Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how do you secure or review a SQL 2000 or SQL 2008 Database.

Posted on 2014-09-29
4
Medium Priority
?
128 Views
Last Modified: 2014-10-01
Hello,

I have a Database SQL, how i'm able to know that is very secure from hackers and no one access the database.
Can I see logs? etc.. which ip etc.. please provide me info.
0
Comment
Question by:koila
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Assisted Solution

by:jogos
jogos earned 1000 total points
ID: 40350500
First give no user more rights as he needs.  Concider to use windows authentication over an application-user with a appication login.

Be aware of sql injection
http://technet.microsoft.com/en-us/library/ms161953(v=sql.105).aspx
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
so limit dynamic sql
http://blogs.msdn.com/b/raulga/archive/2007/01/04/dynamic-sql-sql-injection.aspx
0
 
LVL 4

Author Comment

by:koila
ID: 40350515
how i'm able to view these logs file? to who access the database?
0
 
LVL 25

Expert Comment

by:jogos
ID: 40350561
0
 
LVL 52

Accepted Solution

by:
Vitor Montalvão earned 1000 total points
ID: 40351649
Set the instance for Windows Authentication only.
Use domain accounts for SQL Server service and SQL Server Agent service.
Deny execution on xp_cmdshell.
Give no one privileges  to access the machine, only DBA's.
Grant low privileges for user databases and no permissions to system databases (once more, only DBA's).
If data are classified think in put the SQL Server behind a firewall. Apply the most recent security hotfixes and keep it up to date.
Activate Login Audit.
Perform backups constantly.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question