Here are some things you could talk about:
Preferring NT authentication, using server, databse and
application roles to control access to the data, securing
the physical database files using NTFS permissions, using
an unguessable SA password, restricting physical access
to the SQL Server, renaming the Administrator account on
the SQL Server computer, disabling the Guest account,
enabling auditing, using multiprotocol encryption,
setting up SSL, setting up firewalls, isolating SQL
Server from the web server etc.
No comments:
Post a Comment