One of the bigger challenges as you get your footing with your databases and start addressing all sorts of issues of security, compliance and such – is where to start. How do you know what’s missing or needs attention when there are so many different areas that may indeed need attention?
We’ve talked about all sorts of things, from encryption to security for accounts to access rights and so much more. The complete picture of where to look and what you do once you’ve found an issue presents a huge challenge. Add to that whole mix the fact that many times you’re facing a triage situation. You have to take a swing at determining priorities, at figuring out what’s what and where to put your attention most urgently.
There are some great tools in SQL Server Management Studio (SSMS) – and they’re just included – they’re baked into SSMS and ready to help out. The first of these is a huge help in determining what’s calling for your attention the most when it comes to vulnerabilities (and, really, best practices for hardening your database).
If you select the database, go to tasks – then vulnerability assessment, you can follow the prompts and have SSMS run the scan for you, returning all sorts of outstanding information, all nicely prioritized.
The security checks are run against your system, and then a report is produced, with prioritized issues that you can review and get more information about. In many cases, very specific information about your particular system and help and recommendations are included.
As you can see, you can also review the things that are best practices that have passed the review process. You can run this for all of your systems to get a comprehensive look at the types of things you can be considering for “what’s next” and use it to put together the plan to get it done.
It takes the guesswork out of where to start, what things to consider. You can always decide against a given element or determine that it’s been handled in a different way, but at least you’ll know you considered the different things and can be confident that best practices are applied.
As you work through the items presented, the details, scripts and elements to review are shown in the lower pane – it’s a great tool for objectively reviewing, and prioritizing review items, for your system.