Heres the real basics, how to stop up all the little holes, at the very least you should:
- NEVER leave the sa passwd blank!
- Using Integrated security - to enforce passwd policies such as min length and reuse.
- Abstract the users - a level by only allowing stored procedures to access tables.
- Use views - to further abstract the users if possible.
- Use only Integrated Security and Named Pipes where ever possible.
- Avoid TCP/IP - if at all possible.
- Disable stored procedures - such as xp_cmdshell.
- Learn the difference - between logins and users and remove as many rights from guest as possible.
- Enforce - a security policy and audit levels.
- Change the default database - from master to something else.
Copyright ) 1998-99 G.h.van den Berg. All rights reserved.
These pages may not be resold or redistributed without prior written permission from Guy van den Berg