You can find the SQL Server Surface Area Configuration tool in the Configuration
Tools submenu under Microsoft SQL Server 2005 on the Start menu. When you launch
the tool, it's pointed at localhost, but you can also use the tool to configure
remote installations of SQL Server 2005. In the tool, you can choose either
Surface Area Configuration for Services and Connections or Surface
Area Configuration for Features. The former allows you to view the installed
SQL Server 2005 services and their configuration either by instance or by component
(see Figure 1). The latter allows
you to view specific features that have security implications and enable or
disable each (see Figure 2). The
SQL Server Surface Area Configuration tool is the preferred means to make security-related
adjustments to your SQL Server 2005 configuration.
8. Encrypt Traffic Between the Database Server and Database
Clients
To address the network aspect of the defense-in-depth model, you must secure
communications between the database server and applications. By default, communications
between a database client and the database server are sent in clear text, and
anyone with a network monitor can eavesdrop and gain access to potentially sensitive
information. SQL Server 2005 supports the use of Secure Sockets Layer (SSL)
to both encrypt traffic between the client and the server and guarantee the
identity of the server, which helps mitigate the risk of man-in-the-middle attacks.
To secure communications with SSL, you must obtain a certificate from an enterprise
public key infrastructure (PKI) built with Microsoft's Certificate Services
or from a third-party vendor such as VeriSign. The SSL certificate should contain
the host name or Fully Qualified Domain Name (FQDN) of the database server or
cluster as appropriate and should be in the local computer certificate store
if SQL Server 2005 is running in the LocalSystem context; otherwise, the certificate
should be in the certificate store for the account under which the SQL Server
database service runs.
Once the certificate is installed, launch SQL Server Configuration Manager,
expand the SQL Server 2005 Network Configuration node, right-click the Protocols
subnode, and select Properties. On the Certificate tab, select the correct certificate
from the Certificate drop-down list (see Figure
3). On the Flags tab, under General, select Force Encryption and change
the value to Yes by selecting it from the drop-down list. Once you've configured
SQL Server 2005 to use the certificate, you need to stop and restart SQL Server
2005 for the changes to take effect.
A second means for encrypting traffic between a database client and the database
server is IPsec. The benefit of IPsec is that it doesn't require any configuration
of SQL Server 2005, and it can be used to secure all traffic (not just SQL Server
2005 traffic) and to restrict access to the database server to only other domain-joined
systems. For more details about isolating your SQL Server 2005 system by using
IPsec, visit http://www.microsoft.com/sdisolation.
9. Configure Login Privileges and Server Roles
The next step in securing SQL Server 2005 is to configure login rights and server
roles. For example, by default, members of the local Administrators group are
granted login privileges. They're also granted membership in the sysadmin role,
which gives them nearly unrestricted access to both the database server and
the databases it manages. Members of the SYSTEM group, which represents the
OS, also have sysadmin membership.
In most environments this access isn't an issue, but in some, it might not
be desirable to allow system administrators access to the database server and
databases in this way. You might instead want to grant named user accounts sysadmin
role membership and deny Administrators and SYSTEM the sysadmin role. This is
especially true if you're running multiple instances of SQL Server 2005 on one
system, such as in a hosting environment.
By extension, when planning which databases will be hosted on a SQL Server
2005 instance, you should ensure that only the minimum permissions required
be granted to users to access the databases for SELECT, INSERT, UPDATE, and
DELETE operations, and to execute stored procedures. SQL Server 2005 supports
a more fine-grained approach to security than SQL Server 2000, so you can apply
more granular rights, including to users who perform maintenance functions.
10 Encrypt the Databases
The last step in securing your SQL Server 2005 system is protecting the data
within your database files when SQL Server 2005 and the host OS aren't running.
This step, which addresses the data aspect of the defense-in-depth model, encrypts
the databases.
There are a number of approaches to encryption in SQL Server 2005, including
support for encryption within the databases themselves. The simplest approach,
however, where the main concern is one of stolen disks, backup tapes, or laptops,
is to use Windows' Encrypting File System (EFS). SQL Server 2005 databases can
be encrypted by using EFS and still be useable by the database server.
To encrypt databases with EFS, you must log on interactively to the database
server by using the credentials that SQL Server runs under and encrypt the database
and transaction log files by using Windows Explorer or the cipher.exe command-line
utility. This means that SQL Server must run under a named user account, not
under the LocalSystem account or one of its derivatives (LocalService or NetworkService).
If you do choose to use EFS to encrypt database and transaction log files, I
recommend that you ensure that a named Data Recovery Agent is configured so
that the databases can be recovered if, for whatever reason, the service account
is locked out or deleted.
Note that using EFS to encrypt a SQL Server database will slow performance
somewhat, but not as much as you might expect. On a suitably equipped server,
you shouldn't encounter problems unless the database is heavily used. The performance
hit is usually negligible on desktop and laptop systems, and the security that
comes with EFS would easily outweigh any slight slowdown, especially on laptops
containing customers' personal information.
Prev. page
1
2
[3]
4
next page 
