Sunday, 9 June 2013

SQL DBA's Best practices for hardening sql server

blogger tricks

The passion for becoming a professional DBA lead to the creation of this blog.

Lets start the first day with DBA's Best Practices to harden the sql server.

Summary of Best Practices

·         SQL Server should be hardened after the installation.
·         After the installation, use the SQL Server Configuration Manager tool in order to disable unnecessary features and services.
·         Install only required components.
·         Recent service packs and critical fixes should be installed for SQL Server and Windows.
·         Windows Authentication mode is more secure than SQL Authentication.
·         If there is still a need to use SQL Authentication – enforce strong password policy.
·         Disable the SA account and rename it. Do not use this account for SQL server management.
·         Change default SQL Server ports associated with the SQL Server installation to keep hackers from port scanning the server.
·         Change the service account password at regular intervals
·         Hide SQL Server instances or disable the SQL Server Browser service.
·         Remove BUILDIN\Administrators group from the SQL Server Logins.
·         Enable logging SQL Server login attempts (failed & successful).
·         Disable the SQL guest account.
·         Disable xp_cmdshell unless it is absolutely needed.
·         Block TCP port 1433 and UDP port 1434 at the firewall except for when the Administration & Data Server is not in the same security zone as the Logger.
·         Change the recovery actions of the Microsoft SQL Server service to restart after a failure.
·         Remove all sample databases, for example, Pubs and Northwind.
·         Enable auditing for failed logins
·         Enable both Named Pipes and TCP/IP endpoints during SQL Server 2008 R2 setup. Make sure Named Pipes has a higher order of priority than TCP/IP.
·         Not all schemas should be owned by dbo.


·         Enable automatic updates whenever feasible but test them before applying to production systems.



Appreciate your suggestions. Please comment your feedback and reach me out at email

Regards,
Ganapathi varma
SQL engineer, MCP 

2 comments:

  1. Nice effort, this was really helpful. where i will find your other blogs related to SQL.

    ReplyDelete
  2. Thanks for the info Ganapathi.

    Its really good to understand clear info step by step



    ReplyDelete