Securing Your SQL Servers, What Should You Audit?

Securing and protecting your SQL Servers from the ever present threats of data breaches, ransomware, and even accidental data losses due to errant code or faulty systems is crucial. It’s one of the core responsibilities of a DBA.

It would be great if there was a one-size fits all approach to data protection – one system that would keep the bad guys out, the good guys within the guardrails, and Murphy’s Law safely neutralized. But, of course, the truth is that it is not that simple.

Securing and protecting your SQL Servers

In April 2020 The Motley Fool reported that Garmin paid $10M for a decryption key. When Baltimore was hit with ransomware, it cost the city an estimated 18.2M. Breaches are a lucrative business for hackers.

Keeping your data assets secure requires a multi-layered approach. Hardening your SQL Servers is a key part of that approach. So, what should you examine to help keep your SQL Servers Secure?

Securing your SQL Server environment

To help protect your SQL Servers and secure your data, we recommend reviewing the following:

1. Physical Security. Limit physical and/or logical access to your SQL Servers.
2. Operating System Security. Ensure that the Windows or Linux operating systems are secure and patched.
3. Patch. Cumulative Updates and other patches should be applied not only for performance reasons, but for security updates as well.
4. Services Accounts. Verify that the SQL Server service accounts have adequate restrictions, are not of Domain Admins, and change regularly. Consider using Group Managed Service Accounts when possible.
5. SQL Server Configuration Options. Limit configuration options such as CLR, Ole Automation, and xp_cmdshell on your systems. Don’t install any unneeded components such as SQL Server Reporting Services, or SQL Server Integration Services.
6. Encryption. Consider encryption; data lost due to bypassed security controls may be useless if encrypted.

Auditing your SQL Servers

On a regular basis, audit the following:

1. Roles and Permissions. Assess server level and database level role membership. Limit membership in the sysadmin role.
2. Authentication. Use Windows Authentication where possible and enable Password Policies for SQL Server Logins. Enable failed login auditing.
3. Strong sa Password. Ensure that the password used for the sa login if strong. Change it frequently. Consider even disabling the login.
4. Backup Strategy. Review your backup strategies and regular perform test restores to lower systems, including running integrity checks. Secure your backups.

Consider SQL Audit

To further protect your SQL Servers, consider implementing the built-in SQL Audit to record changes to important security facets such as additions to security role membership, new logins are created, and impersonation operations. If you have questions about SQL Audit, we have some demo scripts available to help you to get started. Feel free to contact us for the scripts.

By reviewing and auditing your SQL Servers, you’ll have a greater sense of confidence that they are protected and secure, and you’ll help to take the guesswork out of managing them.

Other Considerations

Keeping your data protected and available is much broader than just the security aspect. You’ll want to also look at High Availability and Disaster Recovery options,

Here are some other post that may help.

• High Availability and Disaster Recovery in SQL Server
• Protect Your SQL Server from MrbMiner and Other Malware Attacks
• How to Create SQL Server 2019 Failover Clustered Instances in Azure
• Is There an Update for My SQL Server?
• Is My SQL Server Configured Properly?

Want to work with The Sero Group?

Want to learn more about how SERO Group helps organizations take the guesswork out of managing their SQL Servers? It’s easy and there is no obligation. 

Schedule a call with us to get started.