Microsoft SQL Server 2005 - Center for Internet Security

Security Configuration Benchmark For
Microsoft SQL Server 2005
Version 1.1.0
December 2008
Leader:
Mike Taber
Moon River Consulting, Inc.
Copyright 2001-2008, The Center for Internet Security
http://cisecurity.org
feedback@cisecurity.org
Table of Contents
Terms of Use Agreement............................................................................................................................................2
Introduction ................................................................................................................................................................5
CONSENSUS GUIDANCE ....................................................................................................................................................5
CONFIGURATION LEVELS ..................................................................................................................................................5
Level-I Benchmark settings/actions ....................................................................................................................5
Level-II Benchmark settings/actions ...................................................................................................................5
SCORING LEVELS .............................................................................................................................................................5
Scorable ...............................................................................................................................................................5
Not Scorable ........................................................................................................................................................6
Not Applicable .....................................................................................................................................................6
1. Operating System and Network Specific Configuration .........................................................................................7
2. SQL Server Installation and Patches .................................................................................................................... 11
3. SQL Server Settings .............................................................................................................................................. 13
4. Access Controls .................................................................................................................................................... 17
5. Auditing and Logging ........................................................................................................................................... 20
6. Backup and Disaster Recovery Procedures ......................................................................................................... 24
7. Replication ........................................................................................................................................................... 26
8. Application Development Best Practices ............................................................................................................ 27
9. Surface Area Configuration Tool ......................................................................................................................... 29
Change History ........................................................................................................................................................ 30
Acknowledgements ................................................................................................................................................. 31
References ............................................................................................................................................................... 31
1|Page
Terms of Use Agreement
Background.
CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other
services and materials from the CIS website or elsewhere (“Products”) as a public service to
Internet users worldwide. Recommendations contained in the Products (“Recommendations”)
result from a consensus-building process that involves many security experts and are generally
generic in nature. The Recommendations are intended to provide helpful information to
organizations attempting to evaluate or improve the security of their networks, systems and
devices. Proper use of the Recommendations requires careful analysis and adaptation to specific
user requirements. The Recommendations are not in any way intended to be a “quick fix” for
anyone’s information security needs.
No representations, warranties and covenants.
CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative
effect of the Products or the Recommendations on the operation or the security of any particular
network, computer system, network device, software, hardware, or any component of any of the
foregoing or (ii) the accuracy, reliability, timeliness or completeness of any Product or
Recommendation. CIS is providing the Products and the Recommendations “as is” and “as
available” without representations, warranties or covenants of any kind.
User agreements.
By using the Products and/or the Recommendations, I and/or my organization (“we”) agree and
acknowledge that:
No network, system, device, hardware, software or component can be made fully secure;
We are using the Products and the Recommendations solely at our own risk;
We are not compensating CIS to assume any liabilities associated with our use of the Products or
the Recommendations, even risks that result from CIS’s negligence or failure to perform;
We have the sole responsibility to evaluate the risks and benefits of the Products and
Recommendations to us and to adapt the Products and the Recommendations to our particular
circumstances and requirements;
Neither CIS, nor any CIS Party (defined below) has any responsibility to make any corrections,
updates, upgrades or bug fixes or to notify us if it chooses at it sole option to do so; and
Neither CIS nor any CIS Party has or will have any liability to us whatsoever (whether based in
contract, tort, strict liability or otherwise) for any direct, indirect, incidental, consequential, or
special damages (including without limitation loss of profits, loss of sales, loss of or damage to
reputation, loss of customers, loss of software, data, information or emails, loss of privacy, loss of
use of any computer or other equipment, business interruption, wasted management or other staff
resources or claims of any kind against us from third parties) arising out of or in any way connected
with our use of or our inability to use any of the Products or Recommendations (even if CIS has
been advised of the possibility of such damages), including without limitation any liability
associated with infringement of intellectual property, defects, bugs, errors, omissions, viruses,
worms, backdoors, Trojan horses or other harmful items.
Grant of limited rights.
2|Page
CIS hereby grants each user the following rights, but only so long as the user complies with all of the
terms of these Agreed Terms of Use:
Except to the extent that we may have received additional authorization pursuant to a written
agreement with CIS, each user may download, install and use each of the Products on a single
computer;
Each user may print one or more copies of any Product or any component of a Product that is in a
.txt, .pdf, .doc, .mcw, or .rtf format, provided that all such copies are printed in full and are kept
intact, including without limitation the text of this Agreed Terms of Use in its entirety.
Retention of intellectual property rights; limitations on distribution.
The Products are protected by copyright and other intellectual property laws and by international
treaties. We acknowledge and agree that we are not acquiring title to any intellectual property
rights in the Products and that full title and all ownership rights to the Products will remain the
exclusive property of CIS or CIS Parties. CIS reserves all rights not expressly granted to users in the
preceding section entitled “Grant of limited rights.” Subject to the paragraph entitled “Special
Rules” (which includes a waiver, granted to some classes of CIS Members, of certain limitations in
this paragraph), and except as we may have otherwise agreed in a written agreement with CIS, we
agree that we will not (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive
the source code for any software Product that is not already in the form of source code; (ii)
distribute, redistribute, encumber, sell, rent, lease, lend, sublicense, or otherwise transfer or exploit
rights to any Product or any component of a Product; (iii) post any Product or any component of a
Product on any website, bulletin board, ftp server, newsgroup, or other similar mechanism or
device, without regard to whether such mechanism or device is internal or external, (iv) remove or
alter trademark, logo, copyright or other proprietary notices, legends, symbols or labels in any
Product or any component of a Product; (v) remove these Agreed Terms of Use from, or alter these
Agreed Terms of Use as they appear in, any Product or any component of a Product; (vi) use any
Product or any component of a Product with any derivative works based directly on a Product or
any component of a Product; (vii) use any Product or any component of a Product with other
products or applications that are directly and specifically dependent on such Product or any
component for any part of their functionality, or (viii) represent or claim a particular level of
compliance with a CIS Benchmark, scoring tool or other Product. We will not facilitate or otherwise
aid other individuals or entities in any of the activities listed in this paragraph.
We hereby agree to indemnify, defend and hold CIS and all of its officers, directors, members,
contributors, employees, authors, developers, agents, affiliates, licensors, information and service
providers, software suppliers, hardware suppliers, and all other persons who aided CIS in the
creation, development or maintenance of the Products or Recommendations (“CIS Parties”)
harmless from and against any and all liability, losses, costs and expenses (including attorneys' fees
and court costs) incurred by CIS or any CIS Party in connection with any claim arising out of any
violation by us of the preceding paragraph, including without limitation CIS’s right, at our expense,
to assume the exclusive defense and control of any matter subject to this indemnification, and in
such case, we agree to cooperate with CIS in its defense of such claim. We further agree that all CIS
Parties are third-party beneficiaries of our undertakings in these Agreed Terms of Use.
Special rules.
CIS has created and will from time to time create special rules for its members and for other
persons and organizations with which CIS has a written contractual relationship. Those special
rules will override and supersede these Agreed Terms of Use with respect to the users who are
covered by the special rules. CIS hereby grants each CIS Security Consulting or Software Vendor
Member and each CIS Organizational User Member, but only so long as such Member remains in
good standing with CIS and complies with all of the terms of these Agreed Terms of Use, the right to
3|Page
distribute the Products and Recommendations within such Member’s own organization, whether by
manual or electronic means. Each such Member acknowledges and agrees that the foregoing grant
is subject to the terms of such Member’s membership arrangement with CIS and may, therefore, be
modified or terminated by CIS at any time.
Choice of law; jurisdiction; venue.
We acknowledge and agree that these Agreed Terms of Use will be governed by and construed in
accordance with the laws of the State of Maryland, that any action at law or in equity arising out of
or relating to these Agreed Terms of Use shall be filed only in the courts located in the State of
Maryland, that we hereby consent and submit to the personal jurisdiction of such courts for the
purposes of litigating any such action. If any of these Agreed Terms of Use shall be determined to be
unlawful, void, or for any reason unenforceable, then such terms shall be deemed severable and
shall not affect the validity and enforceability of any remaining provisions. We acknowledge and
agree that we have read these Agreed Terms of Use in their entirety, understand them and agree to
be bound by them in all respects.
4|Page
Introduction
This document is derived from research conducted utilizing the SQL Server 2005 environment on
Windows XP Desktops and Windows 2003 servers. This document provides the necessary
settings and procedures for the secure installation, setup, configuration, and operation of an MS
SQL Server 2005 system. With the use of the settings and procedures in this document, an SQL
Server 2005 database may be secured from conventional “out of the box” threats. Recognizing the
nature of security cannot and should not be limited to only the application; the scope of this
document is not limited to only SQL Server 2005 specific settings or configurations, but also
addresses backups, archive logs, “best practices” processes and procedures that are applicable to
general software and hardware security.
It is extremely important to conduct testing of security configurations on non-production systems
prior to implementing them on production systems.
Consensus Guidance
This guide was created using a consensus process comprised of volunteer and contract subject
matter experts. Consensus participants provide perspective from a diverse set of backgrounds
including consulting, software development, auditing and compliance, security research,
operations, government, and legal.
Configuration Levels
Level-I Benchmark settings/actions
System administrators with any level of security knowledge and experience can understand and
perform the specified actions.
The action is unlikely to cause an interruption of service to the operating system or the
applications that run on it.
The actions can be automatically monitored, and the configuration verified, by Scoring Tools that
are available from the Center or by CIS-certified Scoring Tools.
Level-II Benchmark settings/actions
Level-II security configurations vary depending on network architecture and server function.
These are of greatest value to system administrators who have sufficient security knowledge to
apply them with consideration to the operating systems and applications running in their
particular environments.
Scoring Levels
This section defines the various scoring levels used within this document.
Scorable
This setting or recommendation is able to be assessed by scoring tools or command‐line
arguments.
5|Page
Not Scorable
This setting or recommendation requires complex checking that is not feasible with basic audit
methods.
Not Applicable
This setting is a “policy”‐style recommendation or general best practice that is not technical in
nature.
6|Page
1. Operating System and Network Specific Configuration
Item
#
1.1
Configuration Item
Action / Recommended Parameters
Comments
Levels
Physical security
Domain environment
1.3
SQL Servers accessed
via Internet
Place the server where only authorized personnel
can obtain access.
Ensure that the trusted domain has only the
necessary rights to the SQL Server and its
databases.
Limit the database contents of this SQL Server to
information meant for public dissemination only.
1N
1.2
1.4
SQL Servers accessed
via Internet
Consider separating Web logic and business logic
onto separate computers.
1N
1.5
IPSEC
Place the SQL Server in an area where it will be
physically secure.
If the SQL Server is in a domain that is trusted by
other domains, document the access granted by the
trust.
If the SQL Server is being accessed via the Internet,
place the SQL Server inside a DMZ with the Web
Server.
Put a firewall between your server and the Internet.
Block TCP port 1433 and UDP port 1434
on your perimeter firewall. If named instances are
listening on additional ports, block those too. In a
multi-tier environment, use multiple firewalls to create
more secure screened subnets.
Use IPSEC policy filters to block connections to ports
other than the configured SQL Server ports.
IPSEC offers authentication, integrity,
confidentiality, and anti-replay services. SSL can
provide these services for all database
connections; however, IPSEC can allow these
services to be configured on selected computers
and ports.
2S
1.6
Encryption
1.7
Test and development
servers
1.8
Dedicated Server
1.9
OS Benchmark
Configuration
Windows accounts
Disk subsystem
1.9.1
1.9.2
Implement SSL. Use the fully-qualified DNS name of
the server in the certificate to help prevent
masquerading.
Maintain test and development servers on a separate
network segment from the production servers.
Install SQL Server on a computer that does not
provide additional services, e.g., Web or Mail
Services.
Configure Windows 2003 Server Level I benchmark
settings with the following modifications:
Make sure the Windows guest account is disabled
Use RAID for critical data files
1N
1N
2S
Test patches carefully before applying them to
production systems.
Vulnerabilities in other application services could
lead to a compromise of the SQL Server.
Raid Level 10 is recommended. Use the level of
RAID which will provide the best reliability and
performance for your environment.
1N
1N
1S
1N
7|Page
Item
#
1.9.3
Configuration Item
Action / Recommended Parameters
Comments
Levels
Separate partitions
Create separate partitions for OS/SQL program files,
SQL data files, and SQL transaction logs.
Separate partitions provide greater protections via
host and file permissions at the volume level as
well as allowing greater control over data storage
usage and monitoring of the database.
1S
1.9.4
1.10
Volume / partition type
Services
Format all volumes with NTFS
Disable the following services on a SQL Server
machine
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.10.9
1.10.10
1.10.11
1.10.12
1.10.13
1.10.14
1.10.15
1.10.16
1.10.17
1.10.18
Alerter
Clipbook Server
Computer Browser
DHCP Client
Distributed File System
Distributed Transaction Coordinator
Fax Service
Internet Connection Sharing
IPSec policy agent
License Logging
Logical Disk Manager Administrative Service
Messenger
NetMeeting Remote Desktop Sharing
Network DDE
Network DDE DSDM
Print Spooler
Remote Access Connection Manager
Remote Registry
1.10.19
1.10.20
1.10.21
1.10.22
1.10.23
Removable Storage
RunAs Service
Smart Card
Smart Card Helper
Task Scheduler
1.10.24
1.10.25
1.10.26
Telephony
Telnet
Windows Installer
1S
The disabling of services has to be balanced with
application requirements, since certain
applications require the use of certain services to
function correctly.
Unless IPSec policies will be used
Unless network management software requiring
remote registry access will be used
Unless batch jobs scheduled with the SQL Server
Agent or scheduled tasks will be used
1S
1S
1S
1S
1S
2S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
8|Page
Configuration Item
Action / Recommended Parameters
Comments
Levels
MSSQL Server Service
Account
Use a low-privileged Local or Domain account for the
MSSQLServer service.
2N
1.12
SQLServerAgent
Service Account
1.13
Local users group
membership
Domain users group
membership
SQL Server service
account rights
Use a low-privileged domain account for
SQLServerAgent if replication, DTS, or other interserver connection is required.
Assign the local service account as a member of only
the Users group
Make a domain service account a member of only
the Domain Users group
Grant the SQL Server service account(s) the
following rights:
Log on as a service
Act as part of the operating system
Log on as a batch job
Replace a process-level token
Bypass traverse checking
Adjust memory quotas for a process
Permission to start SQL Server Active Directory
Helper
Permission to start SQL Writer
Grant the SQL Server Agent service account(s) the
following rights:
Log on as a service
Act as part of the operating system
Log on as a batch job
Replace a process-level token
Bypass traverse checking
Adjust memory quotas for a process
Grant the Integration Service account(s) the following
rights:
Log on as a service
Permission to write to the application event log
Bypass traverse checking
Create global objects
Impersonate a client after authentication
The services account should only be a domain
account if the SQL Server requires remote
communications with other domain systems such
as those used for backup over the network.
Otherwise, a local user account should be used.
See items 1.13 – 1.17 for additional information
on the service account.
Replication and other inter-server
communications require the SQLServerAgent
service account to be a domain account.
The „Users‟ group is a local machine group.
Item
#
1.11
1.14
1.15
1.16
1.17
SQL Server Agent
service account rights
Integration Service
account rights
1N
1S
1N
These rights are assigned by default.
1S
1S
1S
1S
1S
1S
1S
1S
These rights are assigned by default.
Only on Windows 2000
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
9|Page
Item
#
1.18
Configuration Item
Action / Recommended Parameters
Comments
Levels
SQL Server services
account rights
Deny the service account the “Log on locally” right.
1S
1.19
SQL Server services
account rights
1.20.1
SQLServer Proxy
accounts
If a service account is a domain account, configure
the account to have the Windows permission “Log on
Locally” the database server only.
Create dedicated user accounts specifically for
proxies, and only use these proxy user accounts for
running job steps.
The service accounts do not have a need to log
on to the console. This will prevent a brute force
attack on the service account.
This, combined with the recommendation in item
1.15-1.17, will prevent an attempt to logon to any
domain computer using the services account.
A SQL Server Agent proxy defines the security
context for a job step. A proxy provides SQL
Server Agent with access to the security
credentials for a Microsoft Windows user. Each
proxy can be associated with one or more
subsystems. A job step that uses the proxy can
access the specified subsystems by using the
security context of the Windows user. Before SQL
Server Agent runs a job step that uses a proxy,
SQL Server Agent impersonates the credentials
defined in the proxy, and then runs the job step by
using that security context.
1.20.2
SQLServer Proxy
accounts
1.20.3
SQLServer Proxy
accounts
Only grant the necessary permissions to proxy user
accounts. Grant only those permissions actually
required to run the job steps that are assigned to a
given proxy account.
Do not run the SQL Server Agent service under a
Microsoft Windows account that is a member of the
Windows Administrators group.
1N
1N
1N
1S
10 | P a g e
2. SQL Server Installation and Patches
Item
#
2.1
Configuration Item
Action / Recommended Parameters
Comments
Levels
SQL Server install
platform
Avoid installing SQL Server on a domain controller.
1S
2.2
Patches and hotfixes
Ensure the Current SQL Server service pack and
hotfixes are installed.
2.3
SQL Server Ports
2.4
Naming conventions
2.5
SQL Server instances
Change SQL Server default ports from 1433 and
1434.
In naming SQL Server instances, limit the instance
name to less than 16 characters with no reference to
a version number or other sensitive information.
Keep an inventory of all versions, editions and
languages of SQL Server.
2.6
Authentication mode
Select Windows authentication mode.
2.7
Rename sa account
2.8
Strong password
The „sa‟ account should be renamed to something
that is not easily identifiable as the „sa‟ account.
Use a strong password for the „sa‟ login account.
If SQL Server were installed on a domain
controller, a successful attack against the
database could potentially compromise all domain
resources.
It would be counter productive to state specific
patch levels and hotfixes in this document. Since
they can change fairly often, the versions stated
here might be outdated by the time this document
is used. Check Microsoft‟s website for the latest
service pack/hotfix for SQL Server 2005.
Automatic updates are appropriate for nonproduction databases only. In multiple instance
environments, updates must be applied to each
SQL Server instance.
Using a non-default port helps protect the
database from attacks directed to the default port.
Version or other sensitive information in the server
name makes it easier for an attacker to develop
an attack strategy against the server.
Include instances of SQLEXPRESS. SQL Scan
and SQL Check are some of the tools that can be
used to scan for instances of SQL Server within a
domain.
Windows provides a more robust authentication
mechanism than SQL Server authentication. If
SQL Server authentication is required, configure
SQL Server account password and lockout
properties with local or domain-based group
policies.
It is more difficult to script attacks against the „sa‟
account if the username is not known.
A strong password for the “sa” login account is
required regardless of which mode is chosen and
regardless of whether the „sa‟ account is disabled.
1S
1S
1N
1N
1S
1S
1N
11 | P a g e
Item
#
2.9
Configuration Item
Action / Recommended Parameters
Comments
Levels
Sample databases
Do not install the sample databases. Delete all
sample databases if they already exist.
e.g., AdventureWorks, AdventureWorksDW,
Northwind and Pubs
1S
2.10
Initialization parameter
2.11
Initialization parameter
2.12
Initialization parameter
C2 Audit Mode– Set to 1 if no custom defined audit
trace is enabled
Remote Access– Set to 0 unless replication is being
used or the requirement is justified
Scan for Startup Procedures– Set to 0 unless
justified
Note: None of the sample database are installed
by default
Specifies whether automatic auditing of security
events is enabled.
Allows logons from remote servers.
Sets SQL Server to scan for startup procedures
when the service starts. Setting Scan for Startup
Procedures to 0 will prevent audit traces and other
commonly used monitoring SPs from re-starting
on start up. This includes the MS-provided
common criteria audit traceaudit which is included
in the SQL Server 2005 EAL1 common criteria
evaluation.See
https://members.microsoft.com/sqlcommoncriteria
/EAL1_trace.sql for additional details.
1S
1S
1S
12 | P a g e
3. SQL Server Settings
Item
#
3.1
Configuration Item
Action / Recommended Parameters
Comments
Levels
SQL Server
Configuration Manager
Disable the „Named Pipes‟ network protocol.
If Named Pipes is required, change the name to
something other than \\.\pipe\sql\query. Named
Pipes protocol is disabled by default for
MSSQLSERVER and SQLEXPRESS and
enabled for SQL Native Client.
1S
3.2
3.2.1
SQL Server Properties
Auto Restart SQL
Server
Auto Restart SQL
Server Agent
Distributed Transaction
Coordinator
Cross databaseownership chaining
The following settings are recommended:
Set the SQL Server service start mode to „Automatic‟
1S
3.2.5
Advanced Server
Settings
Do not enable direct modifications to the system
catalogs.
3.2.6
3.2.7
Backup/Restore from
tape timeout
Media Retention
3.3
Data Directory
3.4
Data Directory
3.5
Replication
Set the Backup/Restore from tape timeout period to
“Try for 5 minutes”
Set the default backup media retention to the
minimum number of days needed to retain a full
backup of the database. Ideally, this should be as
high as your resources permit.
The default data directory should be a dedicated data
partition
The default log directory should be a dedicated
partition separate from all programs and data
Do not enable replication.
This is found in the SQL Server Configuration
Manager.
This is found in the SQL Server Configuration
Manager.
This is found in the SQL Server Configuration
Manager.
Use sp_dboption to check for databases for which
cross-database ownership chaining is enabled.
This is found in the General page of SQL Server
Properties window. This is disabled by default.
This access level is disabled by default in SQL
Server 2005 and cannot be enabled. You must
use the documented API‟s to access them.
This option is found in the Database Settings
page of SQL Server Properties window.
This option is found in the Database Settings
page of SQL Server Properties window.
3.2.2
3.2.3
3.2.4
If the SQL Server Agent is required, set the „SQL
Server Agent‟ start mode to „Automatic‟.
Set the „Distributed Transaction Coordinator‟ service
start mode to „Disabled‟ if this service is not required.
Disable the cross_db_ownership_chaining option.
1S
1S
1S
1S
1S
1N
1S
1S
Section 7 covers security recommendations if
replication is required.
1S
13 | P a g e
Item
#
3.6
Configuration Item
Action / Recommended Parameters
Comments
Levels
Other SQL Server
Configuration Options
Save a maximum of 14 SQL error logs.
Truncate logs on a regular schedule, weekly, biweekly etc. to prevent oversize logs. This option is
found under Management-> SQL Server Logs
->Configure
1S
Note: The number of retained agents error logs
cannot be customized as it is hard coded at nine.
3.7
Database Mail
3.8
3.9
Trace Messages
User-defined stored
procedures
User-defined extended
stored procedures
3.10
3.11
Extended stored
procedures
Disable Database Mail where messaging is not
required.
Error Log/Include execution trace messages = off
Ensure that all user-defined stored procedures are
stored in encrypted format.
Avoid using user-defined extended stored
procedures. If extended functionality is required, use
Common Language Runtime (CLR) assemblies
instead.
Disable access to the following extended stored
procedures:
This option is found in the Advanced page of the
SQL Server Properties window.
General Page on SQL Server Agent properties
1S
This feature will be removed in a future version of
SQL Server
1S
1S
1S
The disabling of access to stored procedures has
to be balanced with application requirements,
since certain applications require the use of
external stored procedures to either export or
import data.
In the case where stored procedures need to be
left on the server, document this information and
note as an exception.
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.11.8
3.11.9
3.11.10
3.11.11
3.11.12
3.11.13
3.11.14
xp_available media
xp_cmdshell
xp_dirtree
xp_dsninfo
xp_enumdsn
xp_enumerrorlogs
xp_enumgroups
xp_eventlog
xp_fixeddrives
xp_getfiledetails
xp_getnetname
xp_logevent
xp_loginconfig
xp_msver
Disabled by default
2S
1S
2S
2S
2S
2S
2S
2S
2S
2S
2S
2S
2S
2S
14 | P a g e
Item
#
3.11.15
3.11.16
3.11.17
3.11.18
3.11.19
3.12
3.12.1
3.12.2
3.12.3
3.12.4
3.12.5
3.12.6
3.12.7
3.12.8
3.13
3.13.1
3.13.2
3.13.3
3.13.4
3.13.5
3.13.6
3.13.7
3.14
3.14.1
3.14.2
3.14.3
3.14.4
3.14.5
3.14.6
3.14.7
Configuration Item
Action / Recommended Parameters
SQLmail extended
stored procedures
xp_readerrorlog
xp_servicecontrol
xp_sprintf
xp_sscanf
xp_subdirs
Disable access to the following SQLMail extended
stored procedures:
WebTask extended
stored procedures
OLE Automation stored
procedures
xp_deletemail
xp_findnextmsg
xp_get_mapi_default_profile
xp_get_mapi_profiles
xp_readmail
xp_sendmail
xp_startmail
xp_stopmail
Disable access to the following WebTask extended
stored procedures. Delete the xpweb70.dll file that
implements the following Web Task extended stored
procedures:
xp_cleanupwebtask
xp_convertwebtask
xp_dropwebtask
xp_enumcodepages
xp_makewebtask
xp_readwebtask
xp_runwebtask
Disable access to the following OLE Automation
stored procedures:
sp_OACreate
sp_OADestroy
sp_OAGetErrorInfo
sp_OAGetProperty
sp_OAMethod
sp_OASetProperty
sp_OAStop
Comments
Levels
2S
2S
2S
2S
2S
SQLMail is replaced by Database mail
in MSS2005. It remains for backwards
compatibility. Both mail tools are
disabled by default.
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
WebTask is disabled by default.
2S
2S
2S
2S
2S
2S
2S
2S
Disabled by default.
Disabled by default.
Disabled by default.
Disabled by default.
Disabled by default.
Disabled by default.
Disabled by default.
Disabled by default.
2S
2S
2S
2S
2S
2S
2S
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
Disabled by default
2S
2S
2S
2S
2S
2S
2S
15 | P a g e
Item
#
3.15
3.15.1
3.15.2
3.15.3
3.15.4
3.15.5
3.15.6
3.16
Configuration Item
Action / Recommended Parameters
Registry access
extended stored
procedures
Disable access to the following Registry access
extended stored procedures:
Advanced Setting
xp_regaddmultistring
xp_regdeletekey
xp_regdeletevalue
xp_regenumvalues
xp_regremovemultistring
xp_regwrite
SQL Server Event forwarding/Forward events to a
different server = off
Comments
Levels
SQL Server Agent properties page.
2S
2S
2S
2S
2S
2S
1S
16 | P a g e
4. Access Controls
Item
#
Configuration Item
Action / Recommended Parameters
Comments
Levels
4.1
Permissions on OS tools
Restrict access to the executables in the System32 directory
eg. Explorer.exe and cmd.exe.
1S
4.2
SQL Server install directory
permissions
Modify the permissions to the [Drive]:\Program Files\Microsoft
SQL Server directory.
4.3
SQL Server database
instance directory
permissions
Delete or secure old setup files. Protect files in the <system
drive>:\Program Files\Microsoft SQL
Server\MSSQL.X\MSSQL\Install, e.g., sqlstp.log, sqlsp.log and
setup.iss. „.X‟ represents the installations of various SQL
Server installs due to the fact that multiple instances of SQL
Server or SQL Express can be installed.
Remove the Users group‟s permission (if any)
to executables. Assign Administrators Full
Control.
Assign the SQL Server service account Full
Control. Remove the Users group‟s
permission.
If the current system was upgraded from SQL
Server version 2000, check setup.iss in the
%Windir% folder and the sqlstp.log in the
Windows Temp folder for passwords.
Microsoft distributes a free utility called Killpwd,
which will locate and remove passwords found
in these setup files from your system.
4.4
Assigning System
Administrators role
4.5
SQL Logins
When assigning database administrators to the System
Administrators role, map their Windows accounts to SQL
logins, then assign them to the role.
Remove the default BUILTIN\Administrators SQL login.
4.6
SQL Logins
Ensure that all SQL Logins have strong passwords.
4.7
OS Guests access
Deny database login for the Guests OS group.
4.8
Fixed Server Roles
Only use the fixed server roles sysadmin, serveradmin,
setupadmin etc, to support DBA activity.
This tool does not work with a native SQL 2005
installation. Microsoft is scheduled to release
an updated tool, but no release date has been
given at this time.
Assign only authorized DBAs to the SQL
Server System Administrators role.
Do not remove BUILTIN\Administrators until
another account has been assigned the
System Administrators role.
Verify that the passwords are not blank and
cannot be easily compromised.
Assuming your Guests group was not renamed
as part of your OS lockdown:
EXEC sp_denylogin 'Computer_Name\Guests'
Avoid assigning these roles to application
database user accounts, application
administrator accounts, application developer
accounts or application roles.
1S
1S
1N
1S
1N
1S
1S
17 | P a g e
Item
#
Configuration Item
Action / Recommended Parameters
4.9
SQL Server Database
Users and Roles
Remove the guest user from all databases except master and
tempdb.
4.10
Statement Permissions
4.11
Database Owners
Permissions
Grant DDL statement permissions to only the database and
schema owner, not individual users.
Ensure dbo owns all user-created database schemas
4.12
Low-privileged users
Do not grant object permissions to PUBLIC or GUEST.
4.13
Stored Procedure
Permissions
Using the GRANT option
Grant execute permissions on stored procedures to database
roles (not users).
Do not assign the GRANT option of object permission to a user
or role.
Restrict proxy access to required/approved subsystems
4.14
4.15
SQL Server Agent
subsystem privileges
4.16
User-defined Database
Roles
4.17
4.18
Database Roles
Users and Roles
4.19
Application Roles
4.20
4.21
Use of Predefined Roles
Linked or Remote Servers
4.22
Linked or Remote Servers
Create user-defined database roles to assign permissions to
objects in the database when a pre-defined database role does
not supply the appropriate permissions to a group of users.
Avoid nesting database roles.
Ensure that the members of the roles (users/groups/other
roles) in the target database actually exist.
Use application roles to limit access to data to users of specific
applications. Use encryption to protect the role name and
password in the connection string. Use “EXECUTE AS WITH
NO REVERT” or “WITH COOKIE” to allow individuals to access
the application without knowing the password.
Avoid assigning predefined roles to PUBLIC or GUEST.
Use linked servers rather than remote servers where required.
Disable linked servers otherwise
Configure linked or remote servers to use Windows
authentication where required. Disable linked servers
otherwise.
Comments
Levels
1S
DBO has all statement permissions for the
database by default
Having dbo own all user-created database
schemas prevents issues raised when users
need to be deleted
Do not grant the REFERENCES object
permission to an application user, application
administrator, or application role.
1S
1S
1S
1S
1S
Allowing access to CmdExec and ActiveX
subsystems allows direct OS access and
should be avoided unless business
justifications for doing so exist.
Not all organizations have a need for userdefined database roles. This may not apply to
all organizations.
1N
1N
1S
1S
This provides a permission based rather than
password based mechanism to sandbox
access.
Remote servers are available for backward
compatibility purposes only. Applications that
must execute stored procedures against
remote instances of SQL Server should use
linked servers instead.
When linking SQL Server databases, the
user‟s current identity will be used to
authenticate the connection.
1N
1S
1S
1S
18 | P a g e
Item
#
Configuration Item
Action / Recommended Parameters
4.23
Linked Server logins
4.24
Ad Hoc Data Access
Allow linked server access only to those logins that need it.
Disable linked servers otherwise.
Disable ad hoc data access on all providers except SQL OLE
DB, for all users except members of the sysadmin fixed role.
Use network segmentation to prevent or limit desktop clients
from making direct adhoc connections.
Levels
Comments
1N
Allow ad hoc data access only to trusted
providers. Limit adhoc connections from MS
Office applications (Excel, Access, Word, etc.).
1N
19 | P a g e
5. Auditing and Logging
Item
#
Configuration Item
Action / Recommended Parameters
5.1
Auditing – General
5.2
SQL Server Properties –
Security Tab
Prepare a schedule for reviewing audit information
regularly.
Through the SQL Server Management Studio,
enable auditing for SQL Server.
5.3
SQL Server Logs
5.4
SQL Profiler
5.5
Profiler Events
SQL Server audit data must be protected from loss.
The SQL Server and SQL Server Agent logs must be
backed up before they are overwritten.
Use SQL Profiler to generate and manage audit
trails.
Capture the following events using SQL Profiler
5.5.1
Event
Audit Add DB User Event
5.5.2
Audit Add Login to Server Role
5.5.3
Audit Add Member to DB Role
5.5.4
Audit Add Role Event
5.5.5
5.5.6
Audit Addlogin Event
Audit App Role Change Password
5.5.7
Audit Backup/Restore
5.5.8
Audit Broker Conversation
5.5.9
Audit Broker Login
5.5.10
Audit Change Audit
Comments
Levels
1N
At a minimum, enable failed login attempts.
Auditing of failed login attempts only is enabled by
default.
Adjust the number of logs to prevent data loss.
The default is six.
1S
Ensure sufficient resources to support Profiler
activity
A third-party auditing tool may be used in lieu of
SQL Profiler.
Description of what the event records
Occurs when a database user login has been
added or removed.
Addition or removal of login accounts to/from
server roles.
Addition and deletion of logins from a database
role.
Occurs when a database role is added or
removed.
Occurs when a login has been added or removed.
Whenever passwords are changed for an
application role.
Occurs whenever a backup or restore command
is issued.
Reports audit messages related to Service Broker
dialog security.
Reports audit messages related to Service Broker
transport security.
Occurs whenever an audit trace modification is
made.
1S
1N
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
20 | P a g e
Action / Recommended Parameters
Comments
Levels
5.5.11
Audit Change Database Owner
1S
5.5.12
5.5.13
Audit DBCC
Audit Database Management
5.5.14
Audit Database Object Access
5.5.15
Audit Database Object GDR
5.5.16
Audit Database Object Management
5.5.17
Audit Database Object Take Ownership
5.5.18
Audit Database Operation
5.5.19
Audit Database Principal Impersonation
5.5.20
Audit Database Principal Management
5.5.21
Audit Database Scope GDR
5.5.22
Audit Login Change Password
5.5.23
Audit Login Change Property
5.5.24
Audit Login
5.5.25
Audit Login Failed
5.5.26
Audit Login GDR Event
Occurs when you use the ALTER
AUTHORIZATION statement to change the owner
of a database, and the permissions required to do
that are checked.
Occurs whenever a DBCC command is issued
Occurs when a database is created, altered, or
dropped.
Occurs when database objects, such as schemas,
are accessed.
Occurs when a GRANT, REVOKE, or DENY has
been issued for database objects, such as
assemblies and schemas.
Occurs when a CREATE, ALTER, or DROP
statement is executed on database objects, such
as schemas.
Occurs when a change of owner for objects within
database scope occurs.
Occurs when operations in a database, such as
checkpoint or subscribe query notification, occur.
Occurs when an impersonation occurs within the
database scope, such as EXECUTE AS <user> or
SETUSER.
Occurs when principals, such as users, are
created, altered, or dropped from a database.
Occurs whenever a GRANT, REVOKE, or DENY
is issued for a statement permission by any user
in Microsoft SQL Server for database-only actions
such as granting permissions on a database.
Occurs whenever a user changes their Microsoft
SQL Server login password.
Occurs when you use the sp_defaultdb stored
procedure, the sp_defaultlanguage stored
procedure, or the ALTER LOGIN statement to
modify a property of a login.
Occurs when a user has successfully logged in to
SQL Server.
Indicates that a user tried to log in to Microsoft
SQL Server and failed.
Occurs when a Microsoft Windows login right was
added or removed.
Item
#
Configuration Item
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
21 | P a g e
Action / Recommended Parameters
Comments
Levels
5.5.27
Audit Logout
1S
5.5.28
Audit Object Derived Permission Event
5.5.29
Audit Schema Object Access
5.5.30
Audit Schema Object GDR
5.5.31
Audit Schema Object Management
5.5.32
Audit Schema Object Take Ownership
5.5.33
Audit Server Alter Trace
5.5.34
Audit Server Object GDR
5.5.35
Audit Server Object Management
5.5.36
Audit Server Object Take Ownership
5.5.37
Audit Server Operation
5.5.38
Audit Server Principal Impersonation
5.5.39
Audit Server Principal Management
5.5.40
Audit Server Scope GDR
5.5.41
Audit Server Starts and Stops
Indicates that a user has logged out of (logged off)
Microsoft SQL Server.
Occurs when a CREATE, ALTER, or DROP was
issued for an object.
Occurs when an object permission (such as
SELECT) is used.
Occurs whenever a GRANT, REVOKE, or DENY
is issued for a schema object permission by any
user in Microsoft SQL Server.
Occurs when server objects are created, altered,
or dropped.
Occurs when the permissions to change the
owner of schema object (such as a table,
procedure, or function) is checked. This happens
when the ALTER AUTHORIZATION statement is
used to assign an owner to an object.
Occurs for all statements that check for the
ALTER TRACE permission. Statements that
check for ALTER TRACE include those used to
create or configure a trace, or to set a filter on a
trace.
Occurs whenever a GRANT, REVOKE, or DENY
is issued for a server object permission by any
user in Microsoft SQL Server.
Occurs in the case of CREATE, ALTER, or DROP
for server objects.
Occurs when the owner is changed for objects in
server scope.
Occurs when Security Audit operations such as
altering settings, resources, external access, or
authorization are used.
Occurs when there is an impersonation within
server scope, such as EXECUTE AS <login>.
Occurs when server principals are created,
altered, or dropped.
Occurs when a GRANT, REVOKE, or DENY is
issued for permissions in the server scope, such
as creating a login.
Occurs when the Microsoft SQL Server service
state is modified.
Item
#
Configuration Item
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
1S
22 | P a g e
Item
#
5.5.42
Configuration Item
Action / Recommended Parameters
Comments
Levels
Audit Statement Permission Event
Occurs when a statement permission has been
used.
1S
23 | P a g e
6. Backup and Disaster Recovery Procedures
Item
#
Configuration Item
Action / Recommended Parameters
Comments
Levels
6.1
Backups – General
Use Full database backups combined with differential
or transaction log backups to restore the database to
a specific point in time.
1N
6.2
System databases
6.3
Backing up Master
database
6.4
Backing up MSDB
database
6.5
Backup Media
It is important to include the system databases in
your backup plan i.e. the master, msdb and model
databases.
Backup the master database when any of the
following events occur:
 A database is created or deleted
 Login accounts are created, deleted or
modified
 Server-wide or database settings are modified
Backup the msdb database when any of the
following events occur:
 Alerts, jobs, schedules or operators are created,
deleted or modified
 Backups and restores are performed
Password protect the backup media.
Database backups should be made to another
server or disk that is not physically attached to the
same server as the database. This will reduce the
risk of total loss in case of disk failure.
The tempdb database contains no permanent
data and does not require backups.
1N
1N
1N
Assign a password to backups to reduce the
probability of an incorrect data restore.
2N
Note: This password is not intended to prevent
unauthorized access to backup data. See
http://msdn.microsoft.com/enus/library/ms186865(SQL.90).aspx for additional
details.
6.6
Access to Backup Files
6.7
Access to Backup Files
Restrict access to the backup files to System
Administrators.
Restrict restore permissions to DBAs and
db_owners.
1S
1S
24 | P a g e
Item
#
Configuration Item
6.8
Recommended periodic
administrative procedures
6.9
Recommended periodic
administrative procedures
Enable Password Policy
Enforcement
6.10
6.11
Periodic scan of Role
Members
6.12
Periodic scan of stored
procedures
Action / Recommended Parameters
Run the Microsoft Baseline Security Analyzer
weekly and follow the security recommendations
as closely as possible to secure the operating
system.
Run the SQL Best Practices Analyzer regularly and
note any changes to the environment.
When a password change mechanism is introduced
into clients and applications, enable password
expiration. Always specify MUST_CHANGE when
specifying a password on behalf of another principal.
Periodically scan fixed server and database roles
to ensure that only trusted individuals are
members.
Verify stored procedures that have been set to
AutoStart are secure.
Comments
Levels
1N
1N
1S
1N
1N
25 | P a g e
7. Replication
Item
#
Configuration Item
Action / Recommended Parameters
Comments
Levels
7.1
SQL Server Agent service
account
Configure replication agents to use a Windows
account rather than a SQL Server Agent account.
Grant only the required permissions to each agent.
Use Windows Authentication for all replication
agent connections.
1S
7.2
Replication administration
roles
The permissions needed to support and
administer replication are assigned to sysadmin,
db_owner and replmonitor by default.
1N
7.3
Snapshot share folder
7.4
Publication Access List
7.5
Secure Communications
7.6
Database connections
7.7
7.8
Filtering
Distribution databases
Avoid modifying replication administration
permissions assigned to the roles by default. Only
assign authorized application administrators and
DBAs these roles.
Store the snapshot folder, which houses a snapshot
of the replicated changes, on an explicit share and
not an administrative share.
The domain accounts used by the SQL Server Agent
service and the Replication proxy account must be
entered in the Publication Access List so that all
replication agents will be able to participate in the
replication process.
Use secure connections, such as VPN or proxy
servers, for all replication over the Internet.
Configure the database connections for replication
agents to use Windows authenticated logons.
Employ replication filters to protect the data.
All distribution databases and snapshot files must be
located in protected and audited locations.
1S
1S
1N
1S
1S
1S
26 | P a g e
8. Application Development Best Practices
Item
#
Configuration Item
Action / Recommended Parameters
8.1
Ownership Chaining
8.2
Role Assignments
8.3
Encrypted connections
Use ownership chaining within a single database to
simplify permissions management.
Assign permissions to roles rather than users. The
principle of “Least Privilege” applies, thus users
should not be given access to roles they do not need
for their job function.
Enable encrypted connections between the user and
the server.
8.4
Error Handling
Do not propagate errors back to the user.
8.5
User Input
Prevent SQL injection by validating all user input
before transmitting it to the server.
8.6
Developer awareness
8.7
Developer awareness
8.8
Security reviews
8.9
Distributing
SQLEXPRESS
8.10
Net-Libraries
Increase awareness of issues such as cross-site
scripting, buffer overflows, SQL injection and
dangerous APIs.
Identify categories of threats that apply to your
application, such as denial of service, escalation of
privileges, spoofing, data tampering, information
disclosure and repudiation.
Add security reviews to all stages of the application
development lifecycle (from design to testing).
If you distribute SQLEXPRESS, install
SQLEXPRESS using Windows security mode as the
default.
If SQLEXPRESS will operate as a local data store,
disable any unnecessary client protocols.
Comments
Avoid using cross database ownership chaining.
Levels
1N
Ensure that roles, rather than users own objects
to avoid application changes when a user is
dropped.
1N
Consider allowing only encrypted connections.
When allowing SQL Server authentication,
encrypt either the network layer with IPSec or the
session with SSL
Log errors or transmit them to the system
administrator.
Only permit minimally privileged accounts to send
user input to the server. Minimize the risk of SQL
injection attack by using parameterized
commands and stored procedures.
1N
1N
1N
1N
1N
1N
Never install a blank sa password. Use the
Microsoft Installer to install SQLEXPRESS.
1N
Remote access is disabled by default.
1N
27 | P a g e
Item
#
Configuration Item
Action / Recommended Parameters
8.11
Customer awareness
8.12
SQL Server Agent
Let your customers know that your product includes
SQLEXPRESS so that they can be prepared to
install or accept SQLEXPRESS -specific software
updates.
Change the SQL Server Agent Startup Type to
“Disabled”.
Comments
Levels
1N
SQLEXPRESS installs SQL Server Agent by
default and the Service startup type is “Manual”.
1N
28 | P a g e
9. Surface Area Configuration Tool
Item
#
Configuration Item
Action / Recommended Parameters
Comments
Levels
9.1
9.2
9.3
Ad Hoc Remote Queries
CLR Integration
DAC
Disabled by default.
Disabled by default.
Disabled by default.
1S
1S
1S
9.4
Database Mail
Disabled by default.
1S
9.5
Disabled by default.
1S
9.6
9.7
Native XML Web
Services
OLE Automation
Service Broker
Disabled by default.
Disabled by default.
1S
1S
9.8
SQL Mail
Disabled by default.
1S
9.9
9.10
Web Assistant
xp_cmdshell
Disabled by default.
Disabled by default.
1S
1S
9.11
Ad Hoc Data Mining
9.12
9.13
Anonymous
Connections
Linked Objects
9.14
Linked Objects
9.15
User-Defined Functions
9.16
Scheduled Events and
Report Delivery
Web Service and HTTP
Access
Windows Integrated
Security
Disable Ad Hoc Remote Queries where not required
Disable CLR Integration where not required
Disable the Dedicated Administrator Connection
where not required
Disable Database Mail where messaging is not
required
Do not configure XML Web Services endpoints
where not required
Disable OLE Automation where not required
Do not configure Service Broker endpoints where not
required
Do not enable SQL Mail where not required or where
Database Mail could be used instead.
Disable Web Assistant where not required
Disable the xp_cmdshell stored procedure where not
required
Disable ad hoc data mining queries where not
required
Disable anonymous connections to the Analysis
Services where not required
” Enable links To other instances” should be disabled
where not required.
” Enable links From other instances” should be
disabled where not required.
Disable loading of user-defined COM functions
where not required
Disable scheduled events and report delivery where
not required
Disable Web Service and HTTP access where not
required
Enable Windows integrated security for report data
source connections
9.17
9.18
1S
1S
1S
1S
1S
1S
1S
1S
29 | P a g e
Change History
Date
December 5th , 2008
Version Changes for this version
1.1.0
 Updated TOU and Cover Page
 Added Change History
 Added Acknowledgements Section
 Reformatted References Section
 Removed 2.10 which recommended deleting regedit.exe.
 2.3 - Removed “Use host and/or network firewalls to help prevent
attacks that target SQL Server on any port” from Comments section
 1.4 Added “Block TCP port 1433 and UDP port 1434 on your
perimeter firewall. If named instances are listening on
additional ports, block those too” to Action section.
 Updated 2.12 (was 2.13) to note “'Setting Scan for Startup
Procedures to 0' will prevent audit traces and other commonly used
monitoring sps from re-starting on start up. This includes the MSprovided common criteria audit traceaudit trace is/was included in
the SQL Server 2005 EAL1 common criteria evaluation.
https://members.microsoft.com/sqlcommoncriteria/EAL1_trace.sql”
 Remove item 3.6 as it was duplicative of 2.12 (then 2.13)
 Updated 2.9 to note “None of the sample database are
installed by default”.
 Updated 3.14 to note “Disabled by default”.
 Updated 3.12 to note “SQLMail is replaced by Database mail in
MSS2005. It remains for backwards compatibility. Both mail tools are
disabled by default.”
 Added note to 3.6 which states “The number of retained agents error
logs cannot be customized as it is hard coded at nine.”
 Updated 6.5 to level 2. Updated description to note that this
password is not meant to prevent unauthorized access to backup
data but to reduce the probability of restoring the incorrect dataset.
 Set 3.11.2 (xp_cmdshell) as Level 2 and denoted that it is disabled by
default.
 Updated 3.12.x (SQLMail XPs) to note these items are disabled by
default.
 Updated 3.13.x (WebTask XPs) to note these items are disabled by
default.
 Updated 3.14.x (OLE Automation SPs) to note these items are
disabled by default.
 Removed item 6.6 which recommended against performing network
backups. Updated subsequent numbering.
 Adding Scoring Status information to each recommendation
30 | P a g e
Acknowledgements
The following people were instrumental in the development of this guide:















Michael Fowkes
Phyllis R. Palmer
Rajendra Modak
Mike Chapple
Jitesh Chanchani
Balaji Devarasetty
Sheila Christman
Ernesto Rojas
James Hayes
Drew Miners
Tyler Harding
Michael Anderson
Brian Lawton
Michael Mychalczuk
Blake Frantz














Al Comeau
Dana Hemlock
Paul Davis
David W. Blaine
Dave Shackleford
Tran Thanh Chien
Michael A. Davis
Alexey Stolpovskikh
John Thorpe
William Edmond Jr.
John Banghart
Carl Alcindor
Andrea J. Weber
Jannine Mahone
References

10 Steps to Help Secure SQL Server 2000. Microsoft Corporation. Last accessed at:
http://www.microsoft.com/sql/techinfo/administration /2000/security/securingsqlserver.mspx

Database Security Technical Implementation Guide version 7, release1, October 2004. Developed by DISA
for the DOD.

Guide to the Secure Configuration and Administration of Microsoft SQL Server 2000. August 26, 2003.
National Security Agency.

SQL Server 2000 SP3 Security Features and Best Practices: Security Best Practices Checklist. May 2003.
Microsoft Corporation. Last accessed at:
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec04.mspx

SQL Server Security Checklist. Last accessed at: http://www.securitymap.net/sdm/docs/windows/mssqlchecklist.html

SQL Server 2005 Security and Protection. Last accessed at:
http://www.microsoft.com/technet/prodtechnol/sql/2005/library/security.mspx

Microsoft MSDN Website Documentation:
1.
2.
3.
4.
5.
6.
7.
8.
9.
http://msdn2.microsoft.com/en-us/library/ms186515.aspx
http://msdn2.microsoft.com/en-us/library/ms151227.aspx
http://msdn2.microsoft.com/en-us/library/ms151219.aspx
http://msdn2.microsoft.com/en-us/library/ms151775.aspx
http://msdn2.microsoft.com/en-us/library/ms151772.aspx
http://msdn2.microsoft.com/en-us/library/ms187892.aspx
http://msdn2.microsoft.com/en-US/library/ms175537.aspx
http://msdn2.microsoft.com/en-us/library/ms179313.aspx
http://msdn2.microsoft.com/en-us/library/ms191148.aspx
31 | P a g e
Download PDF