Heres the real basics, how to stop up all the little holes, at the very least you should:
- NEVER leave the sa passwd blank!
- Using Integrated security – to enforce passwd policies such as min length and reuse.
- Abstract the users – a level by only allowing stored procedures to access tables.
- Use views – to further abstract the users if possible.
- Use only Integrated Security and Named Pipes where ever possible.
- Avoid TCP/IP – if at all possible.
- Disable stored procedures – such as xp_cmdshell.
- Learn the difference – between logins and users and remove as many rights from guest as possible.
- Enforce – a security policy and audit levels.
- Change the default database – from master to something else.
Copyright ) 1998-99 G.h.van den Berg. All rights reserved.
These pages may not be resold or redistributed without prior written permission from Guy van den Berg