Hardening SQL Server Security

Three part article on hardening SQL Server Security:

• The SQL Server Defensive Dozen Part 1 – Hardening SQL Network Components
• The SQL Server Defensive Dozen Part 2 – SQL Server Encryption, Key Management, And Data-At-Rest Encryption
• The SQL Server Defensive Dozen – Part 3: Authentication and Authorization in SQL Server

Below are some Microsoft recommended best practices for network settings:

• Enable Windows Firewall and limit the network protocols supported.
• Do not enable network protocols unless they are needed.
• Disable NETBIOS and SMB protocol unless specifically needed.
• Do not expose a server that is running SQL Server to the public Internet.
• Configure named instances of SQL Server to use specific port assignments for TCP/IP rather than dynamic ports.
• Use extended protection in SQL Server 2012 if the client and operating system support it.
• Grant CONNECT permission only on endpoints to logins that need to use them. Explicitly deny CONNECT permission to endpoints that are not needed by users or groups.