Continuing on from part 1, we will look other benchmark settings that will help to reduce the surface area of attack. Continue reading →

(If you excuse the pun), everyone has a different view on Extended Stored Procedures:

• Some might say they are stored procedures with extra functionality
• Some might say they can cause problems to a database if misused
• Some simply say they are stored procedures with a prefix of xp_

This post will hopefully give a better understanding of what Extended Stored Procedures are, how to identify them and how to restrict public access to them. Also this post will look at identifying permissions upon tables, views and functions to ensure it is not possible for users to directly modify data. Continue reading →

SQL Server has a number of components that allow clients to connect and communicate with it. Microsoft introduced the term, “Surface Area Reduction” as a security measure that involves stopping or disabling unused components. Like the name suggests, it reduces the number of ways that an attacker could try to interrogate the SQL Server. Continue reading →

MS SQL Server is Microsoft’s relational database management system with a large number of features and services. With this coverage, there is a large surface area for attack and vulnerabilities. Fortunately, there are a number of security benchmarks and good practice documents available. This article gives an introduction to the security guidelines available and an overview on what key areas to audit and lock down. Continue reading →