Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 130
  • Last Modified:

how do you secure or review a SQL 2000 or SQL 2008 Database.

Hello,

I have a Database SQL, how i'm able to know that is very secure from hackers and no one access the database.
Can I see logs? etc.. which ip etc.. please provide me info.
0
koila
Asked:
koila
  • 2
2 Solutions
 
jogosCommented:
First give no user more rights as he needs.  Concider to use windows authentication over an application-user with a appication login.

Be aware of sql injection
http://technet.microsoft.com/en-us/library/ms161953(v=sql.105).aspx
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
so limit dynamic sql
http://blogs.msdn.com/b/raulga/archive/2007/01/04/dynamic-sql-sql-injection.aspx
0
 
koilaAuthor Commented:
how i'm able to view these logs file? to who access the database?
0
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
Set the instance for Windows Authentication only.
Use domain accounts for SQL Server service and SQL Server Agent service.
Deny execution on xp_cmdshell.
Give no one privileges  to access the machine, only DBA's.
Grant low privileges for user databases and no permissions to system databases (once more, only DBA's).
If data are classified think in put the SQL Server behind a firewall. Apply the most recent security hotfixes and keep it up to date.
Activate Login Audit.
Perform backups constantly.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now