We are solidly in the age of the data breach, and companies are justifiably nervous.
But not nearly nervous enough.
Every day, there are new reports of hacks, data leaks, and ransomware attacks that successfully paralyze and maim companies in the public eye. You’d be right to ask, “What is it we’re supposed to do, though?”
The answer is to live in audit mode.
Audit SQL administrator permissions!
One of the biggest issues in business IT is administrator privileges that aren’t locked down. Documented privileges quickly get out of date between new employees coming in, old employees leaving, and various groups and permission changes. And we haven’t even discussed the “weak password” issue!
You must lock down security. A few of the basics are:
- Audit who has administrator rights on all of your SQL Server instances. This will require you to dig into Active Directory groups and subgroups to see who inherits permissions from a parent group.
- Enforce password policy for all logins.
- Limit who has the SA password. Preferably, limit this to “nobody but the DBAs”.
- Check for existing passwords that are too simple.
- If possible, use Windows authentication only. This isn’t always possible, but it’s nice when you can get it.
Best practice: Automate security auditing
Speaking from experience, auditing security is a time-consuming, tedious, and error-prone process. That’s one of the major reasons we created Minion Enterprise. M.E. does all the “grunt work”:
- gathering login and permission information,
- unraveling Active Directory subgroups,
- alerting on logins with newly acquired admin permissions, and
- alerting on weak passwords.
The DBA can then review the results and take action as needed.
Contact us today and we’ll set you up with a trial and audit. You can get your security cleaned up, effortlessly!