Cari Blog Ini

17 Oktober 2012

Measurers to Reduce or Handle Security Threats In SQL Server

The following measures will help you reduce or handle security threats:

A. Confidentially

* Do not use the Password option of the Backup statement:
The password option of the backup statement
provides weak protection and does not prevent reading of the data.
The password option is also deprecated and will be removed in future releases of SQL Server.

* When using the file system for backups, grant file and folder
access to the SQL Service account and DBA only.
The SQL Service account will require Read and Write access to the folder or shared folder
and the DBA will required Full Control and should be the owner of the folder.
Restring access to the backup files
will prevent users from copying the files and restore them in a server
where they have administrative rights.

* Consider establishing an Auditing Policy on the Backup Folder.
Enabling file access auditing to the Backup Folder will monitor user access to the backups.

* After the database is back up in a file or files,
compress and encrypt the files
before moving the contents to tape backups or other forms of long term storage.
Encrypting the backup files
will help you protect the confidentiality of the information
if somebody gains physical access to the media.

* Physically secure backup media.
Do not rely only on encryption to secure the media,
make sure that the media is always physically secure
to avoid someone to copy the media,
and use brute force attacks to decrypt the file
and eventually restore the database in another server.

* Sanitize the backup media before disposal.
Do not throw tape media in the trash,
unless you are absolutely certain that the data has been erased.
Deleting the files or overwriting the files may not be enough.
Consider the use of specialized software or magnetic methods to erase the information.


Source:
Ebook: Best Practices For Backup And Restore In SQL Server 2005
By Javier Loria, Courtesy of DELL
Page 8