https://www.elsevier.com/books/securing-sql-server/cherry/978-1-59749-947-7
[Microsoft’s SQL Server Security Best Practices] (https://learn.microsoft.com/en-us/sql/relational-databases/security/sql-server-security-best-practices?view=sql-server-ver16)
Monitoring SQL Server with Azure Sentinel
Setting Up SQL Audit for STIG Compliance
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
Red-Gate SQL Server Security Blog
Some SQL Server attacks of the past:
- Cobalt Strike on 2022.2.22
- Example of hacking group that targets source code
Tools:
- Windows Defender Application Control to restrict when applications are allowed to run on a server.
- Microsoft’s list of security functions useful in managing security.
- Microsoft’s list of security-related views
- Microsoft’s list of security-related dynamic management views
Free Tools:
- Red-Gate Free Tools
- Idera Free Tools
- Solar Winds Free Tools
- Sentry One Plan Explorer
- ScaleSQL Free Tools
- Microsoft Tools
CIS:
1.1 Latest Service Packs
1.2 Dedicate server to SQL Server
2.1 Ad Hoc
2.2 CLR enabled
2.3 Cross DB
2.4 Mail
2.5 Ole Auto
2.6 Remote Access
2.7 Remote Admin
2.8 Startup procs
2.9 Trustworth
2.10 - Protocols
2.11 - Ports
2/12 - Hide instance
2.13 - [disable sa] (/docs/auth/authentication/)
2/14 - rename sa
2.15 - autoclose off
2.16 - no sa login
2.17 - clr strict
3.1 Win Auth
3.2 Connect Perm
3.3 Orphan Users
3.4 SQL Auth contained dbs
3. - SQL Service acct
3.6 SQ Agent acct
3.7 Full text acct
3.8 default perms public
3.9 builtin groups not sql
3.10 win local groups not logins
3.11 public role msdb not granted
4.1 must change sql on
4.2 check exp on
4.3 check policy on
5.1 max err logs
5.2 default trace enabled
5.3 log failed
55.4 capture both audit
6.1 sanitize db input
6.2 clr assm perm
7.1 - sym key
7.2 asym key
8.1 browser service