Beruflich Dokumente
Kultur Dokumente
Workplan description:
SQL Server 2008 Technical Review
WP:
By:
Date:
WP By Date
Control Category:
[None]
Name: Test Default Accounts & Passwords - SQL Server 2008
Description:
LA-1: General system security settings are appropriate
Risk Statement:
Security and password configurations are not optimized to prevent unauthorized access.
STEP 1
Verify that the sa account has been assigned a complex password, even if Windows Authentication
mode is being used:
All passwords in SQL Server 2008 will appear with a complex hash, even if the password is blank.
To verify that privileged accounts (including the sa account) is assigned a password, attempt to
access the privileged accounts with the Database Administrator.
STEP 2
Verify that the BUILTIN\Administrators login has been removed and replaced with a Windows
group specifically created for database administrators.
Verify that the BUILTIN\Administrators login has been replaced with another Windows group.
Discuss the authorization process for adding users to this group with the administrator.
Client Evidence Request: Provide a report of all system users in the current database, showing
whether default accounts have been updated / deleted. This is typically obtained by executing the
following:
STEP 1: From the [START] menu open SQL Server Management Studio and click on [New Query]
and select the [Results to File] icon or from the command line (click on [START] - [RUN] - type CMD
in the ‘Open:’ text box) type sqlcmd -o 'filename' to launch the SQL Query utility outputting the
results to the filename entered.
STEP 2: Run the following query from within the SQL Query window or sqlcmd utility:
WP By Date
WP By Date
Control Category:
[None]
Name: Test Logging of Unsuccessful Login Attempts - SQL Server 2008
Description:
LA-2: Password settings are appropriate
Risk Statement:
Security and password configurations are not optimized to prevent unauthorized access.
Determine if failed login attempts are audited by reviewing the login auditing setting using SQL
Server Management Studio:
STEP 4: Under [Login auditing], verify that [Both failed and successful logins] is checked.
If failed login attempts are audited, interview the System Administrator to determine the following;
- the procedures for addressing failed login attempts of a suspicious and recurring nature and
WP By Date
Review the file of failed login attempt reports. Identify any failed login attempts of a suspicious
and recurring nature. Determine what actions were taken.
Client Evidence Request: Provide a screenshot of the auditing of failed login attempts using SQL
Server Management Studio:
- the procedures for addressing failed login attempts of a suspicious and recurring nature and
WP By Date
Control Category:
[None]
Name: Test Password Composition - SQL Server 2008
Description:
LA-2: Password settings are appropriate
Risk Statement:
Security and password configurations are not optimized to prevent unauthorized access.
Review the default authentication mode for user logins using SQL Server Management Studio:
If [Windows Authentication mode] is checked, review the password complexity and minimum
password length policies at Windows level:
WP By Date
If [SQL Server and Windows Authentication mode] is checked and SQL Server 2008 is running on
Windows Server 2003, then SQL user accounts can adopt Windows password policy. To review:
STEP 2: Verify that [is_policy_checked] =1, if so Windows account lockout settings apply to the
SQL account
Client Evidence Request: There are two possible Windows authentication modes used to enforce
password complexity and a minimum password length:
If Windows Authentication mode is in use, provide a report showing that Windows Authentication is
being used. This is typically obtained by taking a screenshot of the following:
STEP 1: Click on [START] – [PROGRAMS] – [MICROSOFT SQL SERVER], then click on [SQL
SERVER MANAGEMENT STUDIO] to launch the SQL Server Management tool.
STEP 2: In the left-hand pane, expand the server group, right-click on the server and select Properties.
STEP 3: On the Security Tab, under Authentication, the options are ‘Windows Authentication Mode’
or ‘SQL Server and Windows Authentication Mode’. Take a screenshot of this screen.
If Windows Authentication is in use, provide a report of the password policy, outlining complexity
requirements and minimum password length. This is typically obtained by taking a screenshot of the
following:
STEP 2: Click on [Account Policies] - [Password policy]. Take a screenshot of this screen.
If SQL Server and Windows Authentication mode is in use and SQL Server 2008 is being run on
Windows Server 2003, also provide a report of SQL logins which have Windows Password policy
applied. This is typically obtained by executing the following:
STEP 1: From the [START] menu open SQL Server Management Studio and click on [New Query]
and select the [Results to File] icon or from the command line (click on [START] - [RUN] - type CMD
in the ‘Open:’ text box) type sqlcmd -o 'filename' to launch the SQL Query utility outputting the
results to the filename entered.
STEP 2: Run the following query from within the SQL Query window or sqlcmd utility:
WP By Date