I was wondering if anyone could help with the task of hardening a SQL 2008 instance. I have a basic understanding of the audit and policy definition features of SQL 2008, but I was wondering if anyone knew of a guide that I could follow. I think I can manage through it, but I would love a reference to check against, in the spirit of leaving no stone unturned.
I have been all over MS TechNet and SQLPASS, and haven't found anything. Am I just missing it?
asked Apr 08 '10 at 11:17 AM in Default
Google has a lot to give you: http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=hardening+sql+server+2008
Hopefully these will get you started and undoubtedly lead you to other sources and reference.
answered Apr 08 '10 at 11:49 AM
I am currently working with infrastructure team to becoming PCI compliant by JULY 2010.I started auditing by reading articles about SQL Server Security Audit from sql-performance.com. especially try to read the first three parter article on server, database and OS security. Document your findings and discuss with your team and management and then take ACTION!!
Although the majority of my servers are 2005, it may apply to 2008. Since your environment is sql 2008 I suggest you read about Policy based management and take advantage of it.
Please post here if you find a better resource while working on hardening sql server.
Hope this helps!
answered Apr 08 '10 at 03:11 PM