Designing Network Security to Secure Your Database System


SQL Server 2005 is the first SQL Server version developed under the Microsoft Trustworthy Computing initiative. One of the principles of the Trustworthy Computing initiative is the Secure by Default principle. In implementing this principle, SQL Server 2005 disables some network options in order to keep your SQL Server environment as secure as possible.

Granting Remote Access

SQL Server is a database management system designed to run on a server, accepting connections from remote users and applications. It is possible to connect locally to SQL Server from the same computer on which SQL Server is running, but production database systems typically don't use this feature. Therefore, it is important to configure SQL Server appropriately to accept secured connections from remote computers.

To access a SQL Server instance remotely, you need a network protocol to establish the connection. Activate only the protocols you want to use to avoid wasting system resources.

The default installation of SQL Server leaves many features disabled to reduce the attackable surface area of the database system. For example, SQL Server 2005 does not allow remote connections by default (except in the Enterprise version), so you should use the SQL Server Surface Area Configuration tool to enable remote connections, as shown in Figure 2-1.

Figure 2-1. SQL Server Surface Area Configuration tool for services and connections.


You can accomplish this task by following the procedure below.

Enabling Remote Connections

1.

From the Start Menu, select All Programs | Microsoft SQL Server 2005 | Configuration Tools | SQL Server Surface Area Configuration.

2.

Under the heading Configure Surface Area For Localhost at the bottom of the window, click the Surface Area Configuration For Services And Connections item.

3.

The left side of the resulting window displays a list of components for configuration. In this list, expand the Database Engine icon and click the Remote Connections item.

4.

Select the Local And Remote Connections option, then select a protocol option.

You can enable remote connections using the TCP/IP or Named Pipes network protocols. TCP/IP is the recommended protocol due to security and performance considerations.

Securing External Access

Database servers should be well protected from unauthorized external access due to the critical information they store. SQL Server should never be accessible directly from the Internet. If you need to provide SQL Server access to Internet users or applications, you should ensure that your network environment provides a protection mechanism, such as a firewall or IDS (Intrusion Detection System).

More Info

SQL Server allows connections using different endpoint types. You will learn about endpoints in Chapter 9, "Reading SQL Server Data from the Internet."





Solid Quality Learning - Microsoft SQL Server 2005. Applied Techniques Step by Step
Microsoft SQL Server 2005: Applied Techniques Step by Step (Pro-Step by Step Developer)
ISBN: 0735623163
EAN: 2147483647
Year: 2006
Pages: 115

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net