Posted: Thu Apr 26, 2007 4:24 am Post subject: Questions about securing SQL server
I have read a lot about how to secure MS SQL server in various ways but need some guidances.
I have beening working for a client who has MS SQL database running a managment application in production. The old setup wasn't ideal because the SQL server was also running IIS and web application. Since the client had decided to reconstruct the domain and acquired a new SBS 2003 server, I recommended to make the SQL server as a stand alone server in a workgroup. Everything was fine to this point. One problem for this was that the client application requires a shared network on the SQL server so that the client application can to push files to this network share. I don't feel comfortable to join the SQL server to the new SBS domain; however, I've read about not using the local sysetm account for SQL Server and Agent services. Would they better off leaving the SQL server in a workgroup like it is not or would it be more secure to make it a memeber server, and both services running under a doamin user account? My thoughts were that even if the SQL was comprimised, it wouldn't gained any access to the domain.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!