SQL Server Security: How to Protect SQL Server Databases

by Jul 21, 2021

Categories

Tags

Administration agent-based monitoring Agentless Monitoring alert responses alert thresholds alerting Alerts Amazon Aurora Amazon EC2 Amazon RDS Amazon RDS / Aurora Amazon RDS for SQL Server Amazon Redshift Amazon S3 Amazon Web Services (AWS) Analytics application monitoring Aqua Data Studio automation availability Azure Azure SQL Database azure sql managed instance Azure VM backup Backup and recovery backup and restore backup compression backup status Backup Strategy backups big data Blocking bug fixes business architecture business data objects business intelligence business process modeling business process models capacity planning change management cloud cloud database cloud database monitoring cloud infrastructure cloud migration cloud providers Cloud Readiness Cloud Services cloud storage cloud virtual machine cloud VM clusters code completion collaboration compliance compliance audit compliance audits compliance manager compliance reporting conference configuration connect to database cpu Cross Platform custom counters Custom Views customer survey customer testimonials Dark Theme dashboards data analysis Data Analytics data architect data architecture data breaches Data Collector data governance data lakes data lineage data management data model data modeler data modeling data models data privacy data protection data security data security measures data sources data visualization data warehouse database database administration database administrator database automation database backup database backups database capacity database changes database community database connection database design database developer database developers database development database diversity Database Engine Tuning Advisor database fragmentation database GUI database IDE database indexes database inventory management database locks database management database migration database monitoring database navigation database optimization database performance Database Permissions database platforms database profiling database queries database recovery database replication database restore database schema database security database support database synchronization database tools database transactions database tuning database-as-a-service databases DB Change Manager DB Optimizer DB PowerStudio DB2 DBA DBaaS DBArtisan dBase DBMS DDL Debugging defragmentation Demo diagnostic manager diagnostics dimensional modeling disaster recovery Download drills embedded database Encryption End-user Experience entity-relationship model ER/Studio ER/Studio Data Architect ER/Studio Enterprise Team Edition events execution plans free tools galera cluster GDPR Getting Started Git GitHub Google Cloud Hadoop Healthcare high availability HIPAA Hive hybrid clouds Hyper-V IDERA IDERA ACE Index Analyzer index optimization infrastructure as a service (IaaS) infrastructure monitoring installation Integrated Development Environment interbase Inventory Manager IT infrastructure Java JD Edwards JSON licensing load test load testing logical data model macOS macros managed cloud database managed cloud databases MariaDB memory memorystorage memoryusage metadata metric baselines metric thresholds Microsoft Azure Microsoft Azure SQL Database Microsoft PowerShell Microsoft SQL Server Microsoft Windows MongoDB monitoring Monitoring Tools Monyog multiple platforms MySQL news newsletter NoSQL Notifications odbc optimization Oracle PeopleSoft performance Performance Dashboards performance metrics performance monitoring performance schema performance tuning personally identifiable information physical data model Platform platform as a service (PaaS) PostgreSQL Precise Precise for Databases Precise for Oracle Precise for SQL Server Precise Management Database (PMDB) product updates Project Migration public clouds Query Analyzer query builder query monitor query optimization query performance Query Store query tool query tuning query-level waits Rapid SQL rdbms real time monitoring Real User Monitoring recovery regulations relational databases Releases Reporting Reports repository Restore reverse engineering Roadmap sample SAP Scalability Security Policy Security Practices server monitoring Server performance server-level waits Service Level Agreement SkySQL slow query SNMP snowflake source control SQL SQL Admin Toolset SQL CM SQL code SQL coding SQL Compliance Manager SQL Defrag Manager sql development SQL Diagnostic Manager SQL Diagnostic Manager for MySQL SQL Diagnostic Manager for SQL Server SQL Diagnostic Manager Pro SQL DM SQL Doctor SQL Enterprise Job Manager SQl IM SQL Inventory Manager SQL Management Suite SQL Monitoring SQL Performance SQL Quality SQL query SQL Query Tuner SQL Safe Backup SQL script SQL Secure SQL Security Suite SQL Server sql server alert SQL Server Migration SQL Server Performance SQL Server Recommendations SQL Server Security SQL statement history SQL tuning SQL Virtual Database sqlmemory sqlserver SQLyog Storage Storage Performance structured data Subversion Support tempdb tempdb data temporal data Tips and Tricks troubleshooting universal data models universal mapping unstructured data Uptime Infrastructure Monitor user experience user permissions Virtual Machine (VM) web services webinar What-if analysis WindowsPowerShell

For organizations leveraging SQL Server databases, SQL Server security and understanding how to protect SQL Server databases is a fundamental capability.

There is no denying that security is of the utmost concern across the information technology (IT) field these days. The prevalence of data breaches, ransomware attacks, and other forms of cybercrime makes it imperative that organizations take every possible precaution to protect SQL Server databases.

Robust SQL Server security demands a multi-faceted approach that emphasizes protecting systems from unauthorized use and implementing a reliable backup and recovery methodology.

Despite the best efforts designed to eliminate the presence of unwelcome visitors, the possibility always exists that systems can be compromised. In those cases, the most effective remedy may be to restore the systems using a recent backup.

The Real and Diverse Risks to SQL Server Databases 

An organization’s databases contain the information that makes up its most valuable resources. As with many things of value, the data’s worth attracts criminals intent on using the assets for nefarious purposes.

Cybercriminals may want to use stolen data like credit card numbers directly for financial gain. The current scourge of ransomware demonstrates the lengths to which malicious criminals will go in their quest for illicit gains. 

Recent SQL Server Malware

Some fairly recent examples of targeted attacks on SQL Servers serve to illustrate the dangers faced by companies every day:

MrbMiner

This malware variant installs cryptomining software in compromised SQL Servers. While cryptomining in itself is not destructive, the malware steals the system resources of infected servers to perform the intensive calculations required to mine cryptocurrency. 

This can lead to performance problems as well as issues such as overheating affecting hardware components. 

Hackers gained entry to the SQL Servers using a brute-force attack focused on the presence of weak passwords. The use of weak passwords is a problem throughout the IT industry and often provides the access hackers need to launch their attacks.

Vollgar

This hacking campaign also used weak passwords to infect SQL Servers with malware and cryptomining code. After gaining entry to the machines, hackers installed multiple backdoors capable of executing all types of malicious software including cryptomining and remote access tools. 

Some victims were reinfected after the software was removed due to the absence of root cause analysis to address the vulnerabilities identified by the hackers.

 

The Winnti Group

A Chinese-backed team of hackers named the Winnti Group is being blamed for malware used to persist on Microsoft SQL Server (MSSQL) systems. 

The group installs a malicious tool called skip-2.0 tool that allows attackers to connect to any database account using what is termed a “Magic Password.” 

The malware covers its tracks and attempts to keep all signs of its activity from appearing in system security logs. This malware can remain hidden on a system and used at any time by hackers to cause damage or compromise data. 

An intrusion that delivers any type of malware can be used to implant ransomware or other malicious programs. Companies need to try to keep the doors of their SQL Server locked tightly to avoid uninvited guests. 

Defending Enterprise SQL Servers

The two main components required to protect against cybercriminals are controlling access to enterprise databases and ensuring reliable backups are created regularly. 

Protecting an organization’s SQL Servers from unauthorized access is the first line of defense. This includes keeping hackers from outside the organization away from the systems as well as maintaining tight control over internal actors.

Visibility into which employees have access and what information they can touch is a critically important part of securing enterprise data resources. Unfortunately, a growing number of data breaches are initiated by malicious insiders, making it substantially more difficult to lock down IT resources.

No defense is perfect, and in the current environment of widespread ransomware attacks, a single instance of unauthorized access can be devastating. A viable defense against ransomware and other malicious malware is to always have recent backups available to restore all production SQL Server databases.

Backups should not exist in a vacuum and need to be used according to a well-crafted disaster recovery plan. The plan needs to consider items like the recovery time objective (RTO) and recovery point objective (RPO) required to keep the business operational. 

Watch: Creating a Disaster Recovery Plan

Two Tools for Providing Enhanced Database Protection

IDERA’s dedicated SQL Server database tools address SQL Server security. Two tools specifically provide the means with which to enforce strong access controls and maintain the backups required to restore systems quickly.

SQL Secure gives database teams visibility into who can do what, where, and how on enterprise SQL Server databases. The tool is an automated solution for analyzing, monitoring, and reporting on security access rights for SQL Servers.

Teams can analyze effective rights, assess the security of the underlying operating system, and generate security scorecards for all monitored SQL Server instances. A feature that speaks directly to the brute-force attacks mentioned previously is the ability to detect and report on weak or missing passwords.

Try SQL Secure for free!

SQL Safe Backup handles the second part of protecting the SQL Server environment. This backup and recovery solution reduces SQL Server backup and recovery time, minimizes storage requirements, and enables teams to backup a large number of SQL Servers simultaneously.

The tool offers multiple recovery modes including restoring databases immediately by streaming data from backup files to address on-demand user requests while restoring the complete system in the background. This feature can be instrumental in quickly resolving the impact of a ransomware attack and keeping the business running.

Try SQL Safe Backup for free!