Murphy_Assignment3

docx

School

American Military University *

*We aren’t endorsed by this school

Course

290

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

4

Uploaded by SuperSalmon3533

Report
Week 3 Assignment Jared Murphy ISSC290 9/24/2023
Using the Internet as a resource, develop a security checklist for an SQL Server. Security should always be the most important thing when it comes to anything in IT, SQL servers are included in this as well. Here is a checklist of best practices to utilize to ensure security. Isolate the server – The last thing you would want is for an application or service compromising your server! Simply putting the SQL server in a RESTRICTED network segment can help ensure protection. (DNSstuff, 2020) Keeping it lean – “Keeping it lean” is referring to only installing the NECESSARY serviced and software and doing your best to avoid enabling any addition features or applications, doing so will mitigate the opportunities bad actors would have to exploit their way into your precious server. If the security professional were to perform a test, please do so in a development environment, NOT IN A PRODUCTION ENVIRONMENT!!! When there is a default instance of the server, turning off “SQL Server Browser” would allow bad actors to gain knowledge of said server’s resources. SQL Server Browser is used by admins to discover database instances all over the network, it is handy but be careful. (DNSstuff, 2020) Update regularly – As with anything IT related, its tools and apps should be updated regularly and often. When an update is released, it could eliminate potential newfound vulnerabilities within itself, prolonging this updating process could be detrimental to precious resources. Create a regular patching schedule so that it is an ongoing part of the day and is just another important part of the day, it should not be overlooked. (DNSstuff, 2020) The security professional could use sqlserverbuilds.blogspot.com/ to look at the latest patch or latest version of SQL to ensure it is up to date. (Seis, 2022) Restrictions and security policy – Right from the start, MySQL will run under a dedicated account with minimal permissions for dealing with the rest of the server at hand. With Windows install, SQL server is often ran as admin, allowing full access, this is not exactly what you would want and is not necessary. The server should be ran on a local account so that it does not have admin rights, which could compromise the entirety of the network. Restricting specific IP’s would help as well! Restricting access to the server itself would help as well, allow a server and
block all other database ports at a time. Following the principle of least privilege with assigned accounts is a go to as well, this should be done on just about anything a security professional deals with. (DNSstuff, 2020) Login management – Implement a system which would require strong passwords! Security auditing is a big part of this as well! Give a maximum limit of tries to log into an account before it is locked, when there are more than 4 attempts it could be a bad actor trying to brute force. When offboarding employees make sure that their accounts themselves are disabled and unavailable to the network after termination. (DNSstuff, 2020) Secure backups – A secure backup could be the difference between losing everything or recovering it all with a few simple steps. If ransomware were to be on a pc for example, the only way to get access back to the PC without having to pay the ransom or lose it all, would be to revert to a secure backup, handy huh? Apply protocols to ensure your backups are secure such as restricting access, reviewing, controlling access, and security measures. (DNSstuff, 2020) Injection protection – The security professional should make sure that the databases apps are set up to prevent the incident of an SQL Injection, having tools in place that will scan the event logs and systems regularly. A primary approach they could take would be to set up the server to protect from SQL Injection by using stored procedures with specific parameters that will ONLY accept certain types of code! In the case that an attacker would try to send malicious queries they would not return any useful information in that case. (DNSstuff, 2020) Monitoring – If the security professional follows all steps above, there could still be vulnerabilities and could be at risk of a malicious entry. Setting up a continuous monitoring software would help ensure problems are discovered and fixed ASAP. (DNSstuff, 2020)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References DNSstuff (2020, September 15). SQL Server Security Best Practices . Dnsstuff.com. Retrieved September 24, 2023, from https://www.dnsstuff.com/sql-server-security Seis, D. (2022, April 20). A Simple SQL Server Security Checklist . Straightpathsql.com. Retrieved September 24, 2023, from https://straightpathsql.com/archives/2022/07/a-simple-database-security-checklist/ (DNSstuff, 2020)

Related Documents

Week 8 SAFMEDS Assignment copy.pdf
Week5_SAFMEDS Assignment copy.pdf
Week 8 SAFMEDS Assignment copy.docx
IT-FP2280 Assessment 2.docx
IT FP2280- Assessment 6.docx
Murphy_Lab5_WorkInsideLab.docx
IS320_Week 2 Exercise_IngramJ.docx
IS320_Week 1 Exercise_IngramJ.docx
IS320_Week 2 Assignment_IngramJ.docx
Week2Assgn2_Adams_D.docx
probablity of getting a straight in poker.png
4.4 Guided Practice.camkin1822 (1).docx
Recommended textbooks for you
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
SEE MORE TEXTBOOKS