Your system and network admins may think everything is up to snuff with your database environment, but we know from performing SQL Server health checks & security audits for businesses across a variety of industries that most database servers are poorly configured. Often, small changes lead to significant improvements in performance and reliability. Since environments are constantly changing with newly added databases, new reports, changing permissions, etc. regular health checks and security audits are a must.
When was your last checkup?
Microsoft SQL Server is easy for any IT professional to install, but if your database servers were configured without expert knowledge and industry experience, they are likely not in great shape. You should consider a top-to-bottom analysis of your SQL Server environment on a regular basis including:
- SQL Server Settings: max memory, trace flags, optimize for ad hoc workloads, etc.
- Database Settings: database file locations, growth settings, VLF fragmentation, etc.
- SAN: physical disk evaluation
- VMware/Hyper-V: vSCSI driver, server template, etc.
- Temp DB: number of files, file locations, growth settings, etc.
- Database Backup & Maintenance: index maintenance, integrity checks, recovery model, etc.
- Memory Pressure
- CPU Pressure
- Disk I/O Pressure
- Indexing: missing indexes, bad indexes, fragmentation
- Operation System: power management settings, what's installed?
- Other: memory dumps, log entries
Who really has access to your database?
It can be an eye-opening experience for IT department leadership when a security audit shows that everyone in the company has full access to their databases (one of our audits revealed that the Active Directory Users group was a member of the sysadmin role in SQL Server). Take it from this real-world example that you cannot trust your own system administrators with limited SQL Server experience to secure your database environment. Do you have a detailed report of who has access to what in your database environment?
IT professionals, consultants, and power users often create huge security holes in your database environment because “it’s easier” or to get it working with a “plan to close the hole later.” Even many 3rd party vendors erroneously tell you they require your “sa password” for installation or worse yet - for the system to function. Did you know that it is best practice to disable the sa account and that anyone in the sysadmin role has the same privileges? Here are some areas you should regularly audit for all your SQL Server instances:
- Configuration & Installation: distributed queries enabled, database mail security, Windows firewall, etc.
- User Security: SA login, users with old or weak passwords, orphan users, etc.
- Programming & Code Vulnerabilities: cmdshell enabled, CLR enabled, etc.
- Permissions: Users in sysadmin, user impersonation settings, access to extended procedures, etc.
Get help from SQL Server experts
Outside experts allow for proper, unbiased investigations of the potential issues with your systems. Contact us today to hire our SQL Server experts to perform regular health checks and security audits of your database infrastructure, maximizing the performance of your environment and making sure your data is safe.
Considering building a new SQL Server instance or cluster? We can also help you start your new database environment on the right foot by scheduling a SQL Server best practices installation and configuration.
To enable comments sign up for a Disqus account and enter your Disqus shortname in the Articulate node settings.