Security Basics mailing list archives
RE: Creating a checklist for SQL Server 2000
From: "Warren Camp" <wcamp () cox net>
Date: Thu, 22 Feb 2007 22:41:23 -0500
Yes, you are on the right track, where possible use Windows and not SQL security for access control. MS is expecting everyone to authenticate via the OS and is not updating these functions in SQL. In addition, for good segregation of duties you want the SQL logs directed to the OS logs. However the audit function is SQL and Windows related and the removal of unnecessary services are SQL specific. Warren V. Camp, CPA, CISA, MS, MBA Warren V. Camp, CPA, LLC Better Ideas for IT Risk & Security Mgt. and Compliance SOX, HIPAA, NIST, GCC -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Pranav Lal Sent: Thursday, February 22, 2007 5:51 AM To: security-basics () securityfocus com Subject: Creating a checklist for SQL Server 2000 Hi all, I have been asked to get a checklist for SQL server 2000. I have found material at the following locations; http://www.nsa.gov/snac/db/mssql_2k.pdf http://msdn2.microsoft.com/en-us/library/aa302337.aspx http://www.sans.org/reading_room/whitepapers/application/1273.php?portal=332 3855d672e12e0e1e53f32fb3f15af I find that SQL server security is highly integrated with the operating system so a separate SQL server 2000 only checklist is almost meaningless. Am I on the right track? The problem is that the client wants to see a "checklist" and consequently so does my boss. So, are there any checklists out there or do I have to carry out some kind of rephrasing exercise on material from the above links? Pranav --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNe xt/ --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- Creating a checklist for SQL Server 2000 Pranav Lal (Feb 22)
- RE: Creating a checklist for SQL Server 2000 Warren Camp (Feb 23)
- <Possible follow-ups>
- Re: Creating a checklist for SQL Server 2000 Justin Ross (Feb 23)