RE: Creating a checklist for SQL Server 2000
- From: "Warren Camp" <wcamp@xxxxxxx>
- Date: Thu, 22 Feb 2007 22:41:23 -0500
Yes, you are on the right track, where possible use Windows and not SQL
security for access control. MS is expecting everyone to authenticate via
the OS and is not updating these functions in SQL. In addition, for good
segregation of duties you want the SQL logs directed to the OS logs.
However the audit function is SQL and Windows related and the removal of
unnecessary services are SQL specific.
Warren V. Camp, CPA, CISA, MS, MBA
Warren V. Camp, CPA, LLC
Better Ideas for IT Risk & Security Mgt. and Compliance
SOX, HIPAA, NIST, GCC
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Pranav Lal
Sent: Thursday, February 22, 2007 5:51 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Creating a checklist for SQL Server 2000
Hi all,
I have been asked to get a checklist for SQL server 2000. I have found
material at the following locations; http://www.nsa.gov/snac/db/mssql_2k.pdf
http://msdn2.microsoft.com/en-us/library/aa302337.aspx
http://www.sans.org/reading_room/whitepapers/application/1273.php?portal=332
3855d672e12e0e1e53f32fb3f15af
I find that SQL server security is highly integrated with the operating
system so a separate SQL server 2000 only checklist is almost meaningless.
Am I on the right track? The problem is that the client wants to see a
"checklist" and consequently so does my boss.
So, are there any checklists out there or do I have to carry out some kind
of rephrasing exercise on material from the above links?
Pranav
---------------------------------------------------------------------------
This list is sponsored by: BigFix
If your IT fails, you're out of business - or worse. Arm your enterprise
with BigFix, the single converged IT security and operations engine. BigFix
enables continuous discovery, assessment, remediation, and enforcement for
complex and distributed IT environments in real-time from a single console.
Think what's next. Think BigFix.
http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNe
xt/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: BigFix
If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.
http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------
- References:
- Creating a checklist for SQL Server 2000
- From: Pranav Lal
- Creating a checklist for SQL Server 2000
- Prev by Date: Re: Re: Overwriting an uninitialized local variable in PHP
- Next by Date: Re: General question
- Previous by thread: Creating a checklist for SQL Server 2000
- Next by thread: Re: Creating a checklist for SQL Server 2000
- Index(es):
Relevant Pages
|
