Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Here are some security features from SQL 2000-2008 that I find relevant to SQL Server Security:
- Transparent Data Encryption & External Key Management & Signed Modules
- Auditing
- User/Schema Separation
- Change Data Capture
- Policy Management
- DDL Triggers
- Code Access Security
- SQL Login Policies
- Strong Passwords/Match AD
- Logon Triggers
- Stop SQL Injection with SqlCommand Object in .NET
- Module Execution Context
- Fine-Grained Permission Granularity
- Principles-Permissions-Securables
- Grant-Revoke-Deny
- Cell-level Encryption
- Surface Area Configuration
- Configuration Manager
- Non-essential services shut down
- Authentication Modes
- Application Roles
- SQL Browser moved to service, off by default
- Windows & SQL Authentication
- Domain Logons, NETWORK SERVICE, SYSTEM Logins
- Secure by Design
- Secure by Default
- Server or Database Roles
- Principles-Permissions-Securables
- Cross Database Ownership Chaining
- 2008 https://www.microsoft.com/sqlserver/2008/en/us/Security.aspx
- 2005 https://www.microsoft.com/sqlserver/2005/en/us/Security.aspx
- 2000 https://technet.microsoft.com/en-us/library/cc966456.aspx
SQL Payment Card Industry Security
https://www.parentenet.com/news/0904_whitepaper.pdf
SQL Server 2008 Security
https://www.microsoft.com/sqlserver/2008/en/us/security.aspx
SQL Server Security Best Practices
- 2008
https://www.microsoft.com/sqlserver/2008/en/us/Security.aspx
- 2005
https://www.microsoft.com/sqlserver/2005/en/us/Security.aspx
- 2000
https://technet.microsoft.com/en-us/library/cc966456.aspx
https://technet.microsoft.com/en-us/cc984178.aspx
https://vyaskn.tripod.com/sql_server_security_best_practices.htm
Security Overview for DBAs
https://www.microsoft.com/sqlserver/2008/en/us/wp-sql-2008-security.aspx
SQL Server Common Criteria & SQL 2008
https://www.microsoft.com/sql/commoncriteria/certifications.mspx
https://www.cisecurity.org/bench_sqlserver.html
https://www.commoncriteriaportal.org/files/epfiles/0520a.pdf
SQL Server Compliance
https://www.microsoft.com/sql/compliance
https://sqlcat.com/msdnmirror/archive/2009/04/15/sql-resources-for-compliance.aspx
SQL Server Security Blog
https://blogs.msdn.com/sqlsecurity/default.aspx
Center for Security Benchmarks for SQL Server
https://www.cisecurity.org/bench_sqlserver.html
Dept. of Defense & SQL 2008 Security
https://iase.disa.mil/stigs/checklist/db_srr_checklist_sql_server_v8r1-2.pdf
Microsoft vs. Oracle DB Security
https://www.ngssoftware.com/research/papers/comparison.pdf
Implementing Row- and Cell-Level Security in SQL Server 2005
https://technet.microsoft.com/en-us/library/cc966395.aspx
Payment Industry Security Practices
https://www.parentenet.com/news/0904_whitepaper.pdf
Courseware
2787A Designing Security for Microsoft SQL Server 2005
4614A Designing Security for Microsoft® SQL Server 2005 Designing Security for Microsoft® SQL Server 2005
4615A Designing Security for Microsoft SQL Server 2005
SQL Security NewsGroup
microsoft.public.sqlserver.security