Sunday, 16 June 2013
Sunday, 9 June 2013
Microsoft announces sql server 2014. The release date of of SQL Server to be believed later this year.
Find the below link for more information.
New features of Sql server 2012
The passion for becoming a professional DBA lead to the creation of this blog.
Lets start the first day with DBA's Best Practices to harden the sql server.
Summary of Best Practices
· SQL Server should be hardened after the installation.
· After the installation, use the SQL Server Configuration Manager tool in order to disable unnecessary features and services.
· Install only required components.
· Recent service packs and critical fixes should be installed for SQL Server and Windows.
· Windows Authentication mode is more secure than SQL Authentication.
· If there is still a need to use SQL Authentication – enforce strong password policy.
· Disable the SA account and rename it. Do not use this account for SQL server management.
· Change default SQL Server ports associated with the SQL Server installation to keep hackers from port scanning the server.
· Change the service account password at regular intervals
· Hide SQL Server instances or disable the SQL Server Browser service.
· Remove BUILDIN\Administrators group from the SQL Server Logins.
· Enable logging SQL Server login attempts (failed & successful).
· Disable the SQL guest account.
· Disable xp_cmdshell unless it is absolutely needed.
· Block TCP port 1433 and UDP port 1434 at the firewall except for when the Administration & Data Server is not in the same security zone as the Logger.
· Change the recovery actions of the Microsoft SQL Server service to restart after a failure.
· Remove all sample databases, for example, Pubs and Northwind.
· Enable auditing for failed logins
· Enable both Named Pipes and TCP/IP endpoints during SQL Server 2008 R2 setup. Make sure Named Pipes has a higher order of priority than TCP/IP.
· Not all schemas should be owned by dbo.
· Enable automatic updates whenever feasible but test them before applying to production systems.
Appreciate your suggestions. Please comment your feedback and reach me out at email
SQL engineer, MCP