{"id":904,"date":"2009-04-03T07:35:00","date_gmt":"2009-04-03T07:35:00","guid":{"rendered":"\/blogs\/paul\/post\/TechNet-Magazine-feature-article-on-Common-SQL-Server-Security-Issues-and-Solutions.aspx"},"modified":"2017-04-13T11:41:55","modified_gmt":"2017-04-13T18:41:55","slug":"technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions","status":"publish","type":"post","link":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/","title":{"rendered":"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions"},"content":{"rendered":"<p>\n<font face=\"verdana,geneva\" size=\"2\">The May 2009 TechNet Magazine is now <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/dd637737.aspx\">available online<\/a>, and it&#39;s the annual security issue. In there is an article I wrote highlighting 10 common security issues (and solutions) you should worry about if you&#39;re not a security-savvy DBA. It covers:<\/font>\n<\/p>\n<ul>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Physical security<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Network security<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Attach surface minimzation<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Service accounts<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Restricting use of administrator privileges<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Authentication<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Authorization<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">SQL injection<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Disaster recovery<\/font>\n\t<\/div>\n<\/li>\n<li>\n<div>\n\t<font face=\"verdana,geneva\" size=\"2\">Auditing<\/font>\n\t<\/div>\n<\/li>\n<\/ul>\n<p>\n<font face=\"verdana,geneva\" size=\"2\">There are also two screencasts of me demonstrating Transparent Data Encryption and SQL Server Audit, both in SQL Server 2008.&nbsp;<\/font>\n<\/p>\n<p>\n<font face=\"verdana,geneva\" size=\"2\">To quote myself from the end of the article:<\/font>\n<\/p>\n<blockquote>\n<p>\n\t<font face=\"verdana,geneva\" size=\"2\"><em>As far as takeaways from this article are concerned, I want you to realize that there are some steps you need to go through to ensure the data you are storing in SQL Server is as secure as you need it to be. This is especially important when you inherit a SQL Server instance that someone else has been managing. It&#39;s just like buying a house from someone&mdash;you need to ask if the alarm works, if the yard is fenced in, and who has copies of the keys. Running through the list I&#39;ve given in this article is a good start, but make sure you dig deeper in areas that are relevant to you.<\/em><\/font>\n\t<\/p>\n<\/blockquote>\n<p>\n<font face=\"verdana,geneva\" size=\"2\">Check it out at <\/font><a href=\"https:\/\/technet.microsoft.com\/en-us\/magazine\/2009.05.sql.aspx\"><font face=\"verdana,geneva\" size=\"2\">http:\/\/technet.microsoft.com\/en-us\/magazine\/2009.05.sql.aspx<\/font><\/a><font face=\"verdana,geneva\" size=\"2\">.<\/font>\n<\/p>\n<p>\n<font face=\"verdana,geneva\" size=\"2\">Enjoy!<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The May 2009 TechNet Magazine is now available online, and it&#39;s the annual security issue. In there is an article I wrote highlighting 10 common security issues (and solutions) you should worry about if you&#39;re not a security-savvy DBA. It covers: Physical security Network security Attach surface minimzation Service accounts Restricting use of administrator privileges [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37,52,79,86,92,95],"tags":[],"class_list":["post-904","post","type-post","status-publish","format-standard","hentry","category-encryption","category-involuntary-dba","category-security","category-sql-server-2008","category-technet-magazine","category-tools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions - Paul S. Randal<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions - Paul S. Randal\" \/>\n<meta property=\"og:description\" content=\"The May 2009 TechNet Magazine is now available online, and it&#039;s the annual security issue. In there is an article I wrote highlighting 10 common security issues (and solutions) you should worry about if you&#039;re not a security-savvy DBA. It covers: Physical security Network security Attach surface minimzation Service accounts Restricting use of administrator privileges [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/\" \/>\n<meta property=\"og:site_name\" content=\"Paul S. Randal\" \/>\n<meta property=\"article:published_time\" content=\"2009-04-03T07:35:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-04-13T18:41:55+00:00\" \/>\n<meta name=\"author\" content=\"Paul Randal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Randal\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/\",\"name\":\"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions - Paul S. Randal\",\"isPartOf\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/#website\"},\"datePublished\":\"2009-04-03T07:35:00+00:00\",\"dateModified\":\"2017-04-13T18:41:55+00:00\",\"author\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/#\/schema\/person\/ffcec826c18782e1e0adf173826a7fce\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/#website\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/\",\"name\":\"Paul S. Randal\",\"description\":\"In Recovery...\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/#\/schema\/person\/ffcec826c18782e1e0adf173826a7fce\",\"name\":\"Paul Randal\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0b6a266bba2f088f2551ef529293001bd73bf026bc1908b9866728c062beeeb6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0b6a266bba2f088f2551ef529293001bd73bf026bc1908b9866728c062beeeb6?s=96&d=mm&r=g\",\"caption\":\"Paul Randal\"},\"sameAs\":[\"http:\/\/3.209.169.194\/blogs\/paul\"],\"url\":\"https:\/\/www.sqlskills.com\/blogs\/paul\/author\/paul\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions - Paul S. Randal","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/","og_locale":"en_US","og_type":"article","og_title":"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions - Paul S. Randal","og_description":"The May 2009 TechNet Magazine is now available online, and it&#39;s the annual security issue. In there is an article I wrote highlighting 10 common security issues (and solutions) you should worry about if you&#39;re not a security-savvy DBA. It covers: Physical security Network security Attach surface minimzation Service accounts Restricting use of administrator privileges [&hellip;]","og_url":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/","og_site_name":"Paul S. Randal","article_published_time":"2009-04-03T07:35:00+00:00","article_modified_time":"2017-04-13T18:41:55+00:00","author":"Paul Randal","twitter_misc":{"Written by":"Paul Randal","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/","url":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/","name":"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions - Paul S. Randal","isPartOf":{"@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/#website"},"datePublished":"2009-04-03T07:35:00+00:00","dateModified":"2017-04-13T18:41:55+00:00","author":{"@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/#\/schema\/person\/ffcec826c18782e1e0adf173826a7fce"},"breadcrumb":{"@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/technet-magazine-feature-article-on-common-sql-server-security-issues-and-solutions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sqlskills.com\/blogs\/paul\/"},{"@type":"ListItem","position":2,"name":"TechNet Magazine: feature article on Common SQL Server Security Issues and Solutions"}]},{"@type":"WebSite","@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/#website","url":"https:\/\/www.sqlskills.com\/blogs\/paul\/","name":"Paul S. Randal","description":"In Recovery...","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sqlskills.com\/blogs\/paul\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/#\/schema\/person\/ffcec826c18782e1e0adf173826a7fce","name":"Paul Randal","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sqlskills.com\/blogs\/paul\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0b6a266bba2f088f2551ef529293001bd73bf026bc1908b9866728c062beeeb6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0b6a266bba2f088f2551ef529293001bd73bf026bc1908b9866728c062beeeb6?s=96&d=mm&r=g","caption":"Paul Randal"},"sameAs":["http:\/\/3.209.169.194\/blogs\/paul"],"url":"https:\/\/www.sqlskills.com\/blogs\/paul\/author\/paul\/"}]}},"_links":{"self":[{"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/posts\/904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/comments?post=904"}],"version-history":[{"count":0,"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/posts\/904\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/media?parent=904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/categories?post=904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/paul\/wp-json\/wp\/v2\/tags?post=904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}