Page History
...
- Must enforce an industry standard such as CIS, SRR, HIPAA, or PCI
- Need a more robust and comprehensive assessment of your security model than what Microsoft Best Practices can offer
Available templates
Idera IDERA Level 1 - Basic Protection
Establishes a realistic entry-level baseline for SQL Server databases whose third-party applications do not interface with the World Wide Web. This template enforces MSBPA guidelines as well as additional security checks for logins, permissions, and other vulnerabilities.
Idera IDERA Level 2 - Balanced Protection
Establishes a more secure baseline for production SQL Server databases that are configured to support external connectivity while protecting against the most popular intrusion tactics. This template combines the CIS and MSBPA guidelines as well as additional security checks for permissions, configurations, and other vulnerabilities.
Idera IDERA Level 3 - Strong Protection
Enables the maximum security checks for mission-critical SQL Server databases that support Web-based, B2B, B2C, or external clients to prevent unauthorized disclosure and data tampering. This template combines Idera IDERA Level 1 and Level 2 guidelines with SRR regulations. Also included are additional security checks for auditing, permissions, surface area configurations, and other vulnerabilities.
...
Use the industry standard policy templates, such as the CIS for SQL Server 2005 template, when your environment needs to meet the exact security criteria defined by that regulatory organization. However, your environment may contain SQL Server instances that only need to follow your corporate security policies. In those cases, you can create new or enhance existing corporate policies based on the built-in Idera IDERA security level templates.
The Idera IDERA Level 1, Level 2, and Level 3 templates allow you to mature your SQL Server security model over time, graduating from a solid baseline to an intermediate level to a more advanced and hardened approach. Each level is based on regulatory models and industry best-practices as well as additional security checks that identify vulnerabilities other standards do not address. The default All Servers policy enforces the Idera IDERA Level 2 - Balanced template.
Use the following table to determine which Idera IDERA security level template fits your current security needs and how your environment fits into the overall security maturation model.
Idera IDERA Level | Maturation Level | Security Level | Types of SQL Server Instances | Types of Business | Regulatory Model | Unique Security Checks |
---|---|---|---|---|---|---|
1 - Basic Protection | Beginner | Baseline | Test, development, and low-risk production instances | Services internal groups by hosting data for third-party applications and does not require connections to external clients | MSBPA plus additional checks |
|
2 - Balanced Protection | Intermediate | Medium | Average production instances | Services internal and external groups that require external connectivity to hosted data | CIS and MSBPA plus additional checks |
|
3 - Strong Protection | Advanced | High | Mission-critical, sensitive, and high-risk production instances | Services internal and external groups by hosting data for Web-based, B2B, B2C, or external clients | CIS, MSBPA, and SRR, plus additional checks and auditing |
|
...