Posted by: Colin Smith
70-443, Certification, Education, Training
More security and some repeat of chapter 3. This is good though, they really hammered home to make sure that you are using AV, Strong Passwords, and things like that from Chapter 3. New information about NTLM and Kerberos Authentication, Certificates for encryption, and a lot of great information about service accounts best practices. The big things with service accounts are to not use the local system account as it is a admin on the box and you do not really need that. Use domain accounts that have as little permission as they need to do the job. It also talked about the groups that are created that are set with those permissions, on the local machine at least. If you need your SQL Agent to access data in a file share then you will need to make sure that the domain account you are using to get at that data actually does have access to that data.
Great information about using firewalls to block traffic on TCP1433 and UDP1434 from the internet. Also about removing protocols that you do not need like Netbios and SMB.
Again if you do not know everything about all I just mentioned. Read that chapter. I know I will again.