Some of these improvements are incremental, such as enhancements to existing SSL support and network login security, while features such as data encryption and user/schema separation bring powerful new protection capabilities.
Security managers are bound to stand up and take notice of these and other dramatic security enhancements to the popular database server.
We'll review some of the most significant of these new and improved features, starting with one of the philosophical mantras of Trustworthy Computing, "Secure by default."
Use Only What You Need
Windows Server 2003, the first showcase for Trustworthy Computing, placed a strong emphasis on disabling non-essential services out of the box. In the past, Microsoft turned on most services by default.
The problem was that users often weren't even aware that these unused services were running--but attackers were. These services increased the surface area of the network, further exposing it to vulnerabilities.
Off by default is the new rule applied religiously to SQL Server 2005. Like its predecessors, SQL Server 2005 arrives with a plethora of new features. DBAs can cherry-pick what they need, enabling features individually through the product's new Surface Area Configuration utility, which enumerates potential exploitation points and turns off unnecessary functionalities.
An example of an exploitable point turned off by default in SQL Server 2005 is xp_cmdshell. This extended stored procedure allows highly privileged users to run Windows commands (like the "dir" command) against the underlying operating system; it's also used by some intrinsic features like replication.
Other examples of off-by-default features are entry points into a SQL Server instance using SQL Server Service Broker (a new messaging system), defined as a Service Broker endpoint. Endpoints aren't defined by default, but through certificate- or Windows-based security. Another security precaution: Broker messaging between instances must be encrypted.
Secure in the knowledge that potentially dangerous services are disabled until they decide otherwise, organizations should conduct a complete analysis to determine when, where, and how to make use of the new SQL Server 2005 features--or whether to use them at all.
For example, when you first install SQL Server 2005, features that must be enabled include services and connections (with separate SQL Server browser and Integration Server services), ad hoc remote queries, non-SQL programming components like COM auto-mation, xp_cmdshell and SQLCLR, and endpoints for Web services and service broker communication. From there, the configuration utility allows you to turn on other SQL Server services, such as Analysis Server and Reporting Services (see chart above).
