Security
management of SQL server is equally important and you must know that how to
manage it. The most initial step to make your SQL server authentic is password
security, which required management. Whether it is server or database, all the
roles are simplified by security administration by allowing every
individual user inherit permissions granted, denied, or abolished to those
roles. Although there are multiple areas where user has to put the passwords,
which require a proper handling.
SA account is a
special login, which is provided for the complete backward compatibility. It is
assigned to system admin to fix the roles, which cannot be changed. Therefore,
SA account is the most often attacked account and deserves special attention.
Here in this article you will get to know about the various rules to manage
your SA password. Make sure your password must be random, complex, long and
most important not used for multiple instances.
If you are
looking for an efficient way to manage your passwords, it is advisable that
follow the given techniques to keep track of all your passwords, in case of
multiple servers you must use them. There could be multiple ways, here are some
of them:
Store
Password list
If your
number of passwords count is manageable then you can just list them on a sheet
and store that hard copy in a safe location. It is advisable that do not store
the soft copy of this document as it could be a security risk. This is a very
secured way to manage passwords, but could be risky if you have lost the hard
copy.
Somewhere
this method is not very convenient way to manage passwords as at the time of
changing passwords, you have to immediately access this list. If in that case
you are not in the situation to access this list. Then this list might become
incomplete or become wrong over the time. Therefore, it is recommended that you
should opt this method only if you have a reliable and diligent person to take
care of this list.
Use
Cloud storage
If
your organization distributes teams with a rich number of users then, it would
be difficult for you to manage all the passwords in the hard copy format.
Therefore, to manage such large number of password list you can use several
cloud based password management systems that let you to share passwords with
the entire team. Many password management tools allow you to your passwords
locally so that no one can access your passwords except authenticated users,
ever if any other organization using the same password management service.
Local
Password storage
Some
people do not believe on cloud systems, if you are the one, then a local
password store like KeePass, Password Safe, might make more sense to you. Such
local password store facilitates multiple powerful features, which make them
most trustable and secured ways to manage passwords.
With
these tools the password store in encrypted format on a local system. To
encrypt the stored password keys, tool uses powerful algorithms that make it
infeasible for the attacker. These passwords are handled in such a manner that
the system memory will also never store an unencrypted password.
However, these tools also have some
shortcomings as well, but in terms of security they are much better.
Enterprise
Password Managers
If
you belongs to a really big enterprise and have number of servers to manage
then enterprise password management tools might be the best thing you are
looking for.
An
Enterprise password manager not only used to store the passwords, however, they
provide various other features as well. This tool can automatically manage
access auditing and temporary access. This tool can also allow people to
quickly access in case of emergency at the time of creating a 'loud' audit
entry as well as sending relevant notifications to the authenticated people.
These tools can also schedule the time for
regular password change. For example, you can use this feature to change your
SA passwords on monthly or quarterly basis without any user interaction.
Do
not use Password
In
case you do not feel that there is a requirement of any password, so for this
SQL Server also has a feature to disable its Authentication. If this is what
you required then your all the authentication and password management system
completely depends upon Active Directory. In this mode, you are allowed to
control anyone's access up to a particular limit by just including the account
into the appropriate AD group, this action can be easily analyzed.
Additionally, You will also have a simple process to take all those accounts
back out of those groups after a particular interval.
The
best advantage of this approach is, that you do not have to manage multiple
passwords therefore do not have any risk of security in terms of loss
passwords. Here you can easily disable SQL Authentication, therefore, can say
that it is the most secured way to handle sysadmin access to your SQL Server
instances. Although it is not applicable in every case but this option is
surely a considered to a good one.
Conclusion:
In
the above mentioned information, you can see various ways to manage your SQL
Server SA passwords. Each technique has its own pros and cons, so you have to
choose the one according to your requirements. However, in case after following
a proper way you have lost your password due to any reason then there are professionalSQL password recovery tools
available that can access SQL master database file and allow you to reset your
lost or forgotten SQL SA and other individual user passwords. You can choose a
reputed and reliable product if you are facing any of such problems.
About Jyoti Prakash
Jyoti is a Sr. DBA - SQL Server at Stellar Data Recovery and has written several article on SQL Server disaster recovery planning & fixing. In addition, she spend her time on Technical forums helping people with the issues related to SQL server.