Document 6510807

Transcription

Document 6510807
Your Question
Article: 00083
Question:
How to Secure SQL Server 2000?
Net Report Answer
Introduction
This Article explains ten tasks you can do today to improve the security of your SQL Server
installation:
Task 1: Installing the Most Recent Service Pack.
Task 2: Assessing Your Servers Security with Microsoft Baseline Security Analyzer
(MBSA).
Task 3: Using Windows Authentication Mode.
Task 4: Isolating Your Server and Backing It Up Regularly.
Task 5: Assigning a Strong sa Password.
Task 6: Limiting the Privilege Level of SQL Server Services.
Task 7: Disabling SQL Server Ports on Your Firewall.
Task 8: Using the Most Secure File System.
Task 9: Deleting or Securing Old Setup Files.
Task 10: Auditing Connections to SQL Server.
Appendix A: Ongoing Security Maintenance
1
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Table of Contents
Page
Table of Contents ..................................................................................... 2
Task 1: Installing the Most Recent Service Pack. ..................................... 3
1.1 Downloading SQL Server 2000 Service Pack 3a (SP3a) ................................................. 3
1.2 Installing Security Patches ........................................................................................ 3
Task 2: Assessing Your Servers Security with MBSA ................................ 4
2.1 Introducing MBSA.................................................................................................... 4
2.2 Introducing MBSA Tests on SQL Server Installations ..................................................... 4
Task 3: Using Windows Authentication Mode........................................... 5
3.1 Introducing Windows Authentication Mode .................................................................. 5
3.2 Setting up Windows Authentication Mode Security........................................................ 5
3.3 Finding More Information on Windows Authentication Mode ........................................... 5
Task 4: Isolating Your Server and Backing It Up Regularly...................... 6
Task 5: Assigning a Strong sa Password. ................................................. 7
5.1 Introducing the sa Account ....................................................................................... 7
5.2 Assigning an sa Password ......................................................................................... 7
5.3 Finding More Information on System Administrator Login .............................................. 7
Task 6: Limiting the Privilege Level of SQL Server Services. .................... 8
6.1 Introducing Privilege ................................................................................................ 8
6.2 Introducing the Recommended Settings...................................................................... 8
6.3 Changing the Account Associated with an SQL Server Service ........................................ 9
Task
Task
Task
Task
7: Disabling SQL Server Ports on Your Firewall. ............................ 10
8: Using the Most Secure File System. ........................................... 11
9: Deleting or Securing Old Setup Files.......................................... 12
10: Auditing Connections to SQL Server. ....................................... 13
10.1 Introducing SQL Server Event Information Logging................................................... 13
10.2 Enabling the Auditing of Failed Connections with the Enterprise Manager in SQL Server . 13
10.3 Finding More Information ...................................................................................... 13
Appendix A: Ongoing Security Maintenance........................................... 15
A1
A2
A3
A4
Introducing Security Maintenance ............................................................................. 15
Scanning and Updating SQL Server Security............................................................... 15
Introducing Additional Security Resources.................................................................. 15
Further Information ................................................................................................ 15
2
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 1: Installing the Most Recent Service Pack.
This section covers the following topics:
Downloading SQL Server 2000 Service Pack 3a (SP3a)
Installing Security Patches.
1.1 Downloading SQL Server 2000 Service Pack 3a (SP3a)
To improve the security of your server upgrade it to SQL Server 2000 Service Pack 3a (SP3a). To
download SP3a, visit the SQL Server 2000 SP3a page at:
http://www.microsoft.com/sql/downloads/2000/sp3.asp
1.2 Installing Security Patches
Install all security patches as they are released. To sign up to be notified by e-mail of new
security patches, please visit the Product Security Notification page at:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
3
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 2: Assessing Your Servers Security with MBSA
This section covers the following topics:
2.1 Introducing MBSA.
2.2 Introducing MBSA Tests on SQL Server Installations.
2.1 Introducing MBSA
Microsoft Baseline Security Analyzer (MBSA) is a tool that scans for common insecure
configurations in several Microsoft products including SQL Server and Microsoft SQL Server 2000
Desktop Engine (MSDE 2000). It can be run locally or over a network.
2.2 Introducing MBSA Tests on SQL Server Installations
MBSA tests SQL Server installations for problems such as:
•
•
•
•
•
•
•
•
•
•
•
•
•
Too many members of the sysadmin fixed server role.
Granting of right to create CmdExec jobs to roles other than sysadmin.
Blank or trivial passwords.
Weak authentication mode.
Excessive rights granted to the Administrators group.
Incorrect access control lists (ACLs) on SQL Server data directories.
Plaintext sa password in setup files.
Excessive rights granted to the guest account.
SQL Server running on a system that is also a domain controller.
Improper configuration of the Everyone group, providing access to certain registry keys.
Improper configuration of SQL Server service accounts.
Missing service packs and security updates.
Microsoft distributes MBSA as a free download. For complete documentation and the latest
version of MBSA, visit the MBSA page at:
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
4
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 3: Using Windows Authentication Mode.
This section covers the following topics:
3.1 Introducing Windows Authentication Mode.
3.2 Setting up Windows Authentication Mode Security.
3.3 Finding More Information on Windows Authentication Mode.
3.1 Introducing Windows Authentication Mode
Whenever possible, you should require Windows Authentication Mode for connections to SQL
Server. This will shield your SQL Server installation from most Internet-based attacks by
restricting connections to Microsoft Windows user and domain user accounts. Your server will also
benefit from Windows security enforcement mechanisms such as stronger authentication
protocols and mandatory password complexity and expiration. Also, credentials delegation (the
ability to bridge credentials across multiple servers) is only available in Windows Authentication
Mode. On the client side, Windows Authentication Mode eliminates the need to store passwords,
which is a major vulnerability in applications that use standard SQL Server logins.
3.2 Setting up Windows Authentication Mode Security
To set up Windows Authentication Mode security with Enterprise Manager in SQL Server please
follow the steps below:
Steps
1. Expand a server group.
2. Right-click a server and then click Properties.
3. Click Windows only on the Security tab, under Authentication.
3.3 Finding More Information on Windows Authentication Mode
For more information, please see the "Authentication Mode" topic in SQL Server Books Online or
on MSDN at:
http://msdn.microsoft.com/library/en-us/instsql/in_runsetup_6p9v.asp
5
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 4: Isolating Your Server and Backing It Up Regularly.
Physical and logical isolation make up the foundation of SQL Server security. Machines hosting a
database should be in a physically protected location, ideally a locked machine room with
monitored flood detection and fire detection/suppression systems. Databases should be installed
in the secure zone of your corporate intranet and never directly connected to the Internet. Back
up all data regularly and store copies in a secure off-site location.
6
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 5: Assigning a Strong sa Password.
This section covers the following topics:
5.1 Introducing the sa Account.
5.2 Assigning an sa Password.
5.3 Finding More Information on System Administrator Login
5.1 Introducing the sa Account
The sa (System Administrator) account should always have a strong password, even on servers
that are configured to require Windows Authentication. This will ensure that a blank or weak sa
password is not exposed in the future if the server is reconfigured for Mixed Mode Authentication.
5.2 Assigning an sa Password
To assign the sa password please follow the steps below:
Steps
1. Expand a server group, and then expand a server.
2. Expand Security, and then click Logins.
3. Right-click SA in the details pane, and then click Properties.
4. Type the new password in the Password box,.
5.3 Finding More Information on System Administrator Login
For more information, see the "System Administrator (sa) Login" topic in SQL Server Books Online
or on MSDN at:
http://msdn.microsoft.com/library/en-us/adminsql/ad_security_8soe.asp
7
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 6: Limiting the Privilege Level of SQL Server Services.
This section covers the following topics:
6.1 Introducing Privileges.
6.2 Introducing the Recommended Settings
6.3 Changing the Account Associated with an SQL Server Service.
6.1 Introducing Privilege
SQL Server 2000 and SQL Server Agent run as Windows services. Each service must be
associated with a Windows account, from which it derives its security context. SQL Server allows
users of the sa login, and in some cases other users, to access operating system features. These
operating system calls are made with the security context of the account that owns the server
process. If the server is cracked, these operating system calls may be used to extend the attack
to any other resource to which the owning process (the SQL Server service account) has access.
For this reason, it is important to grant only necessary privileges to SQL Server services.
6.2 Introducing the Recommended Settings
The following settings are recommended:
• SQL Server Engine/MSSQLServer
If there are named instances, they will be named MSSQL$InstanceName. Run as a Windows
domain user account with regular user privileges. Do not run as a local system, local
administrator, or domain administrator accounts.
• SQL Server Agent Service/SQLServerAgent
Disable if not required in your environment; otherwise run as a Windows domain user account
with regular user privileges. Do not run as local system, local administrator, or domain
administrator accounts.
Important: SQL Server Agent will need local Windows administrator privileges if one of the
following is true:
• SQL Server Agent connects to SQL Server using standard SQL Server Authentication (not
recommended).
• SQL Server Agent uses a multiserver administration master server (MSX) account that connects
using standard SQL Server Authentication.
• SQL Server Agent runs Microsoft ActiveX script or CmdExec jobs owned by users who are not
members of the sysadmin fixed server role.
8
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
6.3 Changing the Account Associated with an SQL Server Service
If you need to change the account associated with a SQL Server service, use SQL Server
Enterprise Manager. Enterprise Manager will set appropriate permissions on the files and registry
keys used by SQL Server. Never use the Services applet of Microsoft Management Console (in
Control Panel) to change these accounts, because this requires manual adjustment of dozens of
registry and NTFS file system permissions and Microsoft Windows user rights.
For more information, see the Microsoft Knowledge Base article Change the SQL Server Service
Account Without Using SQL Enterprise Manager in SQL Server 2000 at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811&sd=tech
Note: Changes to account information will take effect the next time the service is started. If
you need to change the account associated with SQL Server and SQL Server Agent, you must
apply the change to both services separately using Enterprise Manager.
9
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 7: Disabling SQL Server Ports on Your Firewall.
Default installations of SQL Server monitor TCP port 1433 and UDP port 1434. Configure your
firewall to filter out packets addressed to these ports. Additional ports associated with named
instances should also be blocked at the firewall.
10
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 8: Using the Most Secure File System.
NTFS is the preferred file system for installations of SQL Server. It is more stable and recoverable
than FAT file systems, and enables security options such as file and directory ACLs and file
encryption (EFS). During installation, SQL Server will set appropriate ACLs on registry keys and
files if it detects NTFS. These permissions should not be changed.
With EFS, database files are encrypted under the identity of the account running SQL Server. Only
this account can decrypt the files. If you need to change the account that runs SQL Server, you
should first decrypt the files under the old account, then re-encrypt them under the new account.
11
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 9: Deleting or Securing Old Setup Files.
SQL Server setup files may contain plain-text or weakly encrypted credentials and other sensitive
configuration information that has been logged during installation.
The location of these log files varies depending on which version of SQL Server has been installed.
In SQL Server 2000, the following files may be affected: sqlstp.log, sqlsp.log, and setup.iss in the
<systemdrive>:\Program Files\Microsoft SQL Server\MSSQL\Install folder for a default
installation, and the <systemdrive>:\Program Files\Microsoft SQL Server\ MSSQL$<Instance
Name>\Install folder for named instances.
If the current system is an upgrade from SQL Server version 7.0 installations, the following files
should be checked as well: setup.iss in the %Windir% folder, and sqlsp.log in the Windows Temp
folder.
Microsoft distributes a free utility, Killpwd, which will locate and remove these passwords from
your system. To learn more about this free download, see the Microsoft Knowledge Base article
Service Pack Installation May Save Standard Security Password in File at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;263968&sd=tech
12
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Task 10: Auditing Connections to SQL Server.
This section covers the following topics:
10.1 Introducing SQL Server Event Information Logging.
10.2 Enabling the Auditing of Failed Connections with the Enterprise Manager in SQL
Server.
10.3 Finding More Information.
10.1 Introducing SQL Server Event Information Logging
SQL Server can log event information for review by the system administrator. At a minimum, you
should log failed connection attempts to SQL Server and review the log regularly. When possible,
save these logs to a different hard drive than the one on which data files are stored.
10.2 Enabling the Auditing of Failed Connections with the Enterprise Manager in SQL
Server
To enable auditing of failed connections with the Enterprise Manager in SQL Server, please follow
the steps below:
Steps
1. Expand a server group.
2. Right-click a server, and then click Properties.
3. Click Failure on the Security tab, under Audit Level.
You must stop and restart the server for this setting to take effect.
10.3 Finding More Information
For more information, see "SQL Server 2000 Auditing" on Microsoft TechNet:
http://go.microsoft.com/fwlink/?linkid=14579
See the "Using Audit Logs" topic in SQL Server Books Online:
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp
13
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
See on MSDN at:
http://msdn.microsoft.com/library/en-us/adminsql/ad_security_1yr7.asp
Note: For information on protecting your server against the Slammer worm, visit the Finding
and Fixing Slammer Vulnerabilities page at:
http://www.microsoft.com/sql/techinfo/administration/2000/security/slammer.asp
For detailed information about security features and best practices for SQL Server 2000 Service
Pack 3 (SP3), read the article "Microsoft SQL Server 2000 SP3 Security Features and Best
Practices" at:
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec01.mspx
14
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net
Appendix A: Ongoing Security Maintenance
This section covers the following topics:
A1
A2
A3
A4
Introducing Security Maintenance.
Scanning and Updating SQL Server Security.
Introducing Additional Security Resources.
Further Information.
A1 Introducing Security Maintenance
Without ongoing maintenance, your system can become vulnerable to new forms of attacks.
Further, the security of your system will degrade over time due to human error of administrators
managing the system.
A2 Scanning and Updating SQL Server Security
Follow these recommended steps on a regular basis:
1. Use the Baseline Security Analyzer regularly to scan and evaluate the security of SQL Server.
See:
http://www.microsoft.com/technet/security/tools/mbsaqa.mspx
2. As new security fixes become available, it is important to apply these new fixes.
A3 Introducing Additional Security Resources
You can find additional information about keeping your SQL Server 2000 servers secure in the
following sources:
•
•
•
•
Microsoft SQL Server 2000 SP3 Security Features and Best Practices
Security Tools
Security Checklists
SQL Server Security Center on TechNet
SQL Server 2000 C2 Administrator's and User's Security Guide
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sqlc2.mspx
A4 Further Information
Please see our Net Report Knowledge Base at:
http://www.netreport.fr/us/support/sup_knowledgebase.asp
15
Copyright © 2005 Net Report. All rights reserved.
http://www.net-report.net