact-SQL, so understanding Transact-SQL is required for you to get the most out of this paper.
Included in this document:
| • | Introduction |
| • | Surface Area Reduction |
| • | Service Account Selection and Management |
| • | Authentication Mode |
| • | Network Connectivity |
| • | Lockdown of System Stored Procedures |
| • | Password Policy |
| • | Administrator Privileges |
| • | Database Ownership and Trust |
| • | Schemas |
| • | Authorization |
| • | Catalog Security |
| • | Remote Data Source Execution |
| • | Execution Context |
| • | Encryption |
| • | Auditing |
| • | Microsoft Baseline Security Analyzer and SQL Server Best Practices Analyzer |
| • | Patching |
| • | Conclusion |
