This checklist reviews key security configuration options for the SQL Server Database Engine. Use this checklist to periodically audit your Database Engine environment. These recommended settings should be adjusted based on your security and business needs.
Physical Security
.gif "Boolean Field Icon") |
- Is the computer that hosts the Database Engine located in a secure data center with limited access?
Tip For more information, see Sample Security Plan: Adventure Works.
|
|
- Are backups stored in a secure location?
Tip For more information, see Security Considerations for Backup and Restore.
|
|
- Is access to the Database Engine files (.mdf, .ndf, .ldf files) limited by file system permissions?
Tip Malicious users who obtain access to database files can attach them to other instances of the Database Engine. For more information, Securing Data and Log Files.
|
|
- Is access to the Database Engine binary files (sqlservr.exe in the binn folder) limited by file system permissions?
Tip: Malicious users who can access the SQL Server binary files can cause damage and denial of service.
|
|
- Is access to audit files limited by file system permissions?
Tip In a high security environment, the Windows Security log is the appropriate location to write events that record object access. Other audit locations are supported, but are more subject to tampering. For more information, see How to: Write Server Audit Events to the Security Log.
|
|
- Are backups of public and private encryption keys stored in a secure location?
Tip If encryption keys are backed up to removable media (CD, flash drive), the key backups should be stored in a secure location, such as a safe with controlled access. If backed up to another hard drive, that computer must be adequately protected.
|
|
- If you are using Extensible Key Management (EKM), are the Hardware Security Modules (HSMs) adequately protected?
Tip Consult your HSM vendor for recommendations.
|
Operating System Configuration
|
- Is the SQL Server computer protected by a firewall with only the necessary exceptions?
Tip Use wf.msc (or firewall.cpl) to configure the Windows firewall. For more information, see Configuring the Windows Firewall to Allow SQL Server Access.
|
|
- Are the server and client operating systems configured to use Extended Protection for Authentication?
Tip For more information, see Connecting to the Database Engine Using Extended Protection and Extended Protection for Authentication.
|
|
- Is the operating system configured to allow automatic updates whenever feasible?
Tip Production environments normally require testing before applying updates. Updates should be tested and applied on a regular basis. If testing is not being performed, then automatically installing updates might be the best choice.
|
Database Instance Configurations
|
- Is the Database Engine configured to run under an account with the least privileges necessary for the business need?
Tip For more information, see Setting Up Windows Service Accounts.
|
|
- Is SQL Server Authentication not enabled unless required by a business need?
Tip See Choosing an Authentication Mode.
|
|
- If SQL Server Authentication is enabled, has the SA account been disabled?
Tip The SA account is well known and frequent target of malicious users. Disable the account by using the ALTER LOGIN statement. Restrict the membership of the sysadmin fixed server role to logins that use Windows Authentication.
|
|
- If SQL Server Authentication is enabled, has the SA account been renamed?
Tip The SA account is well known and is a frequent target of malicious users. Renaming the account by using the ALTER LOGIN statement can help protect the account.
|
|
- Does the SA account have a strong password?
Tip The SA account password is specified during SQL Server setup. However, it can be changed using the ALTER LOGIN statement.
|
|
- If SQL Server Authentication is enabled, does SQL Server require strong passwords?
Tip SQL Server logins inherit the password policy of the computer unless specifically exempted. For more information, see the CHECK_POLICY option of CREATE LOGIN and ALTER LOGIN.
|
|
- Are unnecessary SQL Server features disabled?
Tip Use the Surface Area Configuration facet of Policy-Based Management. For more information, see Understanding Surface Area Configuration.
|
|
- Is xp_cmdshell disabled unless it is absolutely needed?
Tip For more information, see xp_cmdshell (Transact-SQL).
|
|
- Is Cross-Database Ownership Chaining set to OFF unless multiple databases are deployed as a single unit?
Tip For more information, see cross db ownership chaining Option.
|
|
- Do you regularly run the Best Practices Analyzer (BPA) against SQL Server?
Tip Use Microsoft SQL Server 2008 R2 Best Practices Analyzer or SQL Server 2005 Best Practices Analyzer (August 2008).
|
|
- Does the Database Engine have the latest service pack applied?
Tip Production environments normally require testing before applying service packs. If testing is not being performed, then automatically installing service packs might be the best choice.
|
|
- Have you confirmed that sample databases (such as AdventureWorks2008R2) are not installed on production databases?
Tip Use SQL Server Management Studio to check for the sample databases.
|