Re: Database Protection

From: Tim (Tim_at_NoSpam.com)
Date: 06/17/04 

Date: Thu, 17 Jun 2004 11:45:14 +1200

John,

Configure the SQL Server service to run under a specific specially
configured account,
Give that account only permissions to the folder(s) containing the database
files,
Make sure you implement filestore security correctly,
Ensure that if backups are stored online they are stored in a similarly
secured location.
Ensure that Backup Operators have restricted privilege & that the Admin
account is not used for backups by a Person,
Keep backup tapes in a fireproof and secure safe (a fireproof safe is not
necessarily secure).
Ensure that Administrator accounts are not used or available for use for any
normal operation.
(By default the Administrator is also the 'sa' = big cheese).
Set the SQL Server (and related) service to start automatically *always*
except during emergency procedures.
This will result in the database files always being open exclusively by the
SQL Server process so no file level copying will normally succeed.

Ensure that all the databases within the SQL Server system are NOT set to
AutoClose - if a database is set to autoclose (a dumb idea most of the time)
then when the last user disconnects from the database SQL Server will close
the database so a file copy would be possible.

Control of Admin accounts with good physical security will get you a long
way.

- Tim

"John Barwell" <johnbarwell@msmdirect.co.uk> wrote in message
news:CCEzc.15517$NK4.2491979@stones.force9.net...
> Dear All,
>
> I run a win2k domain. We will be bringing a bespoke SQL database system on
> board in a few weeks. I want to ensure the integratity of this database by
> putting some security measures in place. I have concerns that individuals
> may try to take the database to a competitor by copying it on to CD or
> sending it through email. I would like to put something in place that will
> make the database useless if it goes outside my domain. Has anyone got any
> ideas? Encryption?
>
> Many Thanks,
>
>
> John
>
>

Relevant Pages

  • Re: Advice Requested : Disaster Recovery with 2 Drives (No Raid) with SQL Server 2008
    ... so we need frequent copies of the database for testing, ... Which drive for logfile backups? ... Why are you using Enterprise edition of SQL Server if you only have Std ... drives with no Raid. ...
    (microsoft.public.sqlserver.programming)
  • RE: Problems with WebParts
    ... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: DTS Package fails when Scheduled
    ... Apparently I was unable to pass on the database password when runninig the ... Make sure SQL Server Agent account has the correct rights/permissions. ... scheduled job under this context, I still received the error, even though I ...
    (microsoft.public.sqlserver.dts)
  • Problems with WebParts
    ... The connection string specifies a local SQL Server Express instance using a ... database location within the applications App_Data directory. ... server account must have read and write access to the applications directory. ... logged-in user needs the dbcreator privilege in the appropriate SQL Server ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: sa password was inadvertently changed. With a kicker...
    ... Use some other account that the client has (any domain admin should have ... Did around there install package, and see if the sql script that changed ... Put the database files back where they should ... > I have a SQL Server 7 Standard edition server running in a ...
    (microsoft.public.sqlserver.security)