About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

Common checklist in case if you need to install SQl Server in high security mode.


Common checklist in case we need to install SQL Server in high  safety & security mode. 




Physical Security
-------------------------
Limit the number of employees who have access to the physical hardware.
Store the backup media at a secure offsite location
Configure alerts for hardware warnings
  Operating System Security
Install all service packs and critical fixes for Windows
Configure a firewall
Limit the number of employees who have Windows Administrator access on the SQL Server.
  SQL Server Installation
Install only the required components.
Install all service packs and critical fixes for SQL Server.
Disable unnecessary features and services.
Disable the unused SQL Server protocols
Change the default SQL Server ports.
Hide the SQL Server instance and/or turn off the SQL Server Browser Service
Restrict the access to the SQL Server configuration and database file
Restrict the access to the SQL Server backup folders.
  Use Transparent Data Encryption for all user database
   Enable TLS 1.2 at OS level and patch SQL Server & SQL Native client & ODBC drivers to TLS1.2 level
Enable SSL certificate on the DB Server level with use of  custom certificate from Certificate Authority company and force encryption at SQL Server network configuration & force protocol encryption & trust server certificate at sql server Native client 10.0 or 11.0 Configuration properties.

    Create only the required databases.
------------------------------------------------------------
       Run the SQL Server Best Practice Analyzer to verify your installation.
       Revoke execute rights to 'PUBLIC' on extended stored procedures.
       Disable the xp_cmdshell option
       User Accounts
       Rename and disable the SA account if your applications allow it.
       Remove the BUILTIN\Administrators group from the SQL Server Logins.
       Use Windows Authentication mode.
       Every administrator should have a named login, shared logins should not be allowed.
       All accounts for named user access should be controlled by Active Directory.
       Use service accounts for applications.
       Configure service accounts with the least privileges
       The user privileges should be minimized.
       All administrator accounts should have a complex password and password change should be enforced.
      Configure SQL Server login auditing to log both failed and successful logins using server audit specification


Protecting SQL Server from Ransomware


Database Level

  1. Always Encrypted
  2. Database Masking
  3. Row level Security



Labels: ,