Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Upgrade tools, debug symbols, replication support, books online, and development tools are not installed on the production server. |
|
| Microsoft SQL Server is not installed on a domain controller. |
|
| SQL Server Agent is not installed if it is not being used by any application. |
|
| SQL Server is installed on a dedicated database server. |
|
| SQL Server is installed on an NTFS partition. |
|
| Windows Authentication mode is selected unless SQL Server Authentication is specifically required, in which case Mixed Mode is selected. |
|
| A strong password is applied for the sa account or any other member of the sysadmin role. (Use strong passwords for all accounts.) |
|
| The database server is physically secured. |
Категории