Database concepts research assignment week 9
Don't use Personal Identifiable Information (PII) in your password such as, Name, User name, Birthday, Pet’s name or Child's name. Don't use any word that can be found in the dictionary as your full password. Don’t use the same password for online banking that you use for social networking or email. Don’t give your password to someone over the phone. Try to use special characters such as non-alphabetic characters. Try to create passwords at with at least eight characters. Try to use a password vault application to protect and help manage your many passwords. Try to change your most critical passwords on a regular basis. The Windows operating system already has authentication functionality built-in. It has to do so. And if you're in a domain environment, there are special computers, called Domain Controllers, where authentication actually takes place. Those systems tend to be treated more security than regular servers, even SQL Servers. And therefore, if the username/password combinations are going to be stored on the most secure systems in the domain, that would be on the domain controllers (as a side note, a hash is what is actually stored there, not the password itself). If you let Windows do the authentication, then SQL Server doesn't have to store anything related to a username/password combination. And it's up to Windows to check the security. In other words, SQL Server is handing off this sort of authentication to processes which do it constantly. That's good, because it also means that if you're a DBA and your organization is large enough to have someone else managing the domain security, then you can leave the authentication to them, which is something they're doing constantly. And you have the option of focusing on what you do best: SQL Server. simply a password that Access prompts you to type in when opening the database. A database can have only one password. You cannot assign a different password to different users. This makes it all-or-nothing authentication, which is a major drawback for enterprise applications. There are two additional problems: if a user knows the database password, she can also change it as long as she can open the database exclusively. When programmatically opening a database, you can specify the database password by using the Password parameter in a DAO connection string or the Password parameter in an ADO Connection. Open method. Because the security provided by a database password is authentication without authorization, it’s not recommended for enterprise applications. User-level security is the only Microsoft Access authentication type that can be used for enterprise applications. It is similar to SQL Server authentication, requiring a username/password to log on. The list of users is maintained through the database and is stored in a separate workgroup information file. Different databases can be associated with different workgroup information files. Each workgroup information file, and each user within the file, is associated with a unique identifier. This means that to be authenticated, the user must use the right username and password for the workgroup information file associated with a particular database. Now for best practices for disaster recovery you should The process of preparing a disaster recovery plan begins by identifying these causes and effects, analyzing their likelihood and severity, and ranking them in terms of their business priority. The ultimate results are a formal assessment of risk, a disaster recovery plan that includes all available recovery mechanisms, and a formalized Disaster Recovery Committee that has responsibility for rehearsing, carrying out, and improving the disaster recovery plan. SQL Server should be hardened after the installation.
After the installation, use the SQL Server Configuration Manager tool in order to disable unnecessary features and services. Install only required components. Recent service packs and critical fixes should be installed for SQL Server and Windows. Windows Authentication mode is more secure than SQL Authentication. If there is still a need to use SQL Authentication – enforce strong password policy. Disable the SA account and rename it. Do not use this account for SQL server management. Change default SQL Server ports associated with the SQL Server installation to keep hackers from port scanning the server. Hide SQL Server instances or disable the SQL Server Browser service. Remove BUILDIN\Administrators group from the SQL Server Logins.
Enable logging SQL Server login attempts.