SQL Server Magazine

You'll need to pay specific attention to members of the Domain Admins group—those users who have administrative access to all systems (DCs, workstations, and servers) in a domain. In many cases, Domain Admins members will also be database administrators, but in some environments, they won't. You might want to restrict access to database servers for members of Domain Admins. You can do this most simply by removing Domain Admins from the local Administrators group and adding the account names of trusted administrators to this group.

To prevent remote attackers from accessing the server over the network, you should place the server in a secured network segment and use at least one firewall (including the host firewall that comes with Windows Server 2003 Service Pack 1—SP1) or routing rules to deny access to users who don't need to access the server. For users who are permitted access to SQL Server 2005, you should deny access to any services other than SQL Server 2005 that the users don't need to access. Although you hardened the host in step 1, Windows will always have some services running which listen to the network for inbound traffic.

Last in this step, ensure that the server is physically secured. If attackers can gain physical access to the server, they can boot an alternative OS and reset the local Administrator password to log on or they can gain direct access to files on the disks, including database files. Note that if you're running SQL Server 2005 on a laptop, you might never be able to completely address the risk of physical access to the host. In such cases, step 10, below, can help.

4. Create Accounts for SQL Server to Run Under
The last step in preparing for a secure installation of SQL Server 2005 is to create accounts under which SQL Server 2005 services will run. The number of accounts you'll need depends on two factors: the number of SQL Server 2005 features you intend to install and the number of SQL Server 2005 installations in your environment.

Although you can use one account for all SQL Server 2005 services, I recommend that you create an account for each. You'll need at least three accounts: one for the SQL Server database engine, one for the SQL Server Agent, and one for the SQL Server Browser. You'll also need service accounts for Analysis Services and Reporting Services, if you intend to install these components.

I also recommend that you use unique service accounts for each installation of SQL Server 2005 in your environment—that is, create a unique account for each service on each installation. (An exception would be using one database engine service account for a cluster of servers or for servers that replicate data between themselves.)

If you're installing SQL Server 2005 in an environment in which the database engine will never need access to other servers and services across a network, you can use local accounts instead of domain accounts. Regardless of whether you use a domain account or a local account, the account shouldn't have privileges beyond those of an ordinary user—that is, it should be a member of Domain Users or Users only. Make sure that the passwords on the accounts you create are strong, and set up a schedule to change them on a regular basis.

5. Install SQL Server 2005
Once the server has been prepared, you can begin installing SQL Server 2005. Step 5 in securing SQL Server 2005, the careful selection of installation options, addresses the application aspect of the defense-indepth strategy.

The first selection you need to make is which components to install. You should not install components of SQL Server 2005 that you don't need. (Remember, the goal is to minimize the attack surface.) I recommend that when prompted for Components to Install in the Setup wizard, you click Advanced to select not only top-level features but also the individual features of each top-level feature. For example, the Advanced option lets you decide whether to install replication or full-text search features along with the default Database Services. If you're installing a single instance of SQL Server 2005 that won't replicate data to other database servers and if you don't intend to use fast text searching, you can simply omit these features from the installation.

Enter carefully the credentials of each account you created in step 4 for each of the services when prompted. When asked to select an authentication mode, choose Windows Authentication Mode wherever possible. In some situations, you'll have to use Mixed Mode, which permits both Windows Authentication and SQL Server Authentication. If you select Mixed Mode, you must enter a password for the SQL Server systems administrator (sa) account. As with the service accounts you created in step 4, you should ensure that the password is strong and set up a schedule to change it on a regular basis.

6. After SQL Server Installation: Apply SQL Server 2005 Service Packs and Updates
The first post-installation step, which also addresses the application aspect of defense in depth, is the application of all SQL Server 2005 service packs and software updates. At the time of this writing, Microsoft has released a Community Technology Preview (CTP) of SQL Server 2005 SP2.

7. Run the SQL Server Surface Area Configuration Tool
The next step, another application-level one, is to run the SQL Server Surface Area Configuration tool. Although you can launch the tool immediately after you install SQL Server 2005, I recommend that you run it after applying service packs and updates. I also recommend that you run it after you make changes to the configuration of SQL Server 2005 or add or remove components.

Prev. page     1 [2] 3 4     next page