Monday, March 12, 2012

MSDE Lockdown scripts

We are installing MSDE along with one of our applications.
But with the current security threats, we want to make sure
that the installed MSDE is secure. So is there any lock
down scripts available publicly that can be used for the same.
Thanks in Advance.
hi,
"Arunkumar Viswanathan" <anonymous@.discussions.microsoft.com> ha scritto nel
messaggio news:012101c4904c$0eea0af0$a401280a@.phx.gbl...
> We are installing MSDE along with one of our applications.
> But with the current security threats, we want to make sure
> that the installed MSDE is secure. So is there any lock
> down scripts available publicly that can be used for the same.
not that I'm aware of... anyway, MSDE installs by default disabling network
protocols and with Windows NT authentication only... you only have to set a
strong "sa" password...
this is the *standard*, and should be quite secure... but usually you will
need remote connections (which require TCP/IP or other preferred network
protocol to be enabled) ... if you do not need SQL Server authenticated
connections, you can go with the default "trusted" only...
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.9.1 - DbaMgr ver 0.55.1
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||Hi Andrea,
Thanks for replying. As you rightly said the we have to
provide a strong password to the sa user. But generally in
a stand alone MSDE installation some stored procedures are
given public previleges and that can cause problems with
advanced users. So if you of know of any lock down scripts
pls post the link here.
Thanks
Arunkumar

>--Original Message--
>not that I'm aware of... anyway, MSDE installs by default
disabling network
>protocols and with Windows NT authentication only... you
only have to set a
>strong "sa" password...
>this is the *standard*, and should be quite secure... but
usually you will
>need remote connections (which require TCP/IP or other
preferred network
>protocol to be enabled) ... if you do not need SQL Server
authenticated
>connections, you can go with the default "trusted" only...
>--
>Andrea Montanari (Microsoft MVP - SQL Server)
>http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
>DbaMgr2k ver 0.9.1 - DbaMgr ver 0.55.1
>(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE
2000 a visual
>interface)
>-- remove DMO to reply
>.
>
|||hi Arunkumar,
<anonymous@.discussions.microsoft.com> ha scritto nel messaggio
news:452d01c49052$8853d550$a601280a@.phx.gbl...
> Hi Andrea,
> Thanks for replying. As you rightly said the we have to
> provide a strong password to the sa user. But generally in
> a stand alone MSDE installation some stored procedures are
> given public previleges and that can cause problems with
> advanced users. So if you of know of any lock down scripts
> pls post the link here.
again... unfortunately I do not know one :-(
but, again, it all depends on what you want to secure...
if you mean system stored procedures, usually (at least the problematic,
like xp_cmdshell and so on) they are "protected" requiring sysadmins
privileges
on the other side, if you mena your own procedures, it' up to you to remove
"guest" permission to them =;-D
so I usually remove guest login and deny public involvement... and I do
manage privileges in user's groups...
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.9.1 - DbaMgr ver 0.55.1
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply

No comments:

Post a Comment