Microsoft SQL hardening
We offer Microsoft SQL database configuration security audit as a Microsoft Windows system configuration security audit extension.
The objective is to review MS SQL databases configuration and to evaluate it’s data security. In adition to founded weaknesses the audit also includes technical recommendations for their removing.
Supported MS SQL versions
Platforms, which are supported by our audit services:
Microsoft SQL Server 2000 / 2005 / 2008
We support 32-bit and 64-bit platforms
Security audit needs short configuration data collection (less than 1 hour) on an audited server – remote access is sufficient. Data collection is made with database administrator’s assistance via privileged account. Collected configuration data are processed outside a customer’s seat.
Audit scope
MS SQL database system configuration security audit usually includes following areas:
| ID | Area |
|---|---|
| 1. | Basic Configuration |
| 2. | Access Protocols |
| 3. | System services |
| 4. | SQL Agent |
| 5. | Authentication |
| 6. | Remote access – Remote Servers |
| 7. | Remote access – Linked Servers |
| 8. | Server authorization |
| 9. | Database schemes |
| 10. | Database Users |
| 11. | Important DB users and roles attributes |
| 12. | Application roles |
| 13. | Non/Standard DB Roles |
| 14. | Key privileges, object ownership assignation, etc. |