Posted by: Colin Smith
70-443, Certification, Education, Training
Chapter 3 was all about designing SQL Server Security in the enterprise. Again something that I need to start digging into and fixing in my environment. Should be fun though.
This chapter talked alot about Domain Level Group Policy as well as Local Group Policies. Using GP in order to force password requirments on SQL Logins. Also not to allow exceptions unless you have a real business need to do so, and even them keep them as minimal as possible. It talked about securing from attacks. Make sure that you have AV installed and running and update the DAT files. Do not let the SQL Database face the internet. Put it in a DMZ and let the web server face the public but do not let them interact with the SQL Server. In order to minimize SQL Injection do not use Dynamic SQL, Verify the input, and do not run services with high level accounts.
The next section talks about SQL Server Security at the instance, and database levels. Logins and Users and the Instance Roles that a login can be a part of and the database level roles that a user can be a part of. The different types of authentication that SQL server can use. Window or Mixed Mode.
That is a braod overview of chapter 3 and if you do not think that you know all there is to know about this stuff then read it. I am sure that I will again.