There are few things as important these days as data security. It seems like there is a major data breach happening daily when you open a newspaper. This is why it’s so important to think about security as you are provisioning a SQL server. Whether you are starting from scratch, or are looking to shore up your security, it is vital that you do so as soon as possible.
When you take security seriously, you can harden the server so you don’t end up with sensitive data about your customers or your own business all over the internet for everybody to see. A data dump like this can literally end a business if it is big enough. In this article, we will go over the steps to take to make sure you have your SQL server 2019 or newer as secure as possible.
1. Isolate the database server
Other applications and services should be kept far apart from the server so it remains isolated. When the database server is isolated, it is a much smaller entity which means that there are fewer areas to exploit to gain entry. There shouldn’t be anything besides the database and the items that serve the database. All other applications that aren’t needed in that server should be kept on others.
To make sure that only authorized traffic can access the database, you should consider putting it on a VLAN, or a restricted network segment. It does depend on the size of the environment, however. This ensures that only an application server will talk directly to the server.
2. Make sure it’s updated
SQL has a lot of security patches that are issued regularly. To make sure that you have those patches it is important to make sure that you are keeping your SQL up to date with the latest version.
Those patches shore up known vulnerabilities and will keep people out that would be able to figure out how to exploit them. Leaving an older version on your server allows those hackers to figure out how to get in through those vulnerabilities and they are always seeking out those older versions.
Make it a point to have a regular patching schedule so that you can update the security regularly which includes a test environment. This will prevent any bugs from popping up and disrupting things and allow you to stay live.
Installing the patches directly into production risks it being down for a while. It is important to know what the patch is fixing as well as to have rollback options set up ahead of time.
3. Restricting SQL traffic
Only SQL traffic should be allowed between designated IP addresses and all other ports should be blocked. That way if an infected client or hacker trying to break in is not able to get access to the database. As a result of these closures, some clients may need to connect directly to the database server.
