Versions Compared

Old Version 5

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version 6

changes.mady.by.user Nadja Pollard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Establishes a realistic entry-level baseline for SQL Server and Azure SQL databases whose third-party applications do not interface with the World Wide Web. This template enforces MSBPA guidelines as well as additional security checks for logins, permissions, and other vulnerabilities.

...

Establishes a more secure baseline for production SQL Server and Azure SQL databases that are configured to support external connectivity while protecting against the most popular intrusion tactics. This template combines the CIS and MSBPA guidelines as well as additional security checks for permissions, configurations, and other vulnerabilities.

...

Enables the maximum security checks for mission-critical SQL Server and Azure SQL databases that support Web-based, B2B, B2C, or external clients to prevent unauthorized disclosure and data tampering. This template combines IDERA Level 1 and Level 2 guidelines with SRR regulations. Also included are additional security checks for auditing, permissions, surface area configurations, and other vulnerabilities.

...

Use the following table to determine which IDERA security level template fits your current security needs and how your environment fits into the overall security maturation model.

IDERA LevelMaturation LevelSecurity LevelTypes of SQL Server InstancesTypes of BusinessRegulatory ModelUnique Security Checks
1 - Basic ProtectionBeginnerBaselineTest, development, and low-risk production instancesServices internal groups by hosting data for third-party applications and does not require connections to external clientsMSBPA plus additional checks
  • SA account has blank password
  • Any SQL Server login has blank password
  • Public server role has been granted permissions
2 - Balanced ProtectionIntermediateMediumAverage production instancesServices internal and external groups that require external connectivity to hosted dataCIS and MSBPA plus additional checks
  • Sysadmins own trustworthy databases
  • Public server role has been granted permissions
  • File permissions on executables are not acceptable
  • SQL logins have weak passwords
3 - Strong ProtectionAdvancedHighMission-critical, sensitive, and high-risk production instancesServices internal and external groups by hosting data for Web-based, B2B, B2C, or external clientsCIS, MSBPA, and SRR, plus additional checks and auditing
  • Required administrative accounts do not exist
  • xp_cmdshell proxy account exists
  • SA account is not using password policy
  • Public database role has unacceptable permissions
  • SSIS database role and stored procedure permissions
  • OS version is at acceptable level

...


IDERA Website | Products | Buy | Support | Community | About Us | Resources | Legal