Q: how to enhance the SQL Server database system security?
A: You can take the following steps:
For the latest service pack
You must ensure you always have the latest service pack. For SQL Server2000, it is sql/downloads/2000/SP3.asp "> SP3a. Remember that service pack is a multiple of; If you apply SP3a, you do not use before the service pack, such as SP3, SP2 or SP1. SP3 is a special service package, once installed, is no longer of any use before the upgrade process, but it is required to install SP1 or SP2 already installed the.
Registered Safety Alert
Although the service pack will help your SQL Server database from many threats, but they quickly run the security issues, such as the worm attacker a bit insufficient. You need to register Microsoft's free security notification service, it will notify you by e-mail you have any invasive security systems and how to resolve them.
Run Microsoft Baseline Security Analyzer (MBSA)
This tool for SQL Server and MSDE2000 Desktop Engine. It can also be networked to use locally. It is with a password, access, access control lists, and registration form to find the problem, and it is to find the missing security package or service pack. You can find information on TechNet.
SA and delete the old password
People often commit a mistake on the security system does not change the administrative password. You could easily ignore the remaining installation files and configuration information, not well-protected authentication information and other sensitive data, which are liable to be attacked. You must delete the old installation files, the same, the use of KILLPWD tool to find out the old password, and delete them.
Monitor Connection
Through connection can tell you who tried to enter the SQL Server, so the database is to ensure the safety monitors join a good way. For a large operation in the SQL Server, may have too many links to data needs monitoring, but monitoring the link that failed is necessary, because they may represent an attempt to enter some of the attempts. You can log on the link that failed Enterprise Manager.
1. Right-click the server, select Properties (Properties).
2. Click on the Security (Security) tab, under Audit Level selection in Failure. 3. Stop and restart the server to get the inspection started.