SQL Server 2005 Security in Depth
SQL Server 2005 contains great security features and tools, but enterprises
can still be at risk if you don't install and configuring the database server
correctly. The 10 steps I outlined here are practical, easy to follow, and will
significantly reduce exposure to risk by addressing key areas of concern when
installing and running SQL Server 2005.
You can read more about the defense-in-depth approach on which I've based this
article at http://www.microsoft.com/technet/security/bestprac/overview.mspx.
This overview also contains a link to Improving Web Application Security, "Chapter
18: Securing Your Database Server," which discusses securing SQL Server
2000. Much of the advice in the chapter is valid for all versions of SQL Server
and is good background reading for SQL Server 2005 users, but the chapter doesn't
include advice specific to SQL Server 2005.