|
Name |
Benchmark for SQL Server 2000 |
|
Version |
Version 1 .0 |
|
Status |
Final |
| Creation
Date |
2005-December |
| Revision
Date |
2005-12-15 |
| Product
Category |
Database Management System (DBMS) |
| Vendor |
Microsoft Corporation |
| Product |
Microsoft SQL Server 2000 |
| Product
Version |
Microsoft SQL Server 2000 |
| Product
Role |
Database Server |
|
Checklist
Summary |
This document is derived from research conducted utilizing the SQL Server 2000 environment on Windows 2000 servers and desktops and Windows 2003 servers. This document provides the necessary settings and procedures for the secure installation, setup, configuration, and operation of an MS SQL Server 2000 system. With the use of the settings and procedures in this document, an SQL Server 2000 database may be secured from conventional “out of the box” threats. Recognizing the nature of security cannot and should not be limited to only the application; the scope of this document is not limited to only SQL Server 2000 specific settings or configurations, but also addresses backups, archive logs, “best practices” processes and procedures that are applicable to general software and hardware security. |
| Known
Issues |
Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a "quick fix" for anyone’s information security needs. It is extremely important to conduct testing of security configurations on non-production systems prior to implementing them on production systems. |
| Target
Audience |
Database System Administrators |
| Target
Operational Environment |
Enterprise |
| Checklist
Installation Tools |
Not Available. |
| Rollback
Capability |
Not Available. |
| Testing
Information |
Not Available. |
| NIAP/CMVP
Status |
Not Available. |
| Regulatory
Compliance |
Not Available. |
Comments,
Warnings, Disclaimer, Miscellaneous
|
Refer to Known Issues. |
| Disclaimer |
Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at: http://www.cisecurity.org/sub_form.html |
| Product
Support |
Not Available |
| Submitting
Organization/Authors |
The Center for Internet Security (CIS) |
| Point
of Contact |
windows-feedback@lists.cisecurity.org |
| Sponsor |
Not Available |
| Licensing |
Differs for Public and Private consumers, please read licensing information from the CIS web site located athttp://www.cisecurity.org/sub_form.html
|
| Checklist
Homepage |
http://www.cisecurity.org/ |
| Download
Package |
http://www.cisecurity.org/sub_form.html |
| Integrity |
sha1
(CIS_SQL2000_Benchmark_v1.0.pdf) =
971bdd7897e996c034935f92a42ab334778518bb
sha256 (CIS_SQL2000_Benchmark_v1.0.pdf) =
606fca0f9cf52facecbc783f60a66a5e26dad899
36f29ad1acdc51209fca0a95
|
| Change
History |
Version 1.0: 2005-12-15
|
| Dependency/Requirement |
Not Available.
|
| References |
10 Steps to Help Secure SQL Server 2000, Microsoft
Corporation:
http://www.microsoft.com/sql/techinfo/
administration/2000/security/securingsqlserver.mspx
DISA, Database Security Technical Implementation
Guide version 7, release1, October 2004.
National Security Agency, Guide to the Secure
Configuration and Administration of Microsoft
SQL Server 2000, August 26, 2003.
Microsoft Corporation, SQL Server 2000 SP3 Security
Features and Best Practices: Security Best Practices
Checklist, May 2003: http://www.microsoft.com/technet/prodtechnol/
sql/2000/maintain/sp3sec04.mspx
SQL Server Security Checklist:
http://www.securitymap.net/sdm/docs/
windows/mssql-checklist.html |
| NIST
Identifier |
1093 |
