Security Basics mailing list archives

RE: Creating a checklist for SQL Server 2000

From: "Warren Camp" <wcamp () cox net>
Date: Thu, 22 Feb 2007 22:41:23 -0500

Yes, you are on the right track, where possible use Windows and not SQL
security for access control. MS is expecting everyone to authenticate via
the OS and is not updating these functions in SQL. In addition, for good
segregation of duties you want the SQL logs directed to the OS logs.
However the audit function is SQL and Windows related and the removal of
unnecessary services are SQL specific. 


Warren V. Camp, CPA, CISA, MS, MBA
Warren V. Camp, CPA, LLC
Better Ideas for IT Risk & Security Mgt. and Compliance 
SOX, HIPAA, NIST, GCC

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Pranav Lal
Sent: Thursday, February 22, 2007 5:51 AM
To: security-basics () securityfocus com
Subject: Creating a checklist for SQL Server 2000

Hi all,

I have been asked to get a checklist for SQL server 2000. I have found
material at the following locations; http://www.nsa.gov/snac/db/mssql_2k.pdf
http://msdn2.microsoft.com/en-us/library/aa302337.aspx
http://www.sans.org/reading_room/whitepapers/application/1273.php?portal=332
3855d672e12e0e1e53f32fb3f15af

I find that SQL server security is highly integrated with the operating
system so a separate SQL server 2000 only checklist is almost meaningless.
Am I on the right track? The problem is that the client wants to see a
"checklist" and consequently so does my boss.
So, are there any checklists out there or do I have to carry out some kind
of rephrasing exercise on material from the above links?

Pranav

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your enterprise
with BigFix, the single converged IT security and operations engine. BigFix
enables continuous discovery, assessment, remediation, and enforcement for
complex and distributed IT environments in real-time from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNe
xt/
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Current thread:

Creating a checklist for SQL Server 2000 Pranav Lal (Feb 22)
- RE: Creating a checklist for SQL Server 2000 Warren Camp (Feb 23)
- <Possible follow-ups>
- Re: Creating a checklist for SQL Server 2000 Justin Ross (Feb 23)