Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2002-02-08 : 09:25:32
|
| Matt writes "Hello! Love your articles... I'm stumped though... I need to secure down my SQL2000 server as much as possible. I'm using Enterprise Manager and Query Analyzer over the internet to get to my server. Is my password being sent unsecurely? And is there ANYTHING I can do to make my SQL server locked up with airtight security? Anything is appreciated. Thank you!-Matt" |
|
|
Spyder
SQLTeam Author
75 Posts |
Posted - 2002-02-08 : 09:42:28
|
Check out the MS SQL Server 2000 Security whitepaper by Richard Waymire and Ben Thomas, which is available at http://www.microsoft.com/sql/techinfo/administration/2000/2000SecurityWP.doc. This should get you going in the right direction. One thing to consider is whether using certificates and network encryption via SSL/TLS is right for you. There are also some good resources available at [url]http://www.sqlsecurity.com[/url]. |
 |
|
|
andre
Constraint Violating Yak Guru
259 Posts |
Posted - 2002-02-08 : 09:44:49
|
| I don't believe your password information is sent securely.Here are some ideas:1) Don't login using the sa account unless absolutely necessary2) Make sure the password for sa isn't blank3) Don't use port 1443 for SQL access4) Remove the extended stored procedure xp_cmdshell if you aren't going to use itThe best way to secure your SQL Server is to put it behind a firewall and block the port you run SQL Server on. This will prevent outside access to SQL Server but prevent you from working on it remotely. Not having remote access to the SQL Server can be inconvenient, but it is in my opinion as close to being "airtight" as possible from outside hackers.Edited by - andre on 02/08/2002 09:51:49 |
|
|
|
|
|
|
SQL Security