Welcome

Passionately curious about Data, Databases and Systems Complexity. Data is ubiquitous, the database universe is dichotomous (structured and unstructured), expanding and complex. Find my Database Research at SQLToolkit.co.uk

"The important thing is not to stop questioning. Curiosity has its own reason for existing" Einstein



Wednesday, 6 May 2009

SQL Server Surface Area Configuration for Feature

Security configuration settings should only be enabled if you need to use the security feature. You should follow the principal of least privilege, which states that a system can be made more secure by granting a user or process only those privileges it requires.
  • Ad Hoc Remote Queries - Disabled
  • CLR Integration - Disabled. For use with .NET Assemblies on your SQL Server.
  • DAC - Disabled. For Database Administrators connection.
  • Database Mail - Enabled for SQL Server Agent alerting on jobs and sending emails from SQL Server
  • Native XML Web Services - This would only have an option if you've configured it manually. If so, consider transitioning to a web service written in .NET deployed on IIS due to the deprecation in SQL Server 2008.
  • OLE Autmation - Disabled.
  • Service Broker - Disabled.
  • SQL Mail - Disabled as Database Mail is the new version for SQL Mail.
  • Web Assistant - Disabled.
  • xp_cmdshell - Disabled.
Advanced option can be changed through the graphical interface or by script

-- To enable xp_cmdshell
EXEC sp_configure 'show advanced options', 1;
GO
-- To update the currently configured value for -- advanced options
RECONFIGURE;
GO
-- To disable xp_cmdshell
EXEC sp_configure 'xp_cmdshell', 0;
GO
-- To update the currently configured value for this -- feature
RECONFIGURE;
GO

No comments:

Post a Comment

Note: only a member of this blog may post a comment.