Security TIPS for Harden SQL Server 2008

Thursday, November 19, 2009 |

Hardening SQL Server is really one of the challenging jobs in the field of SQL Server. It is not at all possible to cover it in one article rather one dedicated book should be there. Even, I am trying to give some important tricks as a first steps.

There are two types of authentication available in SQL Server.
1.)    Windows Authentication
2.)    SQL Server Authentication (Mix Mode)

As long as possible, try to keep Windows authentication so that you can take advantage of your Active Directory and all users and account govern by the Active Directory itself. You can even use multiple password policy which is available in Windows Server 2008. You can have additional level of protection with Kerberos

If, due to any reason, you have to use SQL Server authentication, do keep offer password and lockout policy. Generally SQL Server authentication is needed to support legacy application/client.

Securing your SA account
SA account by default comes up with full privileges. You shouldn’t use SA for regular Admin task. Don’t forget to enforce a strong password with combination of uppercase and lowercase with numbers and non alphanumeric characters.

Security Patches
You should always keep your server updated with latest service packs and security patches. Do apply it first on staging server before applying it to live server and do keep a backup of live server before applying these patches.

Apart from these tips, you can use two free utility provided by Microsoft to check your server whether it is on risk or not. You can look those two utility from my past articles MBSA and BPA.

Reference: Ritesh Shah
Note: Microsoft Books online is a default reference of all articles but examples and explanations prepared by Ritesh Shah, founder of