Sunday 9 June 2013

SQL DBA's Best practices for hardening sql server

blogger tricks

The passion for becoming a professional DBA lead to the creation of this blog.

 Lets start the first day with DBA's Best Practices to harden the sql server.

Summary of Best Practices

·         SQL Server should be hardened after the installation.
·         After the installation, use the SQL Server Configuration Manager tool in order to disable unnecessary features and services.
·         Install only required components.
·         Recent service packs and critical fixes should be installed for SQL Server and Windows.
·         Windows Authentication mode is more secure than SQL Authentication.
·         If there is still a need to use SQL Authentication – enforce strong password policy.
·         Disable the SA account and rename it. Do not use this account for SQL server management.
·         Change default SQL Server ports associated with the SQL Server installation to keep hackers from port scanning the server.
·         Change the service account password at regular intervals
·         Hide SQL Server instances or disable the SQL Server Browser service.
·         Remove BUILDIN\Administrators group from the SQL Server Logins.
·         Enable logging SQL Server login attempts (failed & successful).
·         Disable the SQL guest account.
·         Disable xp_cmdshell unless it is absolutely needed.
·         Block TCP port 1433 and UDP port 1434 at the firewall except for when the Administration & Data Server is not in the same security zone as the Logger.
·         Change the recovery actions of the Microsoft SQL Server service to restart after a failure.
·         Remove all sample databases, for example, Pubs and Northwind.
·         Enable auditing for failed logins
·         Enable both Named Pipes and TCP/IP endpoints during SQL Server 2008 R2 setup. Make sure Named Pipes has a higher order of priority than TCP/IP.
·         Not all schemas should be owned by dbo.
·         Enable automatic updates whenever feasible but test them before applying to production systems.


Appreciate your suggestions. Please comment your feedback and reach me out at email


Posted by at

3 comments:

  1. Unknown1 April 2014 at 22:15

    Nice effort, this was really helpful. where i will find your other blogs related to SQL.

    ReplyDelete
  2. Unknown23 December 2015 at 06:15

    Thanks for the info Ganapathi.

    Its really good to understand clear info step by step



    ReplyDelete
  3. Unknown29 April 2017 at 03:06


    Very Useful information that i have found. don't stop sharing and Please keep updating us..... Thanks

    ReplyDelete

Subscribe to: Post Comments (Atom)