Share via


Checklist: Database Engine Security Configuration

This checklist reviews key security configuration options for the SQL Server Database Engine. Use this checklist to periodically audit your Database Engine environment. These recommended settings should be adjusted based on your security and business needs.

Physical Security

...

Description

Boolean Field Icon
Is the computer that hosts the Database Engine located in a secure data center with limited access?

Tip For more information, see Sample Security Plan: Adventure Works.

Boolean Field Icon
Are backups stored in a secure location?

Tip For more information, see Security Considerations for Backup and Restore.

Boolean Field Icon
Is access to the Database Engine files (.mdf, .ndf, .ldf files) limited by file system permissions?

Tip Malicious users who obtain access to database files can attach them to other instances of the Database Engine. For more information, Securing Data and Log Files.

Boolean Field Icon
Is access to the Database Engine binary files (sqlservr.exe in the binn folder) limited by file system permissions?

Tip: Malicious users who can access the SQL Server binary files can cause damage and denial of service.

Boolean Field Icon
Is access to audit files limited by file system permissions?

Tip In a high security environment, the Windows Security log is the appropriate location to write events that record object access. Other audit locations are supported, but are more subject to tampering. For more information, see How to: Write Server Audit Events to the Security Log.

Boolean Field Icon
Are backups of public and private encryption keys stored in a secure location?

Tip If encryption keys are backed up to removable media (CD, flash drive), the key backups should be stored in a secure location, such as a safe with controlled access. If backed up to another hard drive, that computer must be adequately protected.

Boolean Field Icon
If you are using Extensible Key Management (EKM), are the Hardware Security Modules (HSMs) adequately protected?

Tip Consult your HSM vendor for recommendations.

Operating System Configuration

...

Description

Boolean Field Icon
Is the SQL Server computer protected by a firewall with only the necessary exceptions?

Tip Use wf.msc (or firewall.cpl) to configure the Windows firewall. For more information, see Configuring the Windows Firewall to Allow SQL Server Access.

Boolean Field Icon
Are the server and client operating systems configured to use Extended Protection for Authentication?

Tip For more information, see Connecting to the Database Engine Using Extended Protection and Extended Protection for Authentication.

Boolean Field Icon
Is the operating system configured to allow automatic updates whenever feasible?

Tip Production environments normally require testing before applying updates. Updates should be tested and applied on a regular basis. If testing is not being performed, then automatically installing updates might be the best choice.

Database Instance Configurations

...

Description

Boolean Field Icon
Is the Database Engine configured to run under an account with the least privileges necessary for the business need?

Tip For more information, see Setting Up Windows Service Accounts.

Boolean Field Icon
Is SQL Server Authentication not enabled unless required by a business need?

Tip See Choosing an Authentication Mode.

Boolean Field Icon
If SQL Server Authentication is enabled, has the SA account been disabled?

Tip The SA account is well known and frequent target of malicious users. Disable the account by using the ALTER LOGIN statement. Restrict the membership of the sysadmin fixed server role to logins that use Windows Authentication.

Boolean Field Icon
If SQL Server Authentication is enabled, has the SA account been renamed?

Tip The SA account is well known and is a frequent target of malicious users. Renaming the account by using the ALTER LOGIN statement can help protect the account.

Boolean Field Icon
Does the SA account have a strong password?

Tip The SA account password is specified during SQL Server setup. However, it can be changed using the ALTER LOGIN statement.

Boolean Field Icon
If SQL Server Authentication is enabled, does SQL Server require strong passwords?

Tip SQL Server logins inherit the password policy of the computer unless specifically exempted. For more information, see the CHECK_POLICY option of CREATE LOGIN and ALTER LOGIN.

Boolean Field Icon
Are unnecessary SQL Server features disabled?

Tip Use the Surface Area Configuration facet of Policy-Based Management. For more information, see Understanding Surface Area Configuration.

Boolean Field Icon
Is xp_cmdshell disabled unless it is absolutely needed?

Tip For more information, see xp_cmdshell (Transact-SQL).

Boolean Field Icon
Is Cross-Database Ownership Chaining set to OFF unless multiple databases are deployed as a single unit?

Tip For more information, see cross db ownership chaining Option.

Boolean Field Icon
Do you regularly run the Best Practices Analyzer (BPA) against SQL Server?

Tip Use Microsoft SQL Server 2008 R2 Best Practices Analyzer or SQL Server 2005 Best Practices Analyzer (August 2008).

Boolean Field Icon
Does the Database Engine have the latest service pack applied?

Tip Production environments normally require testing before applying service packs. If testing is not being performed, then automatically installing service packs might be the best choice.

Boolean Field Icon
Have you confirmed that sample databases (such as AdventureWorks2008R2) are not installed on production databases?

Tip Use SQL Server Management Studio to check for the sample databases.