locked
Database Hardening RRS feed

  • Question

  • I am doing a database hardening for one of the project.

    I require some help for SQL server 2000,2005,2008,2008 R2.

    Wednesday, May 29, 2013 12:05 AM

Answers

  • A user have very few default permissions, but there is one permission you can revoke and that is VIEW ANY DATABASE. Then users can not list available databases on the system. They can only see the system databases  and databases they own. They will have to know the names of the database they may access.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    • Proposed as answer by Fanny Liu Wednesday, June 5, 2013 8:49 AM
    • Marked as answer by Fanny Liu Wednesday, June 5, 2013 8:50 AM
    Thursday, May 30, 2013 9:31 PM
  • Hi ,

    As per hardening is concerned ..SQL server is itself hardened and secured in almost all ways( if updated with latest SP)..features which you enable and disable makes you SQL server vulnerable..AS suggested by Saurabh ref to your business requirement and then take steps..If u search on google u can find many doc which which ask u to disable many features but that shud not do good...you have to create your own best practice doc considering your environment...

    Below is link on Social MSDN  which had same discussion

    http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/04623eb1-4fbc-437b-8e6b-d63fad8f8db9


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    • Proposed as answer by Fanny Liu Wednesday, June 5, 2013 8:49 AM
    • Marked as answer by Fanny Liu Wednesday, June 5, 2013 8:50 AM
    Saturday, June 1, 2013 8:14 AM

All replies

  • You can refer to below links,

    http://msdn.microsoft.com/en-us/library/ff648664.aspx

    http://blogs.msdn.com/b/data_otaku/archive/2011/06/21/harden-the-database-server.aspx

    http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/bb6afc6b-5780-490b-9780-9759f66854eb


    Thanks & Regards RAJUKIRAN L Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers.

    Wednesday, May 29, 2013 12:19 AM
  • Hi Kccrga

    Don't for get to search if there is already some documents followed by ur company. Those will be exactly as per ur business requirement.


    Thanks Saurabh Sinha

    http://saurabhsinhainblogs.blogspot.in/

    Please click the Mark as answer button and vote as helpful if this reply solves your problem


    Wednesday, May 29, 2013 4:58 AM
  • Can we restrict INFORMATION_SCHEMA and SYS access to general users?

    Wednesday, May 29, 2013 5:57 AM
  • Try below,

    DENY SELECT On SCHEMA::sys To [user_name]
    DENY SELECT On SCHEMA::INFORMATION_SCHEMA To [user_name]


    Thanks & Regards RAJUKIRAN L Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers.

    Wednesday, May 29, 2013 6:23 AM
  • Can we restrict INFORMATION_SCHEMA and SYS access to general users?

    No. There are APIs that query the catalog views, and you would run into trouble if you tried to keep users out.

    Note that the views in these schemas are locked down by themselves. A user with no permission who queries sys.objects will see the system objects, but no user-defined tables, stored procedures etc.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Wednesday, May 29, 2013 9:41 PM
  • Is there any system views which can be restricted from normal users for SQL hardening?

    Wednesday, May 29, 2013 10:41 PM
  • A user have very few default permissions, but there is one permission you can revoke and that is VIEW ANY DATABASE. Then users can not list available databases on the system. They can only see the system databases  and databases they own. They will have to know the names of the database they may access.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    • Proposed as answer by Fanny Liu Wednesday, June 5, 2013 8:49 AM
    • Marked as answer by Fanny Liu Wednesday, June 5, 2013 8:50 AM
    Thursday, May 30, 2013 9:31 PM
  • Hi ,

    As per hardening is concerned ..SQL server is itself hardened and secured in almost all ways( if updated with latest SP)..features which you enable and disable makes you SQL server vulnerable..AS suggested by Saurabh ref to your business requirement and then take steps..If u search on google u can find many doc which which ask u to disable many features but that shud not do good...you have to create your own best practice doc considering your environment...

    Below is link on Social MSDN  which had same discussion

    http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/04623eb1-4fbc-437b-8e6b-d63fad8f8db9


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    • Proposed as answer by Fanny Liu Wednesday, June 5, 2013 8:49 AM
    • Marked as answer by Fanny Liu Wednesday, June 5, 2013 8:50 AM
    Saturday, June 1, 2013 8:14 AM