Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can use the IDERA and industry-standard policy templates built in to into IDERA SQL Secure to further harden your SQL Server SQL Server security model. By creating policies from these templates, you can enforce consistent security settings across your enterprise and proactively assess when and where vulnerabilities exist. You can also customize new policies based on these templates to further address your specific security needs.

Consider using policy templates when you:

  • Must enforce an industry standard such as CIS, SRR, HIPAA, or PCI
  • Need a more robust and comprehensive assessment of your security model than what Microsoft Best Practices can offer

Available templates

CIS for SQL Server 2000

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2000.

CIS for SQL Server 2005

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2005.

CIS for SQL Server 2008

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2008.

CIS for SQL Server 2008 R2

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2008 R2.

CIS for SQL Server 2012

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2012.

CIS for SQL Server 2014

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2014.

CIS for SQL Server 2016

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2016.

CIS for SQL Server 2017

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2017.

CIS for SQL Server 2019

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2019.

CIS for SQL Server 2022

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2022.

DISA-NIST STIG for SQL Server 2012

Enforces security check settings derived from the Defense Information Systems Agency (DISA) National Institute of Standards and Technology (NIST) - SQL Server 2012 STIG.

DISA-NIST STIG for SQL Server 2014

Enforces security check settings derived from the Defense Information Systems Agency (DISA) National Institute of Standards and Technology (NIST) - SQL Server 2014 Instance STIG.

DISA-NIST STIG for SQL Server 2016

Enforces security check settings derived from the Defense Information Systems Agency (DISA) National Institute of Standards and Technology (NIST) - SQL Server 2016 Instance STIG.

European Union General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens' personal data.

HIPAA Guidelines for SQL Server

Leverages the Health Insurance Portability and Accountability Act (HIPAA) guideline as well as the Department of Defense Database Security Technical Implementation Guide (STIG). These guidelines target conditions that undermine the integrity of security, contribute to inefficient security operations and administration or may lead to interruption of production operations for health information that resides on Microsoft SQL Server.

IDERA Idera Level 1 - Basic Protection

Establishes a realistic entry-level baseline for SQL Server and Azure SQL databases whose third-party applications do not interface with the World Wide Web. This template enforces MSBPA guidelines as well as additional security checks for logins, permissions, and other vulnerabilities.

Idera IDERA Level 2 - Balanced Protection

Establishes a more secure baseline for production SQL Server and Azure SQL databases that are configured to support external connectivity while protecting against the most popular intrusion tactics. This template combines the CIS and MSBPA guidelines as well as additional security checks for permissions, configurations, and other vulnerabilities.

Idera IDERA Level 3 - Strong Protection

Enables the maximum security checks for mission-critical SQL Server and Azure SQL databases that support Web-based, B2B, B2C, or external clients to prevent unauthorized disclosure and data tampering. This template combines Idera IDERA Level 1 2 and Level 2 the DISA guidelines with SRR regulations. Also included are additional security checks for auditing, permissions, surface area configurations, and other vulnerabilities.

CIS for SQL Server 2000MS Best Practices Analyzer

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2000, V 1.0, December, 2005.Microsoft SQL Server 2005 Best Practices Analyzer Security Recommendations.

NERC Critical Infrastructure Protection CIS for SQL Server 2005 or later

Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2005, V 1.2.0, January 12, 2010. This version can also be applied to SQL Server 2008 and later.

HIPAA Guidelines for SQL Server

North American Electric Reliability Corporation (NERC) Critical Infrastructure protection

PCI-DSS Guidelines for SQL Server

Enforces security check settings derived from the Payment Card Industry (PCI) v3.0 guideline. This guideline leverages the SQL Server Database Security Readiness Review (SRR) and targets Leverages the Health Insurance Portability and Accountability Act (HIPAA) guideline as well as the Department of Defense Database Security Technical Implementation Guide (STIG) version 8 release 1.7. These guidelines target conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations for health information that resides on Microsoft SQL Server.

MS Best Practices Analyzer

Enforces security check settings derived from the Microsoft SQL Server 2005 Best Practices Analyzer Security Recommendations.

PCI 2.0 Guidelines for SQL Server

Enforces security check settings derived from the Payment Card Industry (PCI) v2.0 regulatory standard. This standard applies to mission-critical databases hosted by internal or external services that store payment card information.

.

SNAC for SQL 2000 SNAC for SQL 2000

Enforces security check settings derived from the Guide to the Secure Configuration and Administration of Microsoft SQL Server SQL Server 2000, Network Applications Team of the Systems, and Network Attack Center (SNAC).

SOX Section 404

Enforces security check settings derived from the Sarbanes-Oxley (SOX) Section 404

SRR Checklist for SQL Server SRR Checklist for SQL Server 2000

Enforces security check settings derived from the DISA for a security readiness review (SRR)  of of a Microsoft SQL Server SQL Server RDBMS installed in a Windows NT or NT or Windows 2000 host operation system environment.

SRR Checklist SRR Checklist for SQL Server SQL Server 2005 or later

Enforces security check settings derived from the Database Security Readiness Review (SRR) v8 r1.7of a Microsoft SQL Server RDBMS. This SRR targets conditions the undermine the integrity of security, contribute to inefficient security operations and administration, and may lead to interruption of production operations. This version can also be applied to SQL Server SQL Server 2008 and later.

Select a template

Use the industry-standard policy templates, such as the CIS for SQL Server for SQL Server 2005 template, when your environment needs to meet the exact security criteria defined by that regulatory organization. However, your environment may contain SQL Server SQL Server instances that only need to follow your corporate security policies. In those cases, you can create new or enhance existing corporate policies based on the built-in Idera IDERA security level templates.

The Idera IDERA Level 1, Level 2, and Level 3 templates allow you to mature your SQL Server SQL Server security model over time, graduating from a solid baseline to an intermediate level to a more advanced and hardened approach. Each level is based on regulatory models and industry best - practices as well as additional security checks that identify vulnerabilities other standards do not address. The default All Servers policy enforces the Idera IDERA Level 2 - Balanced template.

Use the following table to determine which Idera IDERA security level template fits your current security needs and how your environment fits into the overall security maturation model.

Idera
IDERA LevelMaturation LevelSecurity LevelTypes of
SQL Server
SQL Server InstancesTypes of BusinessRegulatory ModelUnique Security Checks
1 - Basic ProtectionBeginnerBaselineTest, development, and low-risk production instancesServices internal groups by hosting data for third-party applications and does not require connections to external clientsMSBPA plus additional checks
  • SA account has a blank password
  • Any SQL Server login has a blank password
  • Public server role has been granted permissions
2 - Balanced ProtectionIntermediateMediumAverage production instancesServices internal and external groups that require external connectivity to hosted dataCIS and MSBPA plus additional checks
  • Sysadmins own trustworthy databases
  • Public server role has been granted permissions
  • File permissions on executables are not acceptable
  • SQL logins have weak passwords
3 - Strong ProtectionAdvancedHighMission-critical, sensitive, and high-risk production instancesServices internal and external groups by hosting data for Web-based, B2B, B2C, or external clientsCIS, MSBPA, and SRR, plus additional checks and auditing
  • Required administrative accounts do not exist
  • xp_cmdshell proxy account exists
  • SA account is not using password policy
  • Public database role has unacceptable permissions
  • SSIS database role and stored procedure permissions
  • OS version is at an acceptable level
Scroll pdf ignore
Excerpt
SQL Secure tells you who has access to what on your SQL Server databases. Learn more > >

...


Newtabfooter
aliasIDERA
urlhttp://www.idera.com
|
Newtabfooter
aliasProducts
urlhttps://www.idera.com/productssolutions/sqlserver
|
Newtabfooter
aliasPurchase
urlhttps://www.idera.com/buynow/onlinestore
|
Newtabfooter
aliasSupport
urlhttps://idera.secure.force.com/
|
Newtabfooter
aliasCommunity
urlhttp://community.idera.com
|
Newtabfooter
aliasResources
urlhttp://www.idera.com/resourcecentral
|
Newtabfooter
aliasAbout Us
urlhttp://www.idera.com/about/aboutus
|
Newtabfooter
aliasLegal
urlhttps://www.idera.com/legal/termsofuse

...