OWASP Backend Security Project SQLServer Hardening

= Overview = In this section there are some best practices concerning the security of SQL Server 2005. The operating system under SQL Server is Windows Server 2003.

= Description =

Installation of the Engine
The prerequisites for the installation are:
 * .NET Framework 2.0
 * Microsoft SQL Native Client
 * Microsoft SQL Server 2005 Setup Support Files.

The installation consist of a large amount of services that are shortly descripted: During the installation the thing to remind is that from a security point of view, only what is strictly needed must be installed. To install a tipycal minimal configuration, the SQL Server Database Services and some Client Components (Connectivity components and Management Tools) can be installed.
 * SQL Server Database Services (install SQL Server database engine and tools for managing relational and XML data, replication and full text search)
 * Analysis Services (install analysis services and tools used to support online analytical procession OLAP and data mining. Install also Integration Services)
 * Notification Services (installs notification services a platform for developing and deploying applications that send personalized, timely notifications to a variety of devices or applications)
 * Integration Services (install a set of tools and programmable objects for creating and managing packages that extract, transofrm and load data, as well perform task)
 * Client Components (install management tools, development tools and legacy components)
 * Documentation, samples and sample databases (installs books online documentation, sample databases and sample applications for all sql 2005 components)

Services
In SQL Server every service can run under a particular Windows account. The choices for the service's accounts are:

• Local user that is not a Windows administrator • Domain user that is not a Windows administrator • Local Service account • Network Service account • Local System account • Local user that is a Windows administrator • Domain user that is a Windows administrator

Asymmetric with certificate
= References =